Enregistré dans:
Détails bibliographiques
Auteurs principaux: Stein, Adam, Brown, Davis, Hassani, Hamed, Naik, Mayur, Wong, Eric
Format: Preprint
Publié: 2026
Sujets:
Accès en ligne:https://arxiv.org/abs/2604.11806
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866913026397962240
author Stein, Adam
Brown, Davis
Hassani, Hamed
Naik, Mayur
Wong, Eric
author_facet Stein, Adam
Brown, Davis
Hassani, Hamed
Naik, Mayur
Wong, Eric
contents To identify safety violations, auditors often search over large sets of agent traces. This search is difficult because failures are often rare, complex, and sometimes even adversarially hidden and only detectable when multiple traces are analyzed together. These challenges arise in diverse settings such as misuse campaigns, covert sabotage, reward hacking, and prompt injection. Existing approaches struggle here for several reasons. Per-trace judges miss failures that only become visible across traces, naive agentic auditing does not scale to large trace collections, and fixed monitors are brittle to unanticipated behaviors. We introduce Meerkat, which combines clustering with agentic search to uncover violations specified in natural language. Through structured search and adaptive investigation of promising regions, Meerkat finds sparse failures without relying on seed scenarios, fixed workflows, or exhaustive enumeration. Across misuse, misalignment, and task gaming settings, Meerkat significantly improves detection of safety violations over baseline monitors, discovers widespread developer cheating on a top agent benchmark, and finds nearly 4x more examples of reward hacking on CyBench than previous audits.
format Preprint
id arxiv_https___arxiv_org_abs_2604_11806
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Detecting Safety Violations Across Many Agent Traces
Stein, Adam
Brown, Davis
Hassani, Hamed
Naik, Mayur
Wong, Eric
Artificial Intelligence
Computation and Language
To identify safety violations, auditors often search over large sets of agent traces. This search is difficult because failures are often rare, complex, and sometimes even adversarially hidden and only detectable when multiple traces are analyzed together. These challenges arise in diverse settings such as misuse campaigns, covert sabotage, reward hacking, and prompt injection. Existing approaches struggle here for several reasons. Per-trace judges miss failures that only become visible across traces, naive agentic auditing does not scale to large trace collections, and fixed monitors are brittle to unanticipated behaviors. We introduce Meerkat, which combines clustering with agentic search to uncover violations specified in natural language. Through structured search and adaptive investigation of promising regions, Meerkat finds sparse failures without relying on seed scenarios, fixed workflows, or exhaustive enumeration. Across misuse, misalignment, and task gaming settings, Meerkat significantly improves detection of safety violations over baseline monitors, discovers widespread developer cheating on a top agent benchmark, and finds nearly 4x more examples of reward hacking on CyBench than previous audits.
title Detecting Safety Violations Across Many Agent Traces
topic Artificial Intelligence
Computation and Language
url https://arxiv.org/abs/2604.11806