Verifier-Bound Communication for LLM Agents: Certified Bounds on Covert Signaling
Om Tailor
TL;DR
This paper introduces CLBC, a protocol for verifying communication bounds in LLM agents, ensuring policy compliance and limiting covert signaling through certified proofs and verifier-bound envelopes.
Contribution
It presents a novel verifier-bound communication protocol with formal guarantees on information leakage and adaptive composition, enhancing security in LLM agent coordination.
Findings
Aggregate evaluation meets all thresholds
Bounded advantage of decoders at 0.0000
Stress tests remain below attacker thresholds
Abstract
Colluding language-model agents can hide coordination in messages that remain policy-compliant at the surface level. We present CLBC, a protocol where generation and admission are separated: a message is admitted to transcript state only if a small verifier accepts a proof-bound envelope under a pinned predicate . The predicate binds policy hash, public randomness schedule, transcript chaining, latent schema constraints, canonical metadata/tool fields, and deterministic rejection codes. We show how this protocol yields an upper bound on transcript leakage in terms of latent leakage plus explicit residual channels, derive adaptive composition guarantees, and state a semantic lower bound when policy-valid alternatives remain choosable. We report extensive empirically grounded evidence: aggregate evaluation satisfies all prespecified thresholds; strict lane decoder advantage is…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Adversarial Robustness in Machine Learning · Advanced Malware Detection Techniques