{"id":"https://openalex.org/W7154621918","doi":"https://doi.org/10.48550/arxiv.2604.13630","title":"SafeHarness: Lifecycle-Integrated Security Architecture for LLM-based Agent Deployment","display_name":"SafeHarness: Lifecycle-Integrated Security Architecture for LLM-based Agent Deployment","publication_year":2026,"publication_date":"2026-04-15","ids":{"openalex":"https://openalex.org/W7154621918","doi":"https://doi.org/10.48550/arxiv.2604.13630"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.13630","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.13630","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.13630","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101641900","display_name":"Xixun Lin","orcid":"https://orcid.org/0009-0004-6645-0597"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lin, Xixun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133820570","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0003-0692-2578"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133757880","display_name":"Yancheng Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Yancheng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133808921","display_name":"Yongxuan Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Yongxuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101261226","display_name":"Yucheng Ning","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ning, Yucheng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133747446","display_name":"Yilong Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yilong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133736086","display_name":"Nan Sun","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sun, Nan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133813251","display_name":"Shun Zhang","orcid":"https://orcid.org/0009-0006-0824-7595"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Shun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133769296","display_name":"Bin Chong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chong, Bin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133819052","display_name":"Chuan Zhou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhou, Chuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133751632","display_name":"Yanan Cao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cao, Yanan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":11,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8884000182151794,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8884000182151794,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.016899999231100082,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.014499999582767487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6014999747276306},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.49470001459121704},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.45019999146461487},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.43849998712539673},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.41589999198913574},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.41510000824928284},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.39879998564720154},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.3698999881744385},{"id":"https://openalex.org/keywords/security-domain","display_name":"Security domain","score":0.36489999294281006}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7184000015258789},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6014999747276306},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.49470001459121704},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.45019999146461487},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.43849998712539673},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42010000348091125},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.41589999198913574},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.41510000824928284},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.39879998564720154},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3698999881744385},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.36489999294281006},{"id":"https://openalex.org/C174220543","wikidata":"https://www.wikidata.org/wiki/Q395307","display_name":"Rollback","level":3,"score":0.35899999737739563},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3540000021457672},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.3409000039100647},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.33309999108314514},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.3287000060081482},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.30979999899864197},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.30970001220703125},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.30480000376701355},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.29429998993873596},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.29280000925064087},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.2786000072956085},{"id":"https://openalex.org/C31139447","wikidata":"https://www.wikidata.org/wiki/Q5380386","display_name":"Enterprise information security architecture","level":2,"score":0.2777000069618225},{"id":"https://openalex.org/C183322885","wikidata":"https://www.wikidata.org/wiki/Q17007702","display_name":"Context model","level":3,"score":0.27559998631477356},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2741999924182892},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.2574999928474426},{"id":"https://openalex.org/C193415008","wikidata":"https://www.wikidata.org/wiki/Q639681","display_name":"Network architecture","level":2,"score":0.2549999952316284},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.25279998779296875}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.13630","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.13630","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.13630","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.13630","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0,133],"performance":[1],"of":[2,76,188],"large":[3],"language":[4],"model":[5],"(LLM)":[6],"agents":[7],"depends":[8],"critically":[9],"on":[10,158],"the":[11,14,32,42,48,73,98,180,200,205],"execution":[12,50],"harness,":[13],"system":[15],"layer":[16],"that":[17,54],"orchestrates":[18],"tool":[19,119,148],"use,":[20],"context":[21,107],"management,":[22],"and":[23,68,124,146,193,204],"state":[24,67,131],"persistence.":[25],"Yet":[26],"this":[27,80],"same":[28],"architectural":[29],"centrality":[30],"makes":[31],"harness":[33,43,163],"a":[34,38,85],"high-value":[35],"attack":[36,172,206],"surface:":[37],"single":[39],"compromise":[40],"at":[41,109,115,121,130],"level":[44],"can":[45],"cascade":[46],"through":[47],"entire":[49],"pipeline.":[51],"We":[52,155],"observe":[53],"existing":[55],"security":[56,86,168],"approaches":[57],"suffer":[58],"from":[59],"structural":[60],"mismatch,":[61],"leaving":[62],"them":[63],"blind":[64],"to":[65,70,101,179],"harness-internal":[66],"unable":[69],"coordinate":[71],"across":[72,161],"different":[74],"phases":[75],"agent":[77,99],"operation.":[78],"In":[79],"paper,":[81],"we":[82],"introduce":[83],"\\safeharness{},":[84],"architecture":[87],"in":[88,191,195],"which":[89],"four":[90,167],"proposed":[91,134],"defense":[92],"layers":[93,139],"are":[94,153],"woven":[95],"directly":[96],"into":[97],"lifecycle":[100],"address":[102],"above":[103],"significant":[104],"limitations:":[105],"adversarial":[106],"filtering":[108],"input":[110],"processing,":[111],"tiered":[112],"causal":[113],"verification":[114,142],"decision":[116],"making,":[117],"privilege-separated":[118],"control":[120],"action":[122],"execution,":[123],"safe":[125],"rollback":[126],"with":[127],"adaptive":[128],"degradation":[129],"update.":[132],"cross-layer":[135],"mechanisms":[136],"tie":[137],"these":[138],"together,":[140],"escalating":[141],"rigor,":[143],"triggering":[144],"rollbacks,":[145],"tightening":[147],"privileges":[149],"whenever":[150],"sustained":[151],"anomalies":[152],"detected.":[154],"evaluate":[156],"\\safeharness{}":[157,183],"benchmark":[159],"datasets":[160],"diverse":[162],"configurations,":[164],"comparing":[165],"against":[166],"baselines":[169],"under":[170],"five":[171],"scenarios":[173],"spanning":[174],"six":[175],"threat":[176],"categories.":[177],"Compared":[178],"unprotected":[181],"baseline,":[182],"achieves":[184],"an":[185],"average":[186],"reduction":[187],"approximately":[189],"38\\%":[190],"UBR":[192],"42\\%":[194],"ASR,":[196],"substantially":[197],"lowering":[198],"both":[199],"unsafe":[201],"behavior":[202],"rate":[203,208],"success":[207],"while":[209],"preserving":[210],"core":[211],"task":[212],"utility.":[213]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-17T00:00:00"}