{"id":"https://openalex.org/W7160510613","doi":"https://doi.org/10.48550/arxiv.2605.04808","title":"DecodingTrust-Agent Platform (DTap): A Controllable and Interactive Red-Teaming Platform for AI Agents","display_name":"DecodingTrust-Agent Platform (DTap): A Controllable and Interactive Red-Teaming Platform for AI Agents","publication_year":2026,"publication_date":"2026-05-06","ids":{"openalex":"https://openalex.org/W7160510613","doi":"https://doi.org/10.48550/arxiv.2605.04808"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.04808","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.04808","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.04808","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5135548436","display_name":"Zhaorun Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Zhaorun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101730423","display_name":"Xun Liu","orcid":"https://orcid.org/0000-0002-6115-8886"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Xun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123692526","display_name":"Haibo Tong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tong, Haibo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018433753","display_name":"Chengquan Guo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guo, Chengquan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119968248","display_name":"Yuzhou Nie","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nie, Yuzhou","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135574866","display_name":"Jiawei Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Jiawei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135558523","display_name":"Mintong Kang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kang, Mintong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004007883","display_name":"Chejian Xu","orcid":"https://orcid.org/0009-0009-7598-639X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Chejian","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082262224","display_name":"Qichang Liu","orcid":"https://orcid.org/0009-0007-5681-4045"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Qichang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135602707","display_name":"Xiaogeng Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Xiaogeng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135637660","display_name":"Tianneng Shi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shi, Tianneng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135600675","display_name":"Chaowei Xiao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiao, Chaowei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135592421","display_name":"Sanmi Koyejo","orcid":"https://orcid.org/0000-0002-4023-419X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Koyejo, Sanmi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135635308","display_name":"Percy Liang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liang, Percy","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135555901","display_name":"Wenbo Guo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guo, Wenbo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135623501","display_name":"Dawn Song","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Song, Dawn","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5135573635","display_name":"Bo Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Bo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.2451999932527542,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.2451999932527542,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.18449999392032623,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.12999999523162842,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.611299991607666},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5486999750137329},{"id":"https://openalex.org/keywords/replicate","display_name":"Replicate","score":0.4611999988555908},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.42989999055862427},{"id":"https://openalex.org/keywords/verifiable-secret-sharing","display_name":"Verifiable secret sharing","score":0.38690000772476196},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.3801000118255615},{"id":"https://openalex.org/keywords/autonomous-agent","display_name":"Autonomous agent","score":0.3756999969482422},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.35839998722076416}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6812999844551086},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.611299991607666},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5576000213623047},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5486999750137329},{"id":"https://openalex.org/C2781162219","wikidata":"https://www.wikidata.org/wiki/Q26250693","display_name":"Replicate","level":2,"score":0.4611999988555908},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.42989999055862427},{"id":"https://openalex.org/C85847156","wikidata":"https://www.wikidata.org/wiki/Q59015987","display_name":"Verifiable secret sharing","level":3,"score":0.38690000772476196},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.3801000118255615},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.3756999969482422},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.35839998722076416},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3452000021934509},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3433000147342682},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.3231000006198883},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.305400013923645},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.27300000190734863},{"id":"https://openalex.org/C9628104","wikidata":"https://www.wikidata.org/wiki/Q788009","display_name":"Autonomous system (mathematics)","level":2,"score":0.2712000012397766},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.26809999346733093},{"id":"https://openalex.org/C59519942","wikidata":"https://www.wikidata.org/wiki/Q650665","display_name":"Drone","level":2,"score":0.2581000030040741},{"id":"https://openalex.org/C74072328","wikidata":"https://www.wikidata.org/wiki/Q1142726","display_name":"Intelligent agent","level":2,"score":0.2540999948978424},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.25029999017715454}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.04808","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.04808","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.04808","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.04808","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"AI":[0,117,214],"agents":[1,26,46,70,146,215],"are":[2],"increasingly":[3],"deployed":[4],"across":[5,193],"diverse":[6,161],"domains":[7,122],"to":[8,19,177,201],"automate":[9],"complex":[10],"workflows":[11],"through":[12],"long-horizon":[13],"and":[14,23,30,82,89,112,123,138,170,226,233],"high-stakes":[15],"action":[16],"executions.":[17],"Due":[18],"their":[20],"high":[21],"capability":[22],"flexibility,":[24],"such":[25,51,133],"raise":[27],"significant":[28],"security":[29,65,222],"safety":[31],"concerns.":[32],"A":[33],"growing":[34],"number":[35],"of":[36,145,212],"real-world":[37,121],"incidents":[38],"have":[39],"shown":[40],"that":[41,128,158],"adversaries":[42],"can":[43],"easily":[44],"manipulate":[45],"into":[47],"performing":[48],"harmful":[49],"actions,":[50],"as":[52,69,134],"leaking":[53],"API":[54],"keys,":[55],"deleting":[56],"user":[57,84],"data,":[58],"or":[59],"initiating":[60],"unauthorized":[61],"transactions.":[62],"Evaluating":[63],"agent":[64,157],"is":[66],"inherently":[67],"challenging,":[68],"operate":[71],"in":[72,147],"dynamic,":[73],"untrusted":[74],"environments":[75,91,127],"involving":[76],"external":[77],"tools,":[78],"heterogeneous":[79],"data":[80],"sources,":[81],"frequent":[83],"interactions.":[85],"However,":[86],"realistic,":[87],"controllable,":[88],"reproducible":[90],"for":[92,116,237],"large-scale":[93,187,210],"risk":[94,143,224],"assessment":[95,144],"remain":[96],"largely":[97],"underexplored.":[98],"To":[99,140],"address":[100],"this":[101],"gap,":[102],"we":[103,149,183,208],"introduce":[104],"the":[105,109,142,153],"DecodingTrust-Agent":[106],"Platform":[107],"(DTap),":[108],"first":[110,154],"controllable":[111],"interactive":[113],"red-teaming":[114,156,188],"platform":[115],"agents,":[118],"spanning":[119,221],"14":[120],"over":[124],"50":[125],"simulation":[126],"replicate":[129],"widely":[130],"used":[131],"systems":[132],"Google":[135],"Workspace,":[136],"Paypal,":[137],"Slack.":[139],"scale":[141],"DTap,":[148,207],"further":[150],"propose":[151],"DTap-Red,":[152,182],"autonomous":[155],"systematically":[159],"explores":[160],"injection":[162],"vectors":[163],"(e.g.,":[164],"prompt,":[165],"tool,":[166],"skill,":[167],"environment,":[168],"combinations)":[169],"autonomously":[171],"discovers":[172],"effective":[173],"attack":[174,204,227],"strategies":[175],"tailored":[176],"varying":[178],"malicious":[179],"goals.":[180],"Using":[181],"curate":[184],"DTap-Bench,":[185],"a":[186,198],"dataset":[189],"comprising":[190],"high-quality":[191],"instances":[192],"domains,":[194],"each":[195],"paired":[196],"with":[197],"verifiable":[199],"judge":[200],"automatically":[202],"validate":[203],"outcomes.":[205],"Through":[206],"conduct":[209],"evaluations":[211],"popular":[213],"built":[216],"on":[217],"various":[218],"backbone":[219],"models,":[220],"policies,":[223],"categories,":[225],"strategies,":[228],"revealing":[229],"systematic":[230],"vulnerability":[231],"patterns":[232],"providing":[234],"valuable":[235],"insights":[236],"developing":[238],"secure":[239],"next-generation":[240],"agents.":[241]},"counts_by_year":[],"updated_date":"2026-07-01T08:55:40.977307","created_date":"2026-05-08T00:00:00"}
