COMPASS: Cognitive MCTS-Guided Process Alignment for Safe Search Agents

Researchers introduce COMPASS, a safety alignment framework for LLM-powered search agents that prevents harmful outcomes from seemingly innocent multi-step queries. The method combines cognitive tree exploration and step-wise alignment to achieve robust safety while maintaining utility, requiring less training data than existing approaches.

COMPASS addresses a critical vulnerability in LLM-based search agents where users can decompose harmful requests into innocuous sub-queries that individually appear safe but collectively lead to unsafe outcomes. This retrieval-induced safety degradation represents a meaningful gap in current AI alignment research, as traditional safety methods focus on single-turn interactions rather than multi-step agent workflows. The framework's dual approach—using cognitive Monte Carlo tree search to identify stealthy attack trajectories and introspective alignment to flag risky intermediate steps—enables fine-grained supervision across complex reasoning chains.

This research reflects broader industry recognition that deploying autonomous agents requires fundamentally different safety paradigms than static language models. As enterprises increasingly adopt agentic AI for information retrieval, research assistance, and complex problem-solving, ensuring these systems cannot be manipulated through procedural attacks becomes essential for regulatory compliance and user trust. The efficiency gains from requiring less training data suggest practical scalability advantages over existing alignment methods.

For AI developers and organizations building search-based agents, COMPASS provides a technical pathway to balance capability with safety—a competitive advantage as safety becomes a key differentiator in enterprise AI procurement. The framework's demonstrated safety-utility trade-off suggests that robust alignment need not sacrifice performance, potentially accelerating adoption of agentic systems in regulated industries. Future work will likely focus on whether these techniques generalize across different agent architectures and task domains.

• →COMPASS prevents harmful intent decomposition by supervising multi-step agent interactions rather than single queries
• →The framework achieves safety alignment using substantially less training data than existing methods
• →Cognitive tree exploration identifies stealthy attack trajectories that bypass traditional safety measures
• →Process-level alignment catches risky intermediate steps before unsafe outcomes materialize
• →Method maintains general utility while improving safety, addressing key enterprise AI deployment concerns