{"id":"https://openalex.org/W7163021551","doi":"https://doi.org/10.48550/arxiv.2605.31593","title":"Stateful Online Monitoring Catches Distributed Agent Attacks","display_name":"Stateful Online Monitoring Catches Distributed Agent Attacks","publication_year":2026,"publication_date":"2026-05-29","ids":{"openalex":"https://openalex.org/W7163021551","doi":"https://doi.org/10.48550/arxiv.2605.31593"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.31593","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.31593","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.31593","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5137523674","display_name":"Davis Brown","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Brown, Davis","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137541717","display_name":"Samarth Bhargav","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bhargav, Samarth","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022761692","display_name":"Arav Santhanam","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Santhanam, Arav","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137582253","display_name":"Kasper Hong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hong, Kasper","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137535087","display_name":"Ivan Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Ivan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119399240","display_name":"Matan Shtepel","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shtepel, Matan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033466933","display_name":"Steffi Chern","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chern, Steffi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137527002","display_name":"Alexander Robey","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Robey, Alexander","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137526555","display_name":"Eric Wong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wong, Eric","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5137583834","display_name":"Hamed Hassani","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hassani, Hamed","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":10,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.40860000252723694,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.40860000252723694,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.15620000660419464,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.1088000014424324,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/stateful-firewall","display_name":"Stateful firewall","score":0.5692999958992004},{"id":"https://openalex.org/keywords/flagging","display_name":"Flagging","score":0.5167999863624573},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5031999945640564},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.3944000005722046},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.38190001249313354},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.357699990272522},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.35569998621940613},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.3424000144004822},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.34049999713897705},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.32710000872612}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8014000058174133},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6384000182151794},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.5692999958992004},{"id":"https://openalex.org/C2777548347","wikidata":"https://www.wikidata.org/wiki/Q5456937","display_name":"Flagging","level":2,"score":0.5167999863624573},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5031999945640564},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.3944000005722046},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.38190001249313354},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.357699990272522},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.35569998621940613},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.3424000144004822},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.34049999713897705},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.32710000872612},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.32330000400543213},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3089999854564667},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.3082999885082245},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.3061999976634979},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3025999963283539},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.298799991607666},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.29269999265670776},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2904999852180481},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.28299999237060547},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2825999855995178},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.2786000072956085},{"id":"https://openalex.org/C165136773","wikidata":"https://www.wikidata.org/wiki/Q1363179","display_name":"Single point of failure","level":2,"score":0.2775999903678894},{"id":"https://openalex.org/C178005623","wikidata":"https://www.wikidata.org/wiki/Q308859","display_name":"Anonymity","level":2,"score":0.2703000009059906},{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.2639999985694885},{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.26350000500679016},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.26170000433921814},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.25920000672340393},{"id":"https://openalex.org/C2780615836","wikidata":"https://www.wikidata.org/wiki/Q2471869","display_name":"USable","level":2,"score":0.2590000033378601}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.31593","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.31593","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.31593","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.31593","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.81507408618927,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Language":[0],"models":[1],"can":[2],"find":[3,218],"thousands":[4],"of":[5,189,239,246],"severe":[6],"software":[7],"vulnerabilities,":[8],"and":[9,137,169,215],"agents":[10],"are":[11,51],"increasingly":[12],"being":[13],"misused":[14],"for":[15,187],"cyberattacks.":[16],"To":[17],"avoid":[18],"detection,":[19],"attackers":[20,226],"frequently":[21],"distribute":[22],"their":[23],"misuse,":[24],"splitting":[25],"a":[26,48,81,100,107,116,142,236],"harmful":[27,92,178],"task":[28],"across":[29,62,94,133,148,230],"many":[30,63,134],"user":[31,149,190],"accounts":[32],"so":[33],"each":[34],"individual":[35],"transcript":[36],"looks":[37],"benign.":[38],"Because":[39],"safety":[40,240],"monitors":[41,241],"score":[42],"only":[43,58,106,139],"one":[44],"agent":[45,79,113,135],"context":[46],"at":[47,183],"time,":[49],"they":[50],"structurally":[52],"blind":[53],"to":[54,73,128,141],"misuse":[55,147,172],"that":[56,84,103,124,145,219],"is":[57,69],"visible":[59],"in":[60],"aggregate,":[61],"accounts.":[64,150,231],"We":[65],"show":[66],"this":[67,181],"gap":[68],"real":[70],"by":[71],"building,":[72],"our":[74,158],"knowledge,":[75],"the":[76,91,176,199,213],"first":[77],"distributed":[78,165],"attack,":[80],"multi-agent":[82],"scaffold":[83],"completes":[85],"hard":[86],"cybersecurity":[87],"tasks":[88],"while":[89],"hiding":[90],"objective":[93],"subagents":[95],"with":[96,153],"limited":[97],"contexts,":[98],"evading":[99],"standard":[101,162,222],"monitor":[102,123,159],"catches":[104,221],"it":[105,174,220],"fifth":[108],"as":[109,111,198],"often":[110],"prior":[112],"attacks.":[114],"Towards":[115],"defense,":[117],"we":[118,211],"develop":[119],"an":[120,207],"online":[121],"stateful":[122],"uses":[125],"real-time":[126],"clustering":[127],"collect":[129],"weak":[130],"suspiciousness":[131],"signals":[132],"transcripts,":[136],"escalates":[138],"rarely":[140],"language":[143],"model":[144],"flags":[146],"In":[151],"evaluations":[152],"large-scale":[154],"simulated":[155],"datacenter":[156],"traffic,":[157],"Pareto":[160],"dominates":[161],"monitors,":[163],"catching":[164],"attacks":[166],"30%":[167],"earlier":[168],"flagging":[170],"cyber":[171],"before":[173],"reaches":[175],"most":[177],"stages.":[179],"Crucially,":[180],"comes":[182],"negligible":[184],"additional":[185],"latency":[186],"~99%":[188],"traffic.":[191],"This":[192],"detection":[193],"advantage":[194],"persists":[195],"but":[196],"narrows":[197],"benign":[200],"background":[201],"traffic":[202],"grows":[203],"very":[204],"large.":[205],"After":[206],"extensive":[208],"red-teaming":[209],"exercise,":[210],"improve":[212],"defense":[214],"surprisingly":[216],"also":[217],"jailbreaks,":[223],"since":[224],"adaptive":[225],"reuse":[227],"attack":[228],"variants":[229],"Our":[232],"results":[233],"point":[234],"toward":[235],"new":[237],"class":[238],"which":[242],"reason":[243],"over":[244],"groups":[245],"users":[247],"rather":[248],"than":[249],"isolated":[250],"transcripts.":[251]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-06-02T00:00:00"}