English

SafeAgent: A Runtime Protection Architecture for Agentic Systems

Artificial Intelligence 2026-04-21 v1 Multiagent Systems

Abstract

Large language model (LLM) agents are vulnerable to prompt-injection attacks that propagate through multi-step workflows, tool interactions, and persistent context, making input-output filtering alone insufficient for reliable protection. This paper presents SafeAgent, a runtime security architecture that treats agent safety as a stateful decision problem over evolving interaction trajectories. The proposed design separates execution governance from semantic risk reasoning through two coordinated components: a runtime controller that mediates actions around the agent loop and a context-aware decision core that operates over persistent session state. The core is formalized as a context-aware advanced machine intelligence and instantiated through operators for risk encoding, utility-cost evaluation, consequence modeling, policy arbitration, and state synchronization. Experiments on Agent Security Bench (ASB) and InjecAgent show that SafeAgent consistently improves robustness over baseline and text-level guardrail methods while maintaining competitive benign-task performance. Ablation studies further show that recovery confidence and policy weighting determine distinct safety-utility operating points.

Keywords

Cite

@article{arxiv.2604.17562,
  title  = {SafeAgent: A Runtime Protection Architecture for Agentic Systems},
  author = {Hailin Liu and Eugene Ilyushin and Jie Ni and Min Zhu},
  journal= {arXiv preprint arXiv:2604.17562},
  year   = {2026}
}
R2 v1 2026-07-01T12:17:10.420Z