Research→Official→arXiv Computers and Society
AgentSociety 2 is a new research environment that integrates large language model (LLM) agents as both AI social scientists and simulated participants, automating the end-to-end workflow of social science research. The system enables hypothesis generation, experiment design, simulation execution, result interpretation, and manuscript drafting across micro, meso, and macro social scenarios. It demonstrates the ability to reproduce qualitative patterns from prior studies and supports large-scale, auditable simulations.
Why it matters: This work advances computational social science by providing a scalable, reproducible, and auditable platform for automating complex social experiments with AI agents.
Jul 15, 2026
Research→Official→arXiv Computers and Society
A new preprint examines the use of large language models (LLMs) for content moderation through 'policy-as-prompt' methods, where moderation policies are given to LLMs as natural-language prompts. The authors argue that this approach introduces specific risks and harms, and that simply writing prompts is not sufficient for effective or meaningful community governance. They propose several considerations for improving prompt governance but conclude that prompt-writing alone cannot ensure robust moderation outcomes.
Why it matters: This research highlights important limitations and governance challenges for AI-driven, prompt-based content moderation systems as their use expands in online communities.
Jul 15, 2026
Research→Official→arXiv Computers and Society
A new preprint compares institutional and course-level generative AI policies at U.S. research-intensive universities. The study finds that while institutions tend to be more supportive of GenAI use, course-level guidance in computing education remains cautious. The authors propose an instructor-centered framework to guide future GenAI adoption in courses.
Why it matters: This research highlights a disconnect between university-wide AI policies and classroom practices, offering a framework to help computing educators navigate GenAI adoption.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
AutoTrace is an agentic pipeline that uses LLM agents to explore code property graphs and localize vulnerability triggers, even when they are located outside patched functions. On the InterPVD benchmark, AutoTrace achieves 75.0% VulnHit and 80.8% FuncHit, surpassing previous methods. The authors also introduce SinkTrace-Bench, a dataset of 1,542 source-to-sink causal chains, which reveals that current frontier LLMs struggle with causal reasoning in vulnerability analysis.
Why it matters: This work advances automated vulnerability analysis by enabling interprocedural trigger localization and provides a new benchmark that highlights the causal reasoning limitations of current LLMs.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
A new preprint introduces StableAML, a machine learning framework for detecting money laundering in stablecoin transactions on Ethereum. The study finds that domain-informed tree ensemble models outperform graph neural networks in identifying suspicious wallets, and can distinguish between behavioral patterns of cybercrime syndicates and sanctioned entities. The approach is designed to support compliance with emerging regulations such as the EU's MiCA and the U.S. GENIUS Act.
Why it matters: This work presents a novel, interpretable method for high-precision behavioral classification in stablecoin anti-money laundering, potentially improving compliance and reducing unjustified asset freezes under new regulatory frameworks.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
A new preprint introduces the agent:// URI scheme, designed to decouple agent identity from network location in multi-agent systems. The scheme incorporates trust roots, hierarchical capability paths, and sortable unique identifiers, with cryptographic attestation using PASETO tokens. Evaluation demonstrates full capability expressiveness on 369 tools, perfect discovery precision across 10,000 agents, and sub-5-microsecond performance, suggesting a robust and scalable approach to agent identity and discovery.
Why it matters: This work proposes a novel, decentralized solution to agent identity and discovery, potentially enabling more robust and scalable multi-agent ecosystems.
Jul 15, 2026
Policy Safety→Official→arXiv Cryptography and Security
A large-scale study analyzing 15,000 prompts across 12 LLM and agent configurations found that hallucination of skill names is widespread, with rates averaging 36.0% for standalone LLMs and 36.9% for agents, and rising to 43.1% on real-world developer questions. These hallucinated names can be exploited by adversaries who pre-register malicious skills, enabling supply-chain attacks. The study evaluated four defenses and found that the strongest, retrieval grounding, reduced hallucination to 3.2% but significantly reduced the system's usefulness, with correct skill recommendations dropping to about one in six.
Why it matters: This vulnerability exposes LLM agent ecosystems to easy supply-chain attacks, and current defenses severely compromise usability, highlighting the need for structural changes to registries and recommendation pipelines.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
A preprint study evaluated 13 large language models (LLMs) on their ability to detect malicious Python packages from PyPI. The models achieved high recall and F1 scores up to 0.99 for flagging malicious packages, but struggled to accurately identify specific lines of malicious code, with weighted F1 dropping to 0.48. Code complexity, particularly longer packages, was found to be the main factor reducing performance.
Why it matters: The findings suggest LLMs can assist in initial triage for software supply chain security, but are not yet reliable for pinpointing specific malicious behaviors.
Jul 15, 2026
Research→Official→arXiv Computation and Language
A new preprint introduces the One-Word Census, a minimal and low-cost method to measure answer-choice conformity across 44 language models. The study finds that when prompted to 'pick a word,' 41% of models chose 'serendipity,' and in several categories, a single answer dominated responses. The research reveals that newer flagship models tend to be the most conformist, while persona- and community-tuned models are more divergent. The findings highlight structured variation in conformity across model families and generations.
Why it matters: This work provides a practical tool for benchmarking diversity and conformity in language model outputs, with implications for understanding creativity and bias in AI systems.
Jul 15, 2026
Policy Safety→Official→arXiv Cryptography and Security
A new preprint identifies two novel attack surfaces—Screen Perception and Misused Channel—in third-party mobile agents powered by Vision-Language Models (VLMs). The researchers demonstrate seven concrete attacks, showing that malicious apps can hijack agent actions and execute arbitrary commands without requiring permissions, all while remaining visually indistinguishable to users.
Why it matters: This work exposes a fundamental security risk in the design of autonomous mobile agents, emphasizing the need for new security models on multi-tenant platforms.
Jul 15, 2026
Research→Official→arXiv Computation and Language
Researchers introduce QDEvo, a framework that integrates Quality-Diversity optimization with large language model (LLM)-driven heuristic search to address mode collapse in automated heuristic design. QDEvo maintains an archive of semantically diverse algorithms using code embeddings and hierarchical self-reflection. Experiments across benchmarks and real-world applications show that QDEvo outperforms state-of-the-art methods in Hypervolume and Inverted Generational Distance metrics.
Why it matters: This work advances automated heuristic design by promoting semantic diversity, potentially enabling more robust and efficient solutions for complex optimization problems.
Jul 15, 2026
Policy Safety→Official→arXiv Cryptography and Security
A new preprint identifies a previously unrecognized class of side-channel attacks targeting fault-tolerant quantum computers. The study demonstrates that syndrome data sent to decoder systems can leak information about which logical circuits are being executed, introducing the concept of 'gate fingerprints'—distinctive patterns in syndrome data that reveal specific logical operations. The authors argue that decoder systems must be secured or trusted to mitigate this vulnerability.
Why it matters: This work exposes a novel security risk in quantum computing, underscoring the importance of secure decoder design as the field progresses toward practical deployment.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
A new arXiv preprint introduces an information-theoretic framework for watermark forensics in generative models, establishing fundamental limits on detection, attribution, and payload extraction. The authors derive tight entropy-rate laws, showing that attributing text to one of N users requires Θ(log N/h) tokens and extracting an ℓ-bit payload requires Θ(ℓ/h) tokens, where h is the entropy rate. Experiments on GPT-2, Pythia-410M, and Qwen2.5 confirm the theoretical predictions.
Why it matters: This work rigorously quantifies the trade-offs and costs of watermarking in generative AI, providing a theoretical foundation that can inform the design of more reliable forensic tools.
Jul 15, 2026
Research→Official→arXiv Computation and Language
A new study introduces a Bayesian model for intercomprehension—the partial understanding of an unfamiliar but related language—by leveraging a first-language (L1) language model and a noise model to infer mappings from the unfamiliar language (L2) to L1. Human experiments demonstrate that the model's predictions closely match human performance and outperform zero-shot prompting of much larger language models.
Why it matters: This work advances our understanding of cross-language comprehension and provides a computational framework that could inform the development of more flexible multilingual AI systems.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
Researchers present MCP Pitfall Lab, a protocol-aware security testing framework for Model Context Protocol (MCP) tool servers that models developer pitfalls as reproducible scenarios and validates outcomes using objective validators. In 2,579 runs across four models, they report a 31.9% overall attack success rate, with multi-modal injection attacks achieving the highest rate at 38.7%. The framework also introduces the Semantic MCP-Bill-of-Material (MCP-BOM), which augments component inventories with security-relevant tool semantics to aid in auditing and hardening. The study demonstrates that static analysis alone is insufficient for certain attack vectors, highlighting the need for runtime provenance.
Why it matters: This work provides a novel and practical framework for systematically identifying and mitigating security risks in the MCP tool server ecosystem, advancing the security of AI software supply chains.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
Researchers have introduced a practical evaluation protocol for AI pentesting agents that emphasizes validated vulnerability discovery in complex, real-world targets, rather than just task completion. The protocol incorporates LLM-based semantic matching, bipartite resolution, and cumulative scoring to enable more operationally meaningful comparisons between agents. Expert-annotated ground truth and code are released to support reproducibility.
Why it matters: This protocol bridges the gap between controlled benchmarks and real-world offensive security, supporting more reliable and realistic assessment of AI agents for cybersecurity applications.
Jul 15, 2026
Research→Official→arXiv Computation and Language
A new preprint introduces the Roundtable Context Window Test (RCWT), a protocol designed to measure how coordination content—such as shared state and prior discussion—displaces task-relevant tokens in large language model (LLM) prompts under fixed context budgets. The study finds that as coordination overhead increases, model performance drops sharply once the remaining task-relevant evidence falls below a few hundred tokens. An ablation experiment shows this effect is due to budget displacement, not semantic interference from coordination content.
Why it matters: This work provides a practical measurement tool for understanding and managing context allocation in multi-agent and memory-augmented LLM systems, highlighting a key bottleneck when coordination content consumes limited prompt space.
Jul 15, 2026
Research→Official→arXiv Computation and Language
A new study finds that large language models (LLMs) often appear robust to irrelevant context when measured by overall accuracy, but this masks significant instability on individual examples. Even meaningless pseudo-words can cause prediction changes for a small subset of inputs, sometimes degrading and sometimes improving performance. The specific examples affected are mostly unique to each model, and the degree of instability depends on factors like context type, length, test-time compute, and model development stage.
Why it matters: This research highlights that aggregate accuracy metrics can conceal important reliability risks in LLMs, underscoring the need for per-example evaluation for safer deployment.
Jul 15, 2026
Research→Official→arXiv Computation and Language
PalmClaw is an open-source agent framework that operates natively on mobile phones, managing sessions, memory, skills, tools, and the agent loop directly on the device. Unlike prior approaches that rely on GUI-based actions, PalmClaw exposes device capabilities as explicit tools with structured arguments and results, enabling more direct and controlled access. Experiments demonstrate an 11.5% relative improvement in task success and a 94.9% reduction in completion time compared to the strongest baseline.
Why it matters: PalmClaw represents a significant advance by enabling LLM agents to interact with mobile device capabilities directly and efficiently, overcoming limitations of GUI-based methods.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
Ball Differential Privacy (Ball-DP) modifies standard differential privacy by enforcing indistinguishability only for substitutions within a bounded ball in embedding space, rather than over all possible records. This approach allows for reduced noise addition while still providing robustness against reconstruction attacks. The paper introduces noise calibrations for convex learning and Ball-ReRo certificates that bound reconstruction success, and demonstrates through experiments on seven benchmarks that Ball-DP achieves improved utility compared to standard DP, particularly at high privacy levels.
Why it matters: Ball-DP provides a practical method to reduce the accuracy cost of differential privacy in machine learning, making privacy-preserving models more feasible when defending against reconstruction attacks.
Jul 15, 2026