{"id":"https://openalex.org/W7140324317","doi":"https://doi.org/10.48550/arxiv.2603.22853","title":"Agent Audit: A Security Analysis System for LLM Agent Applications","display_name":"Agent Audit: A Security Analysis System for LLM Agent Applications","publication_year":2026,"publication_date":"2026-03-24","ids":{"openalex":"https://openalex.org/W7140324317","doi":"https://doi.org/10.48550/arxiv.2603.22853"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.22853","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.22853","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.22853","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129694870","display_name":"Haiyue Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Haiyue","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130629055","display_name":"Yi Nian","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nian, Yi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5130591503","display_name":"Yue Zhao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhao, Yue","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10456","display_name":"Multi-Agent Systems and Negotiation","score":0.28450000286102295,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10456","display_name":"Multi-Agent Systems and Negotiation","score":0.28450000286102295,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.14890000224113464,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.10570000112056732,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.630299985408783},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.5724999904632568},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5715000033378601},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4668999910354614},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4438000023365021},{"id":"https://openalex.org/keywords/mobile-agent","display_name":"Mobile agent","score":0.4041000008583069},{"id":"https://openalex.org/keywords/audit-trail","display_name":"Audit trail","score":0.39070001244544983},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.3887999951839447},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.37459999322891235}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7508000135421753},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.630299985408783},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.5724999904632568},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5715000033378601},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5317000150680542},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4668999910354614},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4478999972343445},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4438000023365021},{"id":"https://openalex.org/C84875433","wikidata":"https://www.wikidata.org/wiki/Q3277848","display_name":"Mobile agent","level":2,"score":0.4041000008583069},{"id":"https://openalex.org/C80958533","wikidata":"https://www.wikidata.org/wiki/Q1047174","display_name":"Audit trail","level":3,"score":0.39070001244544983},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.3887999951839447},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.37459999322891235},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.37369999289512634},{"id":"https://openalex.org/C96324660","wikidata":"https://www.wikidata.org/wiki/Q205446","display_name":"Dataflow","level":2,"score":0.3695000112056732},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.36809998750686646},{"id":"https://openalex.org/C5894958","wikidata":"https://www.wikidata.org/wiki/Q2297769","display_name":"Software agent","level":2,"score":0.3499999940395355},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.3481000065803528},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.34689998626708984},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3379000127315521},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.33180001378059387},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.3264000117778778},{"id":"https://openalex.org/C51929080","wikidata":"https://www.wikidata.org/wiki/Q2425187","display_name":"Codebase","level":3,"score":0.31279999017715454},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.30550000071525574},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.27889999747276306},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.2689000070095062},{"id":"https://openalex.org/C74072328","wikidata":"https://www.wikidata.org/wiki/Q1142726","display_name":"Intelligent agent","level":2,"score":0.26339998841285706},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.26089999079704285},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.2565999925136566},{"id":"https://openalex.org/C116253237","wikidata":"https://www.wikidata.org/wiki/Q1437424","display_name":"Formal specification","level":2,"score":0.2531000077724457}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.22853","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.22853","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.22853","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.22853","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"What":[0],"should":[1],"a":[2,66,120],"developer":[3],"inspect":[4],"before":[5],"deploying":[6],"an":[7,84],"LLM":[8,71],"agent:":[9],"the":[10,12,15,37,167],"model,":[11],"tool":[13,41,184],"code,":[14],"deployment":[16,53,81],"configuration,":[17],"or":[18],"all":[19],"three?":[20],"In":[21,166],"practice,":[22],"many":[23],"security":[24,67,160,181],"failures":[25],"in":[26,52,103,183],"agent":[27,72,78,164,173],"systems":[28],"arise":[29],"not":[30],"from":[31,36],"model":[32],"weights":[33],"alone,":[34],"but":[35],"surrounding":[38],"software":[39],"stack:":[40],"functions":[42],"that":[43,87],"pass":[44],"untrusted":[45],"inputs":[46],"to":[47,192],"dangerous":[48],"operations,":[49],"exposed":[50],"credentials":[51],"artifacts,":[54],"and":[55,80,96,106,116,155,175,187,195,198,205],"over-privileged":[56],"Model":[57],"Context":[58],"Protocol":[59],"(MCP)":[60],"configurations.":[61],"We":[62],"present":[63],"Agent":[64,74,129,150,178],"Audit,":[65],"analysis":[68],"system":[69,100],"for":[70,163,209],"applications.":[73],"Audit":[75,130,151,179],"analyzes":[76],"Python":[77],"code":[79],"artifacts":[82],"through":[83],"agent-aware":[85],"pipeline":[86],"combines":[88],"dataflow":[89],"analysis,":[90],"credential":[91],"detection,":[92],"structured":[93],"configuration":[94,196],"parsing,":[95],"privilege-risk":[97],"checks.":[98],"The":[99],"reports":[101],"findings":[102],"terminal,":[104],"JSON,":[105],"SARIF":[107],"formats,":[108],"enabling":[109],"direct":[110],"integration":[111],"with":[112,125,134],"local":[113],"development":[114],"workflows":[115],"CI/CD":[117],"pipelines.":[118],"On":[119],"benchmark":[121],"of":[122],"22":[123],"samples":[124],"42":[126],"annotated":[127],"vulnerabilities,":[128],"detects":[131],"40":[132],"vulnerabilities":[133],"6":[135],"false":[136],"positives,":[137],"substantially":[138],"improving":[139],"recall":[140],"over":[141],"common":[142],"SAST":[143],"baselines":[144],"while":[145],"maintaining":[146],"sub-second":[147],"scan":[148,171],"times.":[149],"is":[152],"open":[153],"source":[154,193],"installable":[156],"via":[157],"pip,":[158],"making":[159],"auditing":[161],"accessible":[162],"systems.":[165],"live":[168],"demonstration,":[169],"attendees":[170],"vulnerable":[172],"repositories":[174],"observe":[176],"how":[177],"identifies":[180],"risks":[182],"functions,":[185],"prompts,":[186],"more.":[188],"Findings":[189],"are":[190],"linked":[191],"locations":[194],"paths,":[197],"can":[199],"be":[200],"exported":[201],"into":[202],"VS":[203],"Code":[204,207],"GitHub":[206],"Scanning":[208],"interactive":[210],"inspection.":[211]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-03-26T00:00:00"}