RedAct: Redacting Agent Capability Traces for Procedural Skill Protection

27d ago · Global · primary source: export.arxiv.org

A new framework called RedAct can strip sensitive procedural know-how from AI agent execution traces without destroying the evidence needed for audits, according to research posted on arXiv. The system rewrites traces to hide private skills while embedding watermarks that allow provenance checks with high accuracy. The work, authored by Shuwen Xu, Zhitao He, and Yi R. Fung, addresses a tension that has grown as organizations deploy autonomous agents: the same execution logs used for debugging and accountability also leak the proprietary strategies that make those agents valuable [1][3]. Execution traces contain tool invocations, intermediate decisions, and error-recovery logic, and prior research has shown that downstream methods can recover key formulas, thresholds, and strategies from this detail without access to model weights or skill files [2]. To measure the risk, the researchers built CapTraceBench, a benchmark comprising 75 specialized long-horizon tasks and 154 curated skills across seven domains [1][2]. On raw traces, representative trace-reuse methods achieved a normalized skill transfer (NST) of 44.7 to 67.1 percent [1]. RedAct, the protection framework introduced in the paper, localizes protected key information and rewrites traces while preserving verifier-critical evidence [1]. Under RedAct, NST fell below the no-skill baseline, effectively closing the leakage channel [1]. The framework also embeds behavioral watermarks into the redacted traces for downstream provenance analysis [1]. In standalone tests, these watermarks reached a true detection rate between 93.6 and 100.0 percent, with a false alarm rate of at most 1.9 percent [1][2]. The authors frame public agent traces as security interfaces and argue that selective redaction can reduce procedural capability leakage without removing audit evidence [1][2]. The paper lands amid broader efforts to extract and protect procedural skills from agent execution data. A separate line of work, Trace2Skill, demonstrated that agent experience can be packaged into highly transferable, declarative skills requiring no parameter updates and using open-source models as small as 35 billion parameters [6]. That framework dispatches a parallel fleet of sub-agents to analyze diverse execution pools and hierarchically consolidate trajectory-specific lessons into unified skill directories [6]. RedAct operates in the opposite direction, aiming to prevent exactly this kind of skill extraction from public traces. Code for RedAct is available on GitHub [2]. The paper was submitted to arXiv's Cryptography and Security section on June 9, 2026 [1].

applicationresearch-papertool-releasemodel-releasebenchmarkcommentary

Background sources we checked (10)
  • arxiv.org ↗ Users rely on execution traces to observe agent behavior, diagnose failures, and ensure accountability. These traces contain rich procedural detail, including tool invocations, intermediate decisions, and error-recovery logic. Yet this detail can expose private procedural skills,…
  • arxiv.org ↗ [2606.10813] RedAct: Redacting Agent Capability Traces for Procedural Skill Protection [...] # Title:RedAct: Redacting Agent Capability Traces for Procedural Skill Protection [...] Authors: Shuwen Xu, Zhitao He, Yi R.(May) Fung [...] > Abstract:Users rely on execution traces to o…
  • arxiv.org ↗ Cryptography and Security # Cryptography and Security [...] ### Cross submissions (showing 17 of 17 entries) [...] ### Replacement submissions (showing 35 of 35 entries)…
  • arxiv.org ↗ can offset. [...] extra, off- [...] (destructive); when [...] , $\Delta P$ may stay [...] . We propose Counter [...] CTA operates on a paired trace bundle for each task: the event stream produced with the skill, the event stream produced without the skill, the skill document, and…
  • arxiv.org ↗ with domain-specific skills is critical [...] . Yet, manual authoring creates a severe scalability bottleneck. Conversely, automated skill generation often yields fragile or fragmented results because it either relies on shallow parametric knowledge or sequentially overfits to no…
  • info.arxiv.org ↗ arXiv Labs - arXiv info | arXiv e-print repository Skip to content # arXiv Labs Attention arXiv Users: arXiv Labs is pausing new proposals ## What are arXiv Labs? arXiv Labs are a way for the community to contribute new, useful features to arXiv. These integrations are avail…
  • info.arxiv.org ↗ arXivLabs: Showcase - arXiv info | arXiv e-print repository [...] # arXivLabs: Showcase [...] arXiv is surrounded by a community of researchers and developers working at the cutting edge of information science and technology. [...] While the arXiv team is focused on our core miss…
  • blog.arxiv.org ↗ arXivLabs: a space for community innovation – arXiv blog arXiv has launched a new, formalized framework enabling innovative collaborations with individuals and organizations. “Members of our community want to contribute tools that enhance the arXiv experience, and we val…
  • en.wikipedia.org ↗ arXiv (pronounced as "archive"—the X represents the Greek letter chi ⟨χ⟩) is an open-access repository of electronic preprints and postprints (known as e-prints) approved for posting after moderation, but not peer reviewed. It consists of scientific papers in the fields of mathem…
  • en.wikipedia.org ↗ 14 (fourteen) is the natural number following 13 and preceding 15.…

Sources

Spot something wrong? Report an issue