Stack layer / Threat pattern
Mitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)
arXiv
Stack layer / Threat pattern
TRACE Watermarks Agent Trajectories Against Adversaries Who Control the Logs
arXiv
Policy dependency / Threat pattern
Prismata Confines Cross-Site Prompt Injection by Treating Web Agents Like an XSS Problem
arXiv
Policy dependency / Stack layer
Strict data-flow tracking is the only defense that zeroes out ADI — spend its utility cost only on code execution and money
arXiv 2607.05120
Stack layer / Contrast
Super Weights Don't Generalize, and Training Them in Isolation Destroys the Model
arXiv
Stack layer / Contrast
Tool-Making Agents Compile Repeated SOP Steps Into Versioned Tools Before Deployment
arXiv
Stack layer / Contrast
Append runtime nonces to JSON keys and DOM element IDs — a cheap ADI defense that keeps 83% utility
arXiv 2607.05120
Policy dependency / Contrast
Make context compaction a trained policy, not an inference-time heuristic — CompactionRL lifts SWE-bench up to +7 points
arXiv 2607.05378