{"id":"https://openalex.org/W7140195243","doi":"https://doi.org/10.48550/arxiv.2603.21231","title":"When Convenience Becomes Risk: A Semantic View of Under-Specification in Host-Acting Agents","display_name":"When Convenience Becomes Risk: A Semantic View of Under-Specification in Host-Acting Agents","publication_year":2026,"publication_date":"2026-03-22","ids":{"openalex":"https://openalex.org/W7140195243","doi":"https://doi.org/10.48550/arxiv.2603.21231"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.21231","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.21231","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.21231","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Lu, Di","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Lu, Di","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Liao, Yongzhi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liao, Yongzhi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Mu, Xutong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mu, Xutong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Zheng, Lele","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zheng, Lele","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Cheng, Ke","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cheng, Ke","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Dong, Xuewen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dong, Xuewen","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Shen, Yulong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shen, Yulong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Ma, Jianfeng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ma, Jianfeng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.564300000667572,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.564300000667572,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.08020000159740448,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.05920000001788139,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.7257999777793884},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.5938000082969666},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5392000079154968},{"id":"https://openalex.org/keywords/semantic-technology","display_name":"Semantic technology","score":0.37529999017715454},{"id":"https://openalex.org/keywords/semantic-data-model","display_name":"Semantic data model","score":0.35760000348091125},{"id":"https://openalex.org/keywords/taxonomy","display_name":"Taxonomy (biology)","score":0.33090001344680786}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7965999841690063},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.7257999777793884},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.5938000082969666},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5392000079154968},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.40139999985694885},{"id":"https://openalex.org/C6881194","wikidata":"https://www.wikidata.org/wiki/Q7449091","display_name":"Semantic technology","level":4,"score":0.37529999017715454},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3603000044822693},{"id":"https://openalex.org/C90312973","wikidata":"https://www.wikidata.org/wiki/Q7449052","display_name":"Semantic data model","level":2,"score":0.35760000348091125},{"id":"https://openalex.org/C58642233","wikidata":"https://www.wikidata.org/wiki/Q8269924","display_name":"Taxonomy (biology)","level":2,"score":0.33090001344680786},{"id":"https://openalex.org/C50335755","wikidata":"https://www.wikidata.org/wiki/Q483247","display_name":"Phenomenon","level":2,"score":0.31369999051094055},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.29249998927116394},{"id":"https://openalex.org/C146499914","wikidata":"https://www.wikidata.org/wiki/Q5469969","display_name":"Formal semantics (linguistics)","level":2,"score":0.2628999948501587},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2549999952316284}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.21231","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.21231","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.21231","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.21231","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.6154959797859192,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Host-acting":[0],"agents":[1,130],"promise":[2],"a":[3,26,54,85,90],"convenient":[4],"interaction":[5],"model":[6],"in":[7,32],"which":[8,135],"users":[9],"specify":[10],"goals":[11],"and":[12,49,65,97,106,120],"the":[13,56,75,99],"system":[14],"determines":[15],"how":[16,144],"to":[17],"realize":[18],"them.":[19],"We":[20,109],"argue":[21],"that":[22,127],"this":[23,66,81],"convenience":[24],"introduces":[25],"distinct":[27],"security":[28],"problem:":[29],"semantic":[30,86],"under-specification":[31],"goal":[33,77],"specification.":[34],"User":[35],"instructions":[36,146],"are":[37,137,147],"typically":[38],"goal-oriented,":[39],"yet":[40],"they":[41],"often":[42],"leave":[43],"process":[44],"constraints,":[45],"safety":[46],"boundaries,":[47],"persistence,":[48],"exposure":[50],"insufficiently":[51],"specified.":[52],"As":[53],"result,":[55],"agent":[57],"must":[58],"complete":[59],"missing":[60],"execution":[61,117,140],"semantics":[62],"before":[63],"acting,":[64],"completion":[67,95],"can":[68],"produce":[69],"risky":[70,94,122],"host-side":[71],"plans":[72],"even":[73],"when":[74],"user-stated":[76],"is":[78],"benign.":[79],"In":[80],"paper,":[82],"we":[83],"develop":[84],"threat":[87],"model,":[88],"present":[89],"taxonomy":[91],"of":[92],"semantic-induced":[93],"patterns,":[96],"study":[98,105],"phenomenon":[100],"through":[101],"an":[102],"OpenClaw-centered":[103],"case":[104],"execution-trace":[107],"analysis.":[108],"further":[110],"derive":[111],"defense":[112],"design":[113],"principles":[114],"for":[115],"making":[116],"boundaries":[118],"explicit":[119],"constraining":[121],"completion.":[123],"These":[124],"findings":[125],"suggest":[126],"securing":[128],"host-acting":[129],"requires":[131],"governing":[132],"not":[133],"only":[134],"actions":[136],"allowed":[138],"at":[139],"time,":[141],"but":[142],"also":[143],"goal-only":[145],"translated":[148],"into":[149],"executable":[150],"plans.":[151]},"counts_by_year":[],"updated_date":"2026-04-25T08:17:42.794288","created_date":"2026-03-25T00:00:00"}