Please Don't Kill My Vibe: Empowering Agents with Data Flow Control
This addresses security and reliability issues for developers and users of LLM agents, but it is early work and incremental in proposing a shift from ad hoc enforcement to system-level controls.
The paper tackles the problem of policy violations, process corruption, and security flaws in Large Language Model (LLM) agents by proposing Data Flow Controls (DFCs) to manage undesirable data flows, outlining early work on a portable DFC instance for DBMSes and a broader research agenda.
The promise of Large Language Model (LLM) agents is to perform complex, stateful tasks. This promise is stunted by significant risks - policy violations, process corruption, and security flaws - that stem from the lack of visibility and mechanisms to manage undesirable data flows produced by agent actions. Today, agent workflows are responsible for enforcing these policies in ad hoc ways. Just as data validation and access controls shifted from the application to the DBMS, freeing application developers from these concerns, we argue that systems should support Data Flow Controls (DFCs) and enforce DFC policies natively. This paper describes early work developing a portable instance of DFC for DBMSes and outlines a broader research agenda toward DFC for agent ecosystems.