{"id":"https://openalex.org/W4416942889","doi":"https://doi.org/10.48550/arxiv.2511.21990","title":"A Safety and Security Framework for Real-World Agentic Systems","display_name":"A Safety and Security Framework for Real-World Agentic Systems","publication_year":2025,"publication_date":"2025-11-27","ids":{"openalex":"https://openalex.org/W4416942889","doi":"https://doi.org/10.48550/arxiv.2511.21990"},"language":null,"primary_location":{"id":"pmh:oai:arXiv.org:2511.21990","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.21990","pdf_url":"https://arxiv.org/pdf/2511.21990","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2511.21990","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027156022","display_name":"Shaona Ghosh","orcid":"https://orcid.org/0000-0003-4658-5174"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ghosh, Shaona","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002030695","display_name":"Barnaby Simkin","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Simkin, Barnaby","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115902605","display_name":"Kyriacos Shiarlis","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shiarlis, Kyriacos","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032077355","display_name":"Somnath Nandi","orcid":"https://orcid.org/0000-0001-5131-4171"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nandi, Soumili","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100624303","display_name":"Dan Zhao","orcid":"https://orcid.org/0000-0002-4484-6505"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhao, Dan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051117813","display_name":"Markus Fiedler","orcid":"https://orcid.org/0000-0001-8929-4911"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fiedler, Matthew","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115902612","display_name":"Julia Bazi\u0144ska","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bazinska, Julia","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007866511","display_name":"Nolan Pope","orcid":"https://orcid.org/0000-0002-2497-2379"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pope, Nikki","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107860194","display_name":"R. Prabhu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Prabhu, Roopa","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039475554","display_name":"Daniel Rohrer","orcid":"https://orcid.org/0000-0003-2013-6370"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rohrer, Daniel","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120538805","display_name":"Michael Demoret","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Demoret, Michael","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5004540207","display_name":"Bartley Richardson","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Richardson, Bartley","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":12,"corresponding_author_ids":["https://openalex.org/A5027156022"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.19020000100135803,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.19020000100135803,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.1298000067472458,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10456","display_name":"Multi-Agent Systems and Negotiation","score":0.10589999705553055,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[],"concepts":[],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2511.21990","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.21990","pdf_url":"https://arxiv.org/pdf/2511.21990","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2511.21990","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2511.21990","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2511.21990","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.21990","pdf_url":"https://arxiv.org/pdf/2511.21990","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"This":[0,223],"paper":[1],"introduces":[2],"a":[3,51,79,137,198],"dynamic":[4,37,138],"and":[5,20,43,70,76,110,124,141,155,167,180,215,252],"actionable":[6],"framework":[7,143,195],"for":[8,67],"securing":[9],"agentic":[10,58,71,88,103,116,139,147,183,205,221,229,257,264],"AI":[11,153],"systems":[12],"in":[13,73,87,162,218,263],"enterprise":[14],"deployment.":[15],"We":[16,49,169,192,236],"contend":[17],"that":[18,106,144,231],"safety":[19,75,86,109,140,179,214],"security":[21,77,111,142,181,216],"are":[22,232],"not":[23],"merely":[24],"fixed":[25],"attributes":[26],"of":[27,54,56,63,85,133,173,178,182,202,247,255],"individual":[28],"models":[29,72,154],"but":[30],"also":[31,237],"emergent":[32],"properties":[33],"arising":[34],"from":[35,241],"the":[36,61,83,131,174,194,239,256],"interactions":[38],"among":[39,128],"models,":[40],"orchestrators,":[41],"tools,":[42],"data":[44],"within":[45],"their":[46],"operating":[47],"environments.":[48],"propose":[50],"new":[52],"way":[53],"identification":[55],"novel":[57,228],"risks":[59,230],"through":[60,82,187,197],"lens":[62,84],"user":[64],"safety.":[65,265],"Although,":[66],"traditional":[68,108],"LLMs":[69],"isolation,":[74],"has":[78],"clear":[80],"separation,":[81],"systems,":[89],"they":[90],"appear":[91],"to":[92,160,259],"be":[93],"connected.":[94],"Building":[95],"on":[96],"this":[97],"foundation,":[98],"we":[99],"define":[100],"an":[101],"operational":[102],"risk":[104,148,164,185,224],"taxonomy":[105],"unifies":[107],"concerns":[112],"with":[113,157],"novel,":[114],"uniquely":[115],"risks,":[117],"including":[118],"tool":[119],"misuse,":[120],"cascading":[121],"action":[122],"chains,":[123],"unintended":[125],"control":[126],"amplification":[127],"others.":[129],"At":[130],"core":[132],"our":[134,242],"approach":[135],"is":[136],"operationalizes":[145],"contextual":[146,163],"management":[149],"by":[150],"using":[151],"auxiliary":[152],"agents,":[156],"human":[158],"oversight,":[159],"assist":[161],"discovery,":[165],"evaluation,":[166],"mitigation.":[168],"further":[170],"address":[171],"one":[172],"most":[175],"challenging":[176],"aspects":[177],"systems:":[184],"discovery":[186,225],"sandboxed,":[188],"AI-driven":[189],"red":[190],"teaming.":[191],"demonstrate":[193],"effectiveness":[196],"detailed":[199],"case":[200,243],"study":[201],"NVIDIA":[203],"flagship":[204],"research":[206,262],"assistant,":[207],"AI-Q":[208],"Research":[209],"Assistant,":[210],"showcasing":[211],"practical,":[212],"end-to-end":[213],"evaluations":[217],"complex,":[219],"enterprise-grade":[220],"workflows.":[222],"phase":[226],"finds":[227],"then":[233],"contextually":[234],"mitigated.":[235],"release":[238],"dataset":[240],"study,":[244],"containing":[245],"traces":[246],"over":[248],"10,000":[249],"realistic":[250],"attack":[251],"defense":[253],"executions":[254],"workflow":[258],"help":[260],"advance":[261]},"counts_by_year":[],"updated_date":"2026-03-03T08:47:05.690250","created_date":"2025-12-03T00:00:00"}