LLM Agent Egress Covert-Channel Reference Monitor
A new arXiv paper proposes a reference monitor to detect covert channels in LLM agent egress. The system addresses data leakage through steganographic techniques in text, images, and audio. Contributions include a text pipeline with ten capacity-reducing stages, a leaky-bucket capacity ledger, and media scramblers for audio and images gated by cryptographic attestation.
Key facts
- arXiv:2605.20734v1
- Announce Type: cross
- Covert channels include zero-width characters, homoglyphs, whitespace, base64, JSON key ordering, message timing or size
- Binary egress channels include LSB pixel planes, per-image mean luminance, inter-image sequence permutation, ultrasonic tones, audible-band sonified data
- Text pipeline has ten capacity-reducing stages
- Per-sink leaky-bucket capacity ledger
- Staged posture enforces lossless stages from day one
- Two media scramblers: Fourier-domain audio band-limiter and RGB image bit-depth and mean-luminance bucketer
- Boot-time cryptographic legitimacy attestation gates the scramblers
Entities
Institutions
- arXiv