cs.CRcs.AIcs.MA
Who Owns This Agent? Tracing AI Agents Back to Their Owners
May 15, 2026
The paper addresses the 'agent attribution' problem—the inability to trace harmful or misbehaving AI agents back to their deploying account—by proposing a robust, canary-based protocol for vendors to identify the responsible user.
AI agents are increasingly deployed to act autonomously in the world, yet there is still no reliable way to trace a harmful agent back to the account that deployed it. This creates the same accountability gap across both ends of the intent spectrum: benign operators may deploy misconfigured or overbroad agents that cause harm unintentionally, while malicious operators may deliberately weaponize agents for scams, harassment, or cyber attacks. In many cases, these agents are powered by vendor-hosted models, a dependency that holds even for sophisticated adversaries such as state actors conducting cyber operations. In either case, affected parties can observe the behavior but cannot notify the responsible operator, stop the session, or identify the account for investigation. We formalize this gap as the problem of agent attribution: linking an observed agent interaction to the responsible account at the hosting vendor. To our knowledge, this is the first work to define the problem and present a practical solution. Our protocol is canary-based: an authorized party injects a canary into the agent's interaction stream, and the vendor searches a narrow window of session logs to recover the originating session and account. Simple canaries suffice in non-adversarial settings. For adversarial operators who filter or paraphrase incoming content, we develop robust canary constructions that cannot be suppressed without degrading the agent's own task performance, yielding a formal asymmetry in the defender's favor. We evaluate a variety of scenarios including real-world agents and show that our attribution method is reliable, robust, and scalable for vendor-side deployment.
Learning Communication Between Heterogeneous Agents in Multi-Agent Reinforcement Learning for Autono…
This paper demonstrates that using a communication algorithm (CommFormer) with h…
ClawLess: A Security Model of AI Agents
ClawLess introduces a formally verified security framework that enforces fine-gr…
Evaluating Privilege Usage of Agents with Real-World Tools
The paper introduces GrantBox, a new security sandbox that evaluates how well LL…
Your LLM Agent Can Leak Your Data: Data Exfiltration via Backdoored Tool Use
This paper introduces Back-Reveal, an attack demonstrating that backdoored LLM a…
WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks
The paper introduces WebSP-Eval, a new framework to evaluate web agents on compl…
AC4A: Access Control for Agents
The paper introduces AC4A, an access control framework that allows users to prec…
Do Phone-Use Agents Respect Your Privacy?
The paper introduces MyPhoneBench, a new framework that demonstrates that curren…
Undetectable Conversations Between AI Agents via Pseudorandom Noise-Resilient Key Exchange
The paper demonstrates that AI agents can conduct a secret, undetectable convers…