Watermarking LLM Agent Trajectories

TL;DR

This paper presents ActHook, a novel watermarking technique for LLM agent trajectories that enables copyright protection and detection without affecting task performance.

Contribution

ActHook is the first watermarking method tailored for agent trajectory datasets, embedding detectable hooks activated by a secret key.

Findings

Achieves an average detection AUC of 94.3 on Qwen-2.5-Coder-7B.

Watermarking incurs negligible performance degradation.

Effective across mathematical reasoning, web searching, and software engineering agents.

Abstract

LLM agents rely heavily on high-quality trajectory data to guide their problem-solving behaviors, yet producing such data requires substantial task design, high-capacity model generation, and manual filtering. Despite the high cost of creating these datasets, existing literature has overlooked copyright protection for LLM agent trajectories. This gap leaves creators vulnerable to data theft and makes it difficult to trace misuse or enforce ownership rights. This paper introduces ActHook, the first watermarking method tailored for agent trajectory datasets. Inspired by hook mechanisms in software engineering, ActHook embeds hook actions that are activated by a secret input key and do not alter the original task outcome. Like software execution, LLM agents operate sequentially, allowing hook actions to be inserted at decision points without disrupting task flow. When the activation key is present, an LLM agent trained on watermarked trajectories can produce these hook actions at a significantly higher rate, enabling reliable black-box detection. Experiments on mathematical reasoning, web searching, and software engineering agents show that ActHook achieves an average detection AUC of 94.3 on Qwen-2.5-Coder-7B while incurring negligible performance degradation.