{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:PIOHWAR645K2FC7SZYL3WA257P","short_pith_number":"pith:PIOHWAR6","schema_version":"1.0","canonical_sha256":"7a1c7b023ee755a28bf2ce17bb035dfbd2f9d422f1cd68f29e162b977761e31c","source":{"kind":"arxiv","id":"2603.03205","version":2},"attestation_state":"computed","paper":{"title":"Learning When to Act or Refuse: Guarding Agentic Reasoning Models for Safe Multi-Step Tool Use","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CL","authors_text":"Ahmed Awadallah, Akshay Nambi, Aradhye Agarwal, Gurdit Siyan, Joykirat Singh, Yash Pandya","submitted_at":"2026-03-03T17:59:35Z","abstract_excerpt":"Agentic language models operate in a fundamentally different safety regime than chat models: they must plan, call tools, and execute long-horizon actions where a single misstep, such as accessing files or entering credentials, can cause irreversible harm. Existing alignment methods, largely optimized for static generation and task completion, break down in these settings due to sequential decision-making, adversarial tool feedback, and overconfident intermediate reasoning. We introduce MOSAIC, a post-training framework that aligns agents for safe multi-step tool use by making safety decisions "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2603.03205","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CL","submitted_at":"2026-03-03T17:59:35Z","cross_cats_sorted":[],"title_canon_sha256":"1df978e18a5c759c347db9bc885f58c564b77b39139618c091724e6c0f5191c9","abstract_canon_sha256":"7fd198f5b62a52f10e53f0905903e55618d0e8ac9297d92570ad40b263f3c262"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-04T01:08:47.021469Z","signature_b64":"gP6FRVwoQ/ekOUllYmrLli1bGkPfij++CdTO8qKZMsYZUl5+20RvkAXnDdQ9qTlqRHkloPNV2Em8TYZBkmIdDw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"7a1c7b023ee755a28bf2ce17bb035dfbd2f9d422f1cd68f29e162b977761e31c","last_reissued_at":"2026-06-04T01:08:47.020701Z","signature_status":"signed_v1","first_computed_at":"2026-06-04T01:08:47.020701Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Learning When to Act or Refuse: Guarding Agentic Reasoning Models for Safe Multi-Step Tool Use","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CL","authors_text":"Ahmed Awadallah, Akshay Nambi, Aradhye Agarwal, Gurdit Siyan, Joykirat Singh, Yash Pandya","submitted_at":"2026-03-03T17:59:35Z","abstract_excerpt":"Agentic language models operate in a fundamentally different safety regime than chat models: they must plan, call tools, and execute long-horizon actions where a single misstep, such as accessing files or entering credentials, can cause irreversible harm. Existing alignment methods, largely optimized for static generation and task completion, break down in these settings due to sequential decision-making, adversarial tool feedback, and overconfident intermediate reasoning. We introduce MOSAIC, a post-training framework that aligns agents for safe multi-step tool use by making safety decisions "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2603.03205","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2603.03205/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2603.03205","created_at":"2026-06-04T01:08:47.020819+00:00"},{"alias_kind":"arxiv_version","alias_value":"2603.03205v2","created_at":"2026-06-04T01:08:47.020819+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2603.03205","created_at":"2026-06-04T01:08:47.020819+00:00"},{"alias_kind":"pith_short_12","alias_value":"PIOHWAR645K2","created_at":"2026-06-04T01:08:47.020819+00:00"},{"alias_kind":"pith_short_16","alias_value":"PIOHWAR645K2FC7S","created_at":"2026-06-04T01:08:47.020819+00:00"},{"alias_kind":"pith_short_8","alias_value":"PIOHWAR6","created_at":"2026-06-04T01:08:47.020819+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":1,"internal_anchor_count":1,"sample":[{"citing_arxiv_id":"2605.17453","citing_title":"Trust No Tool: Evaluating and Defending LLM Agents under Untrusted Tool Feedback","ref_index":39,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P","json":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P.json","graph_json":"https://pith.science/api/pith-number/PIOHWAR645K2FC7SZYL3WA257P/graph.json","events_json":"https://pith.science/api/pith-number/PIOHWAR645K2FC7SZYL3WA257P/events.json","paper":"https://pith.science/paper/PIOHWAR6"},"agent_actions":{"view_html":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P","download_json":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P.json","view_paper":"https://pith.science/paper/PIOHWAR6","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2603.03205&json=true","fetch_graph":"https://pith.science/api/pith-number/PIOHWAR645K2FC7SZYL3WA257P/graph.json","fetch_events":"https://pith.science/api/pith-number/PIOHWAR645K2FC7SZYL3WA257P/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P/action/timestamp_anchor","attest_storage":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P/action/storage_attestation","attest_author":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P/action/author_attestation","sign_citation":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P/action/citation_signature","submit_replication":"https://pith.science/pith/PIOHWAR645K2FC7SZYL3WA257P/action/replication_record"}},"created_at":"2026-06-04T01:08:47.020819+00:00","updated_at":"2026-06-04T01:08:47.020819+00:00"}