SafeAgent: Runtime Protection Architecture Separates Execution Governance from Context-Aware Security Reasoning
Published April 19 on arXiv, SafeAgent proposes a two-layer runtime protection architecture for agentic systems: a Controller that wraps the agent loop and mediates all tool execution, and a Core that performs stateful risk assessment using risk encoding, utility-cost evaluation, consequence modeling, and policy arbitration. Rather than relying on prompt-level constraints, SafeAgent enforces a priority order where system/developer constraints dominate user requests and tool outputs remain untrusted. Evaluations on Agent Security Bench (2,040 cases) and InjecAgent (1,054 tasks) show improved robustness over baseline and text-level guardrails while maintaining competitive benign-task performance.
Source
↳ Follow the thread