TRACE: Trajectory Risk-Aware Compression for Long-Horizon Agent Safety

Researchers introduce TRACE, a novel safety detection system for long-horizon LLM agents that compresses extended trajectories into compact evidence states to better identify distributed risk signals. The method achieves up to 12.6 percentage points improvement over baselines across multiple safety benchmarks while maintaining performance stability as context length increases.

TRACE addresses a critical vulnerability in current LLM safety systems: their inability to track compositional risk signals dispersed across extended agent trajectories. Traditional turn-level detectors process interactions in isolation, allowing subtle patterns of unsafe behavior—when examined together across many steps—to evade detection. This matters because production LLM agents increasingly operate over dozens or hundreds of steps, where individual actions may appear benign but collectively demonstrate policy violations or harmful intent.

The technical innovation centers on a Compressor-Reader architecture that separates evidence aggregation from judgment. The Compressor learns trajectory-level representations that capture distributed risk patterns, while the Reader leverages this pre-computed context to make more informed safety decisions. This design mirrors human oversight processes where reviewers examine complete interaction sequences rather than isolated moments. The method's robustness across different backbone models suggests the approach is broadly applicable rather than architecture-specific.

For AI developers and deployment teams, TRACE offers practical improvements in safety infrastructure. The 12.6 percentage point improvement represents substantial gains in threat detection without apparent latency costs—important for real-time agent deployment. Performance stability across varying context lengths indicates the system scales effectively, addressing a pain point as agentic workflows grow more complex. The open-source release enables rapid adoption across research and commercial implementations.

Future development likely focuses on computational efficiency—trajectory compression at inference time remains a potential bottleneck for large-scale deployments. Integration with existing moderation pipelines and performance under adversarial conditions warrant attention. As LLM agents handle increasingly critical tasks, trajectory-aware safety detection becomes foundational infrastructure.

• →TRACE's Compressor-Reader design aggregates dispersed risk signals across long agent trajectories, improving detection by up to 12.6 percentage points.
• →The method maintains consistent performance as context length grows, addressing a key limitation of existing turn-level safety detectors.
• →Trajectory-level evidence compression reduces false negatives by capturing compositional risk patterns that individual-step analysis misses.
• →Open-source availability enables rapid adoption in production LLM agent safety infrastructure across research and commercial applications.
• →Performance gains hold across multiple safety benchmarks and backbone architectures, indicating general-purpose applicability.