Agent-BOM: A Unified Graph Representation for Auditing LLM Agents
A recent publication on arXiv introduces Agent-BOM, a comprehensive structural framework designed for the security auditing of LLM-driven agentic systems. The authors contend that current tools, such as static SBOMs and runtime logs, offer disjointed evidence and overlook critical aspects like cognitive-state changes, capability bindings, persistent memory issues, and the risk propagation among interacting agents. Agent-BOM conceptualizes an agentic system as a hierarchical attributed directed graph, distinguishing between static capability foundations (models, tools, long-term memory) and dynamic runtime semantics. This methodology aims to connect low-level physical occurrences with high-level execution intentions, facilitating post-hoc security audits. The paper can be accessed at arXiv:2605.06812.
Key facts
- arXiv:2605.06812
- Agent-BOM is a unified structural representation for agent security auditing
- Agent-BOM models agentic systems as hierarchical attributed directed graphs
- It separates static capability bases from dynamic runtime semantics
- Existing mechanisms like SBOMs and runtime logs are fragmented
- The paper addresses the semantic gap in LLM agent auditing
- LLM-based agentic systems perform complex autonomous tasks
- The approach targets post-hoc security auditing
Entities
Institutions
- arXiv