{"id":"https://openalex.org/W7140285860","doi":"https://doi.org/10.48550/arxiv.2603.22868","title":"Agent-Sentry: Bounding LLM Agents via Execution Provenance","display_name":"Agent-Sentry: Bounding LLM Agents via Execution Provenance","publication_year":2026,"publication_date":"2026-03-24","ids":{"openalex":"https://openalex.org/W7140285860","doi":"https://doi.org/10.48550/arxiv.2603.22868"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.22868","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.22868","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.22868","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5130574017","display_name":"Rohan Sequeira","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Sequeira, Rohan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130619305","display_name":"Stavros Damianakis","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Damianakis, Stavros","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130589471","display_name":"Umar Iqbal","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Iqbal, Umar","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5130620704","display_name":"Konstantinos Psounis","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Psounis, Konstantinos","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5130574017"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10456","display_name":"Multi-Agent Systems and Negotiation","score":0.10339999943971634,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10456","display_name":"Multi-Agent Systems and Negotiation","score":0.10339999943971634,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.08889999985694885,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.08129999786615372,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.6158000230789185},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5759999752044678},{"id":"https://openalex.org/keywords/spawn","display_name":"Spawn (biology)","score":0.5619000196456909},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5562999844551086},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5371000170707703},{"id":"https://openalex.org/keywords/bounding-overwatch","display_name":"Bounding overwatch","score":0.5181999802589417},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4717000126838684},{"id":"https://openalex.org/keywords/natural-language","display_name":"Natural language","score":0.3885999917984009}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7807000279426575},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.6158000230789185},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5759999752044678},{"id":"https://openalex.org/C17458331","wikidata":"https://www.wikidata.org/wiki/Q935672","display_name":"Spawn (biology)","level":2,"score":0.5619000196456909},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5562999844551086},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5371000170707703},{"id":"https://openalex.org/C63584917","wikidata":"https://www.wikidata.org/wiki/Q333286","display_name":"Bounding overwatch","level":2,"score":0.5181999802589417},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4717000126838684},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.45989999175071716},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.3885999917984009},{"id":"https://openalex.org/C2777655017","wikidata":"https://www.wikidata.org/wiki/Q1501161","display_name":"Toolbox","level":2,"score":0.3734999895095825},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.32249999046325684},{"id":"https://openalex.org/C204495577","wikidata":"https://www.wikidata.org/wiki/Q1205349","display_name":"Callback","level":2,"score":0.3077999949455261},{"id":"https://openalex.org/C175154964","wikidata":"https://www.wikidata.org/wiki/Q380077","display_name":"Task analysis","level":3,"score":0.29159998893737793},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.28529998660087585},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2791999876499176},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.27730000019073486},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.2676999866962433},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.26759999990463257},{"id":"https://openalex.org/C2779439875","wikidata":"https://www.wikidata.org/wiki/Q1078276","display_name":"Natural language understanding","level":3,"score":0.2572000026702881},{"id":"https://openalex.org/C2776608160","wikidata":"https://www.wikidata.org/wiki/Q4785462","display_name":"Natural (archaeology)","level":2,"score":0.25619998574256897},{"id":"https://openalex.org/C183469790","wikidata":"https://www.wikidata.org/wiki/Q333501","display_name":"Crash","level":2,"score":0.25049999356269836}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.22868","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.22868","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.22868","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.22868","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.8114102482795715}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Agentic":[0],"computing":[1],"systems,":[2,38],"which":[3],"autonomously":[4],"spawn":[5],"new":[6],"functionalities":[7,34,136],"based":[8],"on":[9],"natural":[10],"language":[11],"instructions,":[12],"are":[13,106],"becoming":[14],"increasingly":[15],"prevalent.":[16],"While":[17],"immensely":[18],"capable,":[19],"these":[20,37,123,157],"systems":[21,94,105,124],"raise":[22],"serious":[23],"security,":[24],"privacy,":[25],"and":[26,112,159],"safety":[27],"concerns.":[28],"Fundamentally,":[29],"the":[30,66],"full":[31],"set":[32],"of":[33,52,79,183,196],"offered":[35,137],"by":[36,133,138],"combined":[39],"with":[40,143,171],"their":[41,144],"probabilistic":[42],"execution":[43,145],"flows,":[44],"is":[45,55,102],"not":[46,115],"known":[47],"beforehand.":[48],"Given":[49],"this":[50,82,97,131],"lack":[51],"characterization,":[53],"it":[54],"non-trivial":[56],"to":[57,91,95,127,147,187,194],"validate":[58],"whether":[59],"a":[60,77,87,154],"system":[61,197],"has":[62],"successfully":[63],"carried":[64],"out":[65],"user's":[67],"intended":[68],"task":[69],"or":[70,118,168],"instead":[71],"executed":[72],"irrelevant":[73],"actions,":[74],"potentially":[75],"as":[76],"consequence":[78],"compromise.":[80],"In":[81],"paper,":[83],"we":[84],"propose":[85],"Agent-Sentry,":[86],"framework":[88],"that":[89,103,163,169,177,185],"attempts":[90],"bound":[92],"agentic":[93,104,140],"address":[96],"problem.":[98],"Our":[99,174],"key":[100],"insight":[101,132],"designed":[107],"for":[108],"specific":[109],"use":[110],"cases":[111],"therefore":[113],"need":[114],"expose":[116],"unbounded":[117],"unspecified":[119],"functionalities.":[120],"Once":[121],"bounded,":[122],"become":[125],"easier":[126],"scrutinize.":[128],"Agent-Sentry":[129,178],"operationalizes":[130],"uncovering":[134],"frequent":[135],"an":[139],"system,":[141],"along":[142],"traces,":[146],"construct":[148],"behavioral":[149],"bounds.":[150],"It":[151],"then":[152],"learns":[153],"policy":[155],"from":[156,165],"traces":[158],"blocks":[160],"tool":[161],"calls":[162],"deviate":[164],"learned":[166],"behaviors":[167],"misalign":[170],"user":[172],"intent.":[173],"evaluation":[175],"shows":[176],"helps":[179],"prevent":[180],"over":[181],"90\\%":[182],"attacks":[184],"attempt":[186],"trigger":[188],"out-of-bounds":[189],"executions,":[190],"while":[191],"preserving":[192],"up":[193],"98\\%":[195],"utility.":[198]},"counts_by_year":[],"updated_date":"2026-03-26T06:10:45.909354","created_date":"2026-03-26T00:00:00"}