{"id":"https://openalex.org/W7162445454","doi":"https://doi.org/10.48550/arxiv.2605.24309","title":"Reframing LLM Agent Security as an Agent-Human Interaction Problem","display_name":"Reframing LLM Agent Security as an Agent-Human Interaction Problem","publication_year":2026,"publication_date":"2026-05-23","ids":{"openalex":"https://openalex.org/W7162445454","doi":"https://doi.org/10.48550/arxiv.2605.24309"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.24309","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.24309","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.24309","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5137047722","display_name":"Peiran Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Peiran","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137015784","display_name":"Ying Li","orcid":"https://orcid.org/0000-0003-1241-4967"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Ying","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5137059642","display_name":"Yuan Tian","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tian, Yuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.2937999963760376,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.2937999963760376,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.24639999866485596,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.11630000174045563,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cognitive-reframing","display_name":"Cognitive reframing","score":0.8055999875068665},{"id":"https://openalex.org/keywords/scope","display_name":"Scope (computer science)","score":0.5828999876976013},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.41839998960494995},{"id":"https://openalex.org/keywords/human-security","display_name":"Human security","score":0.40389999747276306},{"id":"https://openalex.org/keywords/critical-security-studies","display_name":"Critical security studies","score":0.38109999895095825},{"id":"https://openalex.org/keywords/production","display_name":"Production (economics)","score":0.3199999928474426}],"concepts":[{"id":"https://openalex.org/C187029079","wikidata":"https://www.wikidata.org/wiki/Q958679","display_name":"Cognitive reframing","level":2,"score":0.8055999875068665},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.5828999876976013},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45910000801086426},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.41839998960494995},{"id":"https://openalex.org/C2779449393","wikidata":"https://www.wikidata.org/wiki/Q302285","display_name":"Human security","level":2,"score":0.40389999747276306},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.39469999074935913},{"id":"https://openalex.org/C505623098","wikidata":"https://www.wikidata.org/wiki/Q3002932","display_name":"Critical security studies","level":5,"score":0.38109999895095825},{"id":"https://openalex.org/C2778348673","wikidata":"https://www.wikidata.org/wiki/Q739302","display_name":"Production (economics)","level":2,"score":0.3199999928474426},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.31690001487731934},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.29170000553131104},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.2761000096797943},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.2678999900817871},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.26759999990463257},{"id":"https://openalex.org/C2780070844","wikidata":"https://www.wikidata.org/wiki/Q857815","display_name":"Plug and play","level":2,"score":0.257999986410141},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.2578999996185303}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.24309","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.24309","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.24309","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.24309","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.4899158775806427,"display_name":"Partnerships for the goals","id":"https://metadata.un.org/sdg/17"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"We":[0,128],"argue":[1,144],"that":[2,145,167,178,204],"LLM":[3],"agent":[4,33,126,149],"security":[5,37,54,116,150,165,194],"is":[6,152],"fundamentally":[7],"an":[8],"agent-human":[9],"interaction":[10],"(AHI)":[11],"problem,":[12],"not":[13],"a":[14,24,46,109,134,160,186,199],"purely":[15],"algorithmic":[16],"one.":[17],"To":[18],"substantiate":[19],"this":[20],"position,":[21],"we":[22,143,158,184],"conduct":[23],"systematic":[25,135],"analysis":[26,44],"of":[27,40,72,137],"59":[28],"academic":[29],"papers,":[30],"21":[31,73],"production":[32,95],"systems,":[34],"and":[35,60,77,90,115,124,139,190,212],"26":[36],"plugins":[38],"as":[39,198],"April":[41],"2026.":[42],"Our":[43],"reveals":[45],"striking":[47],"pattern:":[48],"the":[49,81,164,176],"three":[50,130],"widely":[51],"deployed":[52],"human-centric":[53],"mechanisms":[55,101,166],"(policy":[56],"specification,":[57],"runtime":[58],"approval,":[59],"scope":[61],"configuration)":[62],"dominate":[63],"industry":[64],"practice,":[65],"each":[66],"adopted":[67],"by":[68],"at":[69],"least":[70],"14":[71],"systems":[74],"(14,":[75],"15,":[76],"16,":[78],"respectively),":[79],"while":[80,175],"categories":[82],"most":[83],"heavily":[84],"studied":[85],"in":[86,148],"academia":[87],"(intent":[88],"anchoring":[89],"trust":[91],"labeling)":[92],"see":[93],"zero":[94],"deployment.":[96],"Yet":[97],"current":[98,155],"human":[99,146],"participation":[100,147],"are":[102],"far":[103],"from":[104,108],"satisfactory:":[105],"they":[106],"suffer":[107],"fundamental":[110],"trade-off":[111],"between":[112,121],"cognitive":[113],"burden":[114],"guarantees,":[117],"leaving":[118],"users":[119],"caught":[120],"approval":[122],"fatigue":[123],"uncontrolled":[125],"autonomy.":[127],"make":[129],"contributions.":[131],"First,":[132],"through":[133],"comparison":[136],"LLM-based":[138],"human-based":[140],"intent":[141],"alignment,":[142],"decisions":[151],"indispensable":[153],"given":[154],"capabilities.":[156],"Second,":[157],"quantify":[159],"pronounced":[161],"industry-academia":[162],"mismatch:":[163],"practitioners":[168],"actually":[169],"deploy":[170],"receive":[171],"scant":[172],"research":[173,188,201],"attention,":[174],"approaches":[177],"researchers":[179],"favor":[180],"remain":[181],"undeployed.":[182],"Third,":[183],"propose":[185],"three-direction":[187],"agenda":[189],"call":[191],"for":[192],"AHI":[193],"to":[195],"be":[196],"recognized":[197],"first-class":[200],"citizen,":[202],"one":[203],"demands":[205],"its":[206],"own":[207],"design":[208],"principles,":[209],"evaluation":[210],"methods,":[211],"theoretical":[213],"foundations.":[214]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-05-27T00:00:00"}