GuardAgent: Safeguard LLM Agents by a Guard Agent via Knowledge-Enabled Reasoning

TL;DR

This paper introduces GuardAgent, a novel safeguard system for LLM agents that uses knowledge-enabled reasoning to generate and execute safety guardrails, significantly reducing unsafe actions in various agent environments.

Contribution

We propose GuardAgent, the first guardrail agent that dynamically generates and executes safety policies for LLM agents using reasoning and memory-based retrieval.

Findings

Achieves over 98% guardrail accuracy on healthcare agents.

Attains over 83% guardrail accuracy on web agents.

Effectively moderates unsafe actions across different agent types.

Abstract

The rapid advancement of large language model (LLM) agents has raised new concerns regarding their safety and security. In this paper, we propose GuardAgent, the first guardrail agent to protect target agents by dynamically checking whether their actions satisfy given safety guard requests. Specifically, GuardAgent first analyzes the safety guard requests to generate a task plan, and then maps this plan into guardrail code for execution. By performing the code execution, GuardAgent can deterministically follow the safety guard request and safeguard target agents. In both steps, an LLM is utilized as the reasoning component, supplemented by in-context demonstrations retrieved from a memory module storing experiences from previous tasks. In addition, we propose two novel benchmarks: EICU-AC benchmark to assess the access control for healthcare agents and Mind2Web-SC benchmark to evaluate the safety policies for web agents. We show that GuardAgent effectively moderates the violation actions for different types of agents on these two benchmarks with over 98% and 83% guardrail accuracies, respectively. Project page: https://guardagent.github.io/