Paper Detail

Detecting Safety Violations Across Many Agent Traces

Adam Stein, Davis Brown, Hamed Hassani, Mayur Naik, Eric Wong

Browse

Workflow Queues

arxiv Score 9.3

Published 2026-04-13 · First seen 2026-04-14

General AI

Open paper source

Abstract

To identify safety violations, auditors often search over large sets of agent traces. This search is difficult because failures are often rare, complex, and sometimes even adversarially hidden and only detectable when multiple traces are analyzed together. These challenges arise in diverse settings such as misuse campaigns, covert sabotage, reward hacking, and prompt injection. Existing approaches struggle here for several reasons. Per-trace judges miss failures that only become visible across traces, naive agentic auditing does not scale to large trace collections, and fixed monitors are brittle to unanticipated behaviors. We introduce Meerkat, which combines clustering with agentic search to uncover violations specified in natural language. Through structured search and adaptive investigation of promising regions, Meerkat finds sparse failures without relying on seed scenarios, fixed workflows, or exhaustive enumeration. Across misuse, misalignment, and task gaming settings, Meerkat significantly improves detection of safety violations over baseline monitors, discovers widespread developer cheating on a top agent benchmark, and finds nearly 4x more examples of reward hacking on CyBench than previous audits.

Workflow Status

Review status
pending
Role
unreviewed
Read priority
now
Vote
Not set.
Saved
no
Collections
Not filed yet.
Next action
Not filled yet.

Reading Brief

No structured notes yet. Add `summary_sections`, `why_relevant`, `claim_impact`, or `next_action` in `papers.jsonl` to enrich this view.

Why It Surfaced

No ranking explanation is available yet.

Tags

No tags.

Similar Papers

FileGram: Grounding Agent Personalization in File-System Behavioral Traces 2026-04-06 · Score 17.8 General AI LLM Safety From Within: Detecting Harmful Content with Internal Representations 2026-04-20 · Score 6.5 General AI PrefixGuard: From LLM-Agent Traces to Online Failure-Warning Monitors 2026-05-07 · Score 12.0 Research Track B · General AI Reinforcement Learning for LLM-based Multi-Agent Systems through Orchestration Traces 2026-05-04 · Score 18.2 General AI Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw 2026-04-06 · Score 7.0 General AI

BibTeX

@article{stein2026detecting,
  title = {Detecting Safety Violations Across Many Agent Traces},
  author = {Adam Stein and Davis Brown and Hamed Hassani and Mayur Naik and Eric Wong},
  year = {2026},
  abstract = {To identify safety violations, auditors often search over large sets of agent traces. This search is difficult because failures are often rare, complex, and sometimes even adversarially hidden and only detectable when multiple traces are analyzed together. These challenges arise in diverse settings such as misuse campaigns, covert sabotage, reward hacking, and prompt injection. Existing approaches struggle here for several reasons. Per-trace judges miss failures that only become visible across t},
  url = {https://arxiv.org/abs/2604.11806},
  keywords = {cs.AI, cs.CL},
  eprint = {2604.11806},
  archiveprefix = {arXiv},
}

Metadata

{}