{"id":"https://openalex.org/W7160827842","doi":"https://doi.org/10.48550/arxiv.2605.06812","title":"Towards Security-Auditable LLM Agents: A Unified Graph Representation","display_name":"Towards Security-Auditable LLM Agents: A Unified Graph Representation","publication_year":2026,"publication_date":"2026-05-07","ids":{"openalex":"https://openalex.org/W7160827842","doi":"https://doi.org/10.48550/arxiv.2605.06812"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.06812","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.06812","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.06812","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004479851","display_name":"C. Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Chaofan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047814742","display_name":"Lyuye Zhang","orcid":"https://orcid.org/0000-0003-3087-9645"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Lyuye","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5098711694","display_name":"Zhai Jintao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhai, Jintao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135830462","display_name":"Siyue Feng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Feng, Siyue","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135857253","display_name":"Xichun Yang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Xichun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037924121","display_name":"Huahao Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Huahao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135889556","display_name":"Shihan Dou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dou, Shihan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135838096","display_name":"Yu Ji","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ji, Yu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101425262","display_name":"Yutao Hu","orcid":"https://orcid.org/0009-0000-7023-9437"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hu, Yutao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056381213","display_name":"Yueming Wu","orcid":"https://orcid.org/0000-0002-1515-3558"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Yueming","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135901465","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0002-9897-4019"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5135877252","display_name":"Deqing Zou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zou, Deqing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":12,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.3019999861717224,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.3019999861717224,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.1476999968290329,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.0982000008225441,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/memory-safety","display_name":"Memory safety","score":0.5461000204086304},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.46070000529289246},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.37880000472068787},{"id":"https://openalex.org/keywords/bridging","display_name":"Bridging (networking)","score":0.3785000145435333},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.3637999892234802},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.35740000009536743},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.3540000021457672},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.35269999504089355}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8209999799728394},{"id":"https://openalex.org/C28180684","wikidata":"https://www.wikidata.org/wiki/Q4080983","display_name":"Memory safety","level":3,"score":0.5461000204086304},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.46070000529289246},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4381999969482422},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4237000048160553},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.37880000472068787},{"id":"https://openalex.org/C174348530","wikidata":"https://www.wikidata.org/wiki/Q188635","display_name":"Bridging (networking)","level":2,"score":0.3785000145435333},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.3637999892234802},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.35989999771118164},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.35740000009536743},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3540000021457672},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.35269999504089355},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.32440000772476196},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.31679999828338623},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3125999867916107},{"id":"https://openalex.org/C27458966","wikidata":"https://www.wikidata.org/wiki/Q1187693","display_name":"Control flow graph","level":2,"score":0.31029999256134033},{"id":"https://openalex.org/C161301231","wikidata":"https://www.wikidata.org/wiki/Q3478658","display_name":"Knowledge representation and reasoning","level":2,"score":0.30399999022483826},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.3021000027656555},{"id":"https://openalex.org/C96146094","wikidata":"https://www.wikidata.org/wiki/Q609057","display_name":"Unification","level":2,"score":0.29510000348091125},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.28439998626708984},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.27090001106262207},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.26570001244544983},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.25679999589920044},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.2565000057220459},{"id":"https://openalex.org/C195344581","wikidata":"https://www.wikidata.org/wiki/Q2555318","display_name":"Automated reasoning","level":2,"score":0.2531000077724457}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.06812","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.06812","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.06812","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.06812","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"LLM-based":[0],"agentic":[1,94,185,237],"systems":[2],"are":[3,128],"rapidly":[4],"evolving":[5],"to":[6,60,175],"perform":[7],"complex":[8,236],"autonomous":[9],"tasks":[10],"through":[11,130],"dynamic":[12,115],"tool":[13,201],"invocation,":[14],"stateful":[15],"memory":[16,67,198],"management,":[17],"and":[18,35,51,58,69,111,124,133,156,200,206,213,215,226,232],"multi-agent":[19,210],"collaboration.":[20],"However,":[21],"this":[22,78],"semantics-driven":[23],"execution":[24,37,138],"paradigm":[25,151],"creates":[26],"a":[27,83,97,149,224],"severe":[28],"semantic":[29,117,131],"gap":[30],"between":[31],"low-level":[32],"physical":[33],"events":[34],"high-level":[36],"intent,":[38],"making":[39],"post-hoc":[40],"security":[41,89,134,233],"auditing":[42,169],"fundamentally":[43],"difficult.":[44],"Existing":[45],"representation":[46,86],"mechanisms,":[47],"including":[48,196],"static":[49,104],"SBOMs":[50],"runtime":[52,116],"logs,":[53],"provide":[54],"only":[55],"fragmented":[56,137],"evidence":[57],"fail":[59],"capture":[61],"cognitive-state":[62],"evolution,":[63],"capability":[64,105,203],"bindings,":[65],"persistent":[66],"contamination,":[68],"cascading":[70],"risk":[71,154],"propagation":[72],"across":[73],"interacting":[74],"agents.":[75],"To":[76],"bridge":[77],"gap,":[79],"we":[80,147],"propose":[81],"Agent-BOM,":[82,146],"unified":[84,225],"structural":[85],"for":[87,152,229],"agent":[88],"auditing.":[90],"Agent-BOM":[91,177,190,222],"models":[92],"an":[93,168],"system":[95],"as":[96,108,120],"hierarchical":[98],"attributed":[99],"directed":[100],"graph":[101],"that":[102,189,221],"separates":[103],"bases,":[106],"such":[107,119],"models,":[109],"tools,":[110],"long-term":[112],"memory,":[113],"from":[114,178],"states,":[118],"goals,":[121],"reasoning":[122],"trajectories,":[123],"actions.":[125],"These":[126,218],"layers":[127],"connected":[129],"edges":[132],"attributes,":[135],"transforming":[136],"traces":[139],"into":[140],"queryable":[141],"audit":[142],"paths.":[143],"Building":[144],"on":[145,182],"develop":[148],"graph-query-based":[150],"path-level":[153],"assessment":[155],"instantiate":[157],"it":[158],"with":[159],"the":[160,172],"OWASP":[161],"Agentic":[162],"Top":[163],"10.":[164],"We":[165],"further":[166],"implement":[167],"plugin":[170],"in":[171,235],"OpenClaw":[173],"environment":[174],"construct":[176],"live":[179],"executions.":[180],"Evaluation":[181],"representative":[183],"real-world":[184],"attack":[186,194],"scenarios":[187],"shows":[188],"can":[191],"reconstruct":[192],"stealthy":[193],"chains,":[195],"cross-session":[197],"poisoning":[199],"misuse,":[202],"supply-chain":[204],"hijacking":[205],"unexpected":[207],"code":[208],"execution,":[209],"ecosystem":[211],"hijacking,":[212],"privilege":[214],"trust":[216],"abuse.":[217],"results":[219],"demonstrate":[220],"provides":[223],"auditable":[227],"foundation":[228],"root-cause":[230],"analysis":[231],"adjudication":[234],"ecosystems.":[238]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-05-12T00:00:00"}