Paper Detail

Parallax: Why AI Agents That Think Must Never Act

Joel Fokou

Browse

Workflow Queues

arxiv Score 11.3

Published 2026-04-14 · First seen 2026-04-15

General AI

Open paper source

Abstract

Autonomous AI agents are rapidly transitioning from experimental tools to operational infrastructure, with projections that 80% of enterprise applications will embed AI copilots by the end of 2026. As agents gain the ability to execute real-world actions (reading files, running commands, making network requests, modifying databases), a fundamental security gap has emerged. The dominant approach to agent safety relies on prompt-level guardrails: natural language instructions that operate at the same abstraction level as the threats they attempt to mitigate. This paper argues that prompt-based safety is architecturally insufficient for agents with execution capability and introduces Parallax, a paradigm for safe autonomous AI execution grounded in four principles: Cognitive-Executive Separation, which structurally prevents the reasoning system from executing actions; Adversarial Validation with Graduated Determinism, which interposes an independent, multi-tiered validator between reasoning and execution; Information Flow Control, which propagates data sensitivity labels through agent workflows to detect context-dependent threats; and Reversible Execution, which captures pre-destructive state to enable rollback when validation fails. We present OpenParallax, an open-source reference implementation in Go, and evaluate it using Assume-Compromise Evaluation, a methodology that bypasses the reasoning system entirely to test the architectural boundary under full agent compromise. Across 280 adversarial test cases in nine attack categories, Parallax blocks 98.9% of attacks with zero false positives under its default configuration, and 100% of attacks under its maximum-security configuration. When the reasoning system is compromised, prompt-level guardrails provide zero protection because they exist only within the compromised system; Parallax's architectural boundary holds regardless.

Workflow Status

Review status
pending
Role
unreviewed
Read priority
now
Vote
Not set.
Saved
no
Collections
Not filed yet.
Next action
Not filled yet.

Reading Brief

No structured notes yet. Add `summary_sections`, `why_relevant`, `claim_impact`, or `next_action` in `papers.jsonl` to enrich this view.

Why It Surfaced

No ranking explanation is available yet.

Tags

No tags.

Similar Papers

AI Planning Framework for LLM-Based Web Agents 2026-03-13 · Score 20.5 Research Track B · General AI AcademiClaw: When Students Set Challenges for AI Agents 2026-05-04 · Score 14.4 General AI ClawArena: Benchmarking AI Agents in Evolving Information Environments 2026-04-05 · Score 14.0 General AI ClawBench: Can AI Agents Complete Everyday Online Tasks? 2026-04-09 · Score 10.8 General AI ParseBench: A Document Parsing Benchmark for AI Agents 2026-04-09 · Score 9.8 General AI

BibTeX

@article{fokou2026parallax,
  title = {Parallax: Why AI Agents That Think Must Never Act},
  author = {Joel Fokou},
  year = {2026},
  abstract = {Autonomous AI agents are rapidly transitioning from experimental tools to operational infrastructure, with projections that 80\% of enterprise applications will embed AI copilots by the end of 2026. As agents gain the ability to execute real-world actions (reading files, running commands, making network requests, modifying databases), a fundamental security gap has emerged. The dominant approach to agent safety relies on prompt-level guardrails: natural language instructions that operate at the s},
  url = {https://arxiv.org/abs/2604.12986},
  keywords = {cs.CR, cs.AI},
  eprint = {2604.12986},
  archiveprefix = {arXiv},
}

Metadata

{}