[2603.22853] Agent Audit: A Security Analysis System for LLM Agent Applications

Computer Science > Cryptography and Security arXiv:2603.22853 (cs) [Submitted on 24 Mar 2026] Title:Agent Audit: A Security Analysis System for LLM Agent Applications Authors:Haiyue Zhang, Yi Nian, Yue Zhao View a PDF of the paper titled Agent Audit: A Security Analysis System for LLM Agent Applications, by Haiyue Zhang and 2 other authors View PDF HTML (experimental) Abstract:What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted inputs to dangerous operations, exposed credentials in deployment artifacts, and over-privileged Model Context Protocol (MCP) configurations. We present Agent Audit, a security analysis system for LLM agent applications. Agent Audit analyzes Python agent code and deployment artifacts through an agent-aware pipeline that combines dataflow analysis, credential detection, structured configuration parsing, and privilege-risk checks. The system reports findings in terminal, JSON, and SARIF formats, enabling direct integration with local development workflows and CI/CD pipelines. On a benchmark of 22 samples with 42 annotated vulnerabilities, Agent Audit detects 40 vulnerabilities with 6 false positives, substantially improving recall over common SAST baselines while maintaining sub-second scan times. Agent Audit ...