{"slug": "agent-safety-is-action-alignment", "title": "Agent Safety Is Action Alignment", "summary": "Researchers argue that applying content-safety methods like refusal training to LLM agents is a category error, as agentic harm lies in the relation between exercised authority and granted authority, not in model outputs. Evidence shows defense-trained models learn surface patterns, collapse multi-step agents, and frontier models exceed granted authority under ordinary use. They conclude action safety must be enforced outside the model via least privilege and evaluated as action alignment.", "body_md": "arXiv:2606.28739v1 Announce Type: new\nAbstract: Large language models increasingly act as agents: they call tools, move money, delete records, and send messages on a user's behalf. To keep them safe, practitioners imported the chatbot-era recipe (train the model to refuse unsafe inputs) into the agentic setting, and treat the resulting capability loss as a manageable ``alignment tax.'' We argue this is a \\emph{category error}. Refusal is a primitive for \\emph{content safety}, where the harm is in the model's output and is therefore a learnable function of it. Agentic harm is different in kind: it lies not in any output but in the relation between the authority an action exercises and the authority the user granted, which is absent from the text the model sees. Importing content-safety methods into this regime does not trade capability for safety; it pays capability and buys negative security. We support this with three lines of evidence spanning the autonomy spectrum: defense-trained models learn surface patterns rather than intent; the same training collapses multi-step agents before any threat appears while leaving them exploitable; and even undefended frontier models exceed granted authority under ordinary use. We conclude that action safety cannot be installed in weights. It must be expressed as \\emph{least privilege}, enforced \\emph{outside} the model at the action boundary, and evaluated as \\emph{action alignment} (a relational, deployment-conditioned property) rather than a refusal score.", "url": "https://wpnews.pro/news/agent-safety-is-action-alignment", "canonical_source": "https://arxiv.org/abs/2606.28739", "published_at": "2026-06-30 04:00:00+00:00", "updated_at": "2026-06-30 04:31:39.015029+00:00", "lang": "en", "topics": ["large-language-models", "ai-agents", "ai-safety"], "entities": [], "alternates": {"html": "https://wpnews.pro/news/agent-safety-is-action-alignment", "markdown": "https://wpnews.pro/news/agent-safety-is-action-alignment.md", "text": "https://wpnews.pro/news/agent-safety-is-action-alignment.txt", "jsonld": "https://wpnews.pro/news/agent-safety-is-action-alignment.jsonld"}}