pith. sign in
Pith Number

pith:OYHSK3MN

pith:2025:OYHSK3MNS5ENCRPOOBFH6ZDCRR
not attested not anchored not stored refs resolved

AgentSpec: Customizable Runtime Enforcement for Safe and Reliable LLM Agents

Christopher M. Poskitt, Haoyu Wang, Jun Sun

AgentSpec lets users write runtime rules that stop LLM agents from unsafe actions in code, robots, and cars.

arxiv:2503.18666 v3 · 2025-03-24 · cs.AI · cs.CL

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{OYHSK3MNS5ENCRPOOBFH6ZDCRR}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Our evaluation shows that AgentSpec successfully prevents unsafe executions in over 90% of code agent cases, eliminates all hazardous actions in embodied agent tasks, and enforces 100% compliance by autonomous vehicles (AVs).

C2weakest assumption

That comprehensive safety rules can be predefined to cover all relevant unsafe scenarios while remaining practical to write and that runtime interception of agent actions is feasible and accurate across domains without introducing unacceptable false positives.

C3one line summary

AgentSpec introduces a customizable DSL for runtime enforcement of safety constraints on LLM agents, achieving over 90% prevention of unsafe code actions, zero hazardous embodied actions, and 100% AV compliance in evaluations.

References

59 extracted · 59 resolved · 2 Pith anchors

[1] AgentSpec. https://github.com/haoyuwang99/AgentSpec, 2025 2025
[2] Runtime verification for trustworthy computing 2023
[3] Apollo Self-Driving
[4] Accessed: 2025-02-11 2025
[5] Principles of model checking 2008

Formal links

2 machine-checked theorem links

Cited by

32 papers in Pith

Causal Past Logic for Runtime Verification of Distributed LLM Agent Workflows
Taxonomy and Consistency Analysis of Safety Benchmarks for AI Agents
From AI-Generated Content to Agentic Action: Security and Safety Threats in Generative AI
Skills as Verifiable Artifacts: A Trust Schema and a Biconditional Correctness Criterion for Human-in-the-Loop Agent Runtimes
Do Coding Agents Understand Least-Privilege Authorization?
Receipt and verification
First computed 2026-05-17T23:39:21.632828Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

760f256d8d9748d145ee704a7f64628c5655c72569cb06d38ee983c35846fddb

Aliases

arxiv: 2503.18666 · arxiv_version: 2503.18666v3 · doi: 10.48550/arxiv.2503.18666 · pith_short_12: OYHSK3MNS5EN · pith_short_16: OYHSK3MNS5ENCRPO · pith_short_8: OYHSK3MN
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/OYHSK3MNS5ENCRPOOBFH6ZDCRR \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 760f256d8d9748d145ee704a7f64628c5655c72569cb06d38ee983c35846fddb
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "a2e3c0a4df27cd97e92328bed6942fd95bd3568fca2d7c1d1377f4dc0e9f7dc2",
    "cross_cats_sorted": [
      "cs.CL"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.AI",
    "submitted_at": "2025-03-24T13:31:48Z",
    "title_canon_sha256": "4b5b3b3fe1a5d5c061c5e8df5be7179fca37d0e7698584aea28f285ed734c5bf"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2503.18666",
    "kind": "arxiv",
    "version": 3
  }
}