Pith Number

pith:GUDRED4H

pith:2025:GUDRED4HSFV4DREQ5ZRUVWD5PD

not attested not anchored not stored refs resolved

Securing AI Agents with Information-Flow Control

Aashish Kolluri, Ahmed Salem, Andrew Paverd, Boris K\"opf, Lukas Wutschitz, Manuel Costa, Mark Russinovich, Santiago Zanella-B\'eguelin, Shruti Tople

Fides applies information-flow control to AI agent planners to enforce security policies against prompt injection while preserving task utility.

arxiv:2505.23643 v2 · 2025-05-29 · cs.CR · cs.AI

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?

Add to your LaTeX paper

\usepackage{pith}
\pithnumber{GUDRED4HSFV4DREQ5ZRUVWD5PD}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp

2 Internet Archive

3 Author claim open · sign in to claim

4 Citations open

5 Replications open

✓ Portable graph bundle live · download bundle · merged state

The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Fides enables us to complete a broad range of tasks with security guarantees.

C2weakest assumption

The formal model of agent planners and the taxonomy of tasks accurately capture real-world security and utility trade-offs.

C3one line summary

Fides is an IFC-based planner that uses dynamic taint-tracking and novel hiding primitives to enforce security policies on AI agents with measurable task utility.

References

50 extracted · 50 resolved · 0 Pith anchors

[1] Get my drift? catching llm task drift with activation deltas 2025

[2] Guidance: A guidance language for controlling large language models 2025

[3] Computer Use (beta) 2024

[4] Ahsan Ayub and Subhabrata Majumdar 2024

[5] AI agents with formal security guarantees 2024

Formal links

1 machine-checked theorem link

Cited by

31 papers in Pith

Boiling the Frog: A Multi-Turn Benchmark for Agentic Safety

The Misattribution Gap: When Memory Poisoning Looks Like Model Failure in Agentic AI Systems

Boiling the Frog: A Multi-Turn Benchmark for Agentic Safety

Agent Security is a Systems Problem

Beyond Pattern Matching: Seven Cross-Domain Techniques for Prompt Injection Detection

Receipt and verification

First computed	2026-05-17T23:38:52.611353Z
Builder	pith-number-builder-2026-05-17-v1
Signature	Pith Ed25519 (`pith-v1-2026-05`) · public key
Schema	pith-number/v1.0

Canonical hash

3507120f87916bc1c490ee634ad87d78c2370c8b22b677fd29c110ecaac5ad43

Aliases

arxiv: 2505.23643 · arxiv_version: 2505.23643v2 · doi: 10.48550/arxiv.2505.23643 · pith_short_12: GUDRED4HSFV4 · pith_short_16: GUDRED4HSFV4DREQ · pith_short_8: GUDRED4H

Agent API

Resolver JSON Graph JSON Events JSON Schema Signing key

Verify this Pith Number yourself

curl -sH 'Accept: application/ld+json' https://pith.science/pith/GUDRED4HSFV4DREQ5ZRUVWD5PD \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 3507120f87916bc1c490ee634ad87d78c2370c8b22b677fd29c110ecaac5ad43

Canonical record JSON

{
  "metadata": {
    "abstract_canon_sha256": "6f3682787171169b47a76163368cb916334189441b1440ced6b4d3f2edd2f917",
    "cross_cats_sorted": [
      "cs.AI"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2025-05-29T16:50:41Z",
    "title_canon_sha256": "edd3dae6979bd4f3a8d9cdbcf7f35fb4e585c53f696d9da314c21847365097e2"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2505.23643",
    "kind": "arxiv",
    "version": 2
  }
}