SAFEFLOW: A Principled Protocol for Trustworthy and Transactional Autonomous Agent Systems

TL;DR

SAFELOW is a protocol framework that enhances trustworthiness and security in autonomous agents by enforcing fine-grained information flow control and transactional robustness, validated through comprehensive benchmarking.

Contribution

This work introduces SAFEFLOW, a novel protocol for secure, reliable, and multi-agent coordination in LLM/VLM-based systems, with new mechanisms for information control and transaction management.

Findings

Agents with SAFEFLOW maintain high task performance in adversarial environments.

SAFELOW significantly improves security guarantees over existing frameworks.

The SAFEFLOWBENCH suite effectively evaluates agent reliability under various conditions.

Abstract

Recent advances in large language models (LLMs) and vision-language models (VLMs) have enabled powerful autonomous agents capable of complex reasoning and multi-modal tool use. Despite their growing capabilities, today's agent frameworks remain fragile, lacking principled mechanisms for secure information flow, reliability, and multi-agent coordination. In this work, we introduce SAFEFLOW, a new protocol-level framework for building trustworthy LLM/VLM-based agents. SAFEFLOW enforces fine-grained information flow control (IFC), precisely tracking provenance, integrity, and confidentiality of all the data exchanged between agents, tools, users, and environments. By constraining LLM reasoning to respect these security labels, SAFEFLOW prevents untrusted or adversarial inputs from contaminating high-integrity decisions. To ensure robustness in concurrent multi-agent settings, SAFEFLOW introduces transactional execution, conflict resolution, and secure scheduling over shared state, preserving global consistency across agents. We further introduce mechanisms, including write-ahead logging, rollback, and secure caches, that further enhance resilience against runtime errors and policy violations. To validate the performances, we built SAFEFLOWBENCH, a comprehensive benchmark suite designed to evaluate agent reliability under adversarial, noisy, and concurrent operational conditions. Extensive experiments demonstrate that agents built with SAFEFLOW maintain impressive task performance and security guarantees even in hostile environments, substantially outperforming state-of-the-art. Together, SAFEFLOW and SAFEFLOWBENCH lay the groundwork for principled, robust, and secure agent ecosystems, advancing the frontier of reliable autonomy.