Towards Security-Auditable LLM Agents: A Unified Graph Representation

Researchers propose Agent-BOM, a unified graph-based representation system for auditing the security of LLM-based autonomous agents. The framework addresses critical gaps in existing audit mechanisms by tracking both static capabilities and dynamic runtime states, enabling detection of complex attack chains across multi-agent systems.

LLM-based agents represent a significant evolution in autonomous systems, capable of invoking tools, managing memory, and collaborating across multiple instances. However, their semantic-driven execution creates substantial security blind spots—existing audit mechanisms like SBOMs and runtime logs capture only fragmented evidence, failing to trace how cognitive states, memory contamination, and capability misuse propagate through complex systems. Agent-BOM addresses this by modeling agentic systems as hierarchical attributed graphs that separate static infrastructure (models, tools, long-term memory) from dynamic execution states (goals, reasoning, actions), connected through semantic edges tagged with security attributes. This enables security teams to reconstruct complete attack chains rather than isolated incidents.

The framework's importance stems from the rapid commercialization of autonomous agent systems. As enterprises deploy multi-agent applications for high-stakes operations—financial analysis, infrastructure management, data access—security auditing becomes critical for compliance and risk management. Current approaches leave organizations vulnerable to cascading failures across agent ecosystems, as demonstrated by the attack scenarios the framework successfully reconstructs: cross-session memory poisoning, supply-chain capability hijacking, and privilege escalation across agent boundaries.

For the broader AI security landscape, Agent-BOM establishes a methodological foundation that other tools and vendors will likely adopt or reference. The implementation in OpenClaw and grounding in OWASP Agentic Top 10 standards suggest this research will influence enterprise security practices. This work accelerates the maturation of LLM agent security infrastructure, though practical enterprise adoption will depend on tooling integration and performance at scale.

• →Agent-BOM provides the first unified audit framework capable of reconstructing complex attack chains across multi-agent systems.
• →The framework separates static agent capabilities from dynamic runtime states, enabling root-cause analysis that current audit tools cannot perform.
• →Security gaps in autonomous agent systems now represent material risk for enterprises deploying these systems in production environments.
• →The research demonstrates practical reconstruction of stealthy attacks including memory poisoning and cross-agent privilege escalation.
• →OWASP Agentic Top 10 integration positions this framework as a potential standard for enterprise agent security auditing.