SafeClawBench: Separating Semantic, Audit-Evidence, and Sandbox Harm in Tool-Using LLM Agents
Researchers have released SafeClawBench, a staged benchmark designed to evaluate the security of tool-using language-model agents by separately measuring semantic attack acceptance, audit-visible harm evidence, and sandbox-observed tool or state harm [1][2]. The benchmark, introduced in a paper posted to the arXiv preprint repository on June 16, 2026, includes 600 controlled adversarial tasks across six attack families: direct and indirect prompt injection, tool-return injection, memory poisoning, memory extraction, and ambiguity-driven unsafe inference [1][2]. arXiv, which began in 1991, is an open-access repository that hosts electronic preprints across disciplines including computer science, and it now receives roughly 24,000 submissions per month [6]. SafeClawBench reports three distinct endpoints. The first, semantic attack acceptance, captures whether a model verbally complies with an adversarial instruction. The second endpoint records audit-visible harm evidence, and the third logs sandbox-observed tool or state harm, such as writing to persistent memory or triggering harmful code effects [2]. The authors argue that existing evaluations often collapse these stages into a single attack success rate, obscuring whether a model merely agreed with an attacker or actually produced observable damage [1][2]. Five agent endpoints were evaluated under four prompt-level policies. Without additional prompt protection, semantic failure rates ranged from 9.0% to 44.2% across the tested models [1][2]. Audited harm evidence proved narrower than semantic failure. In a matched analysis of 12,000 rows, 291 of 347 observed sandbox harms occurred in rows that passed the semantic check, meaning the model did not verbally comply yet still produced harmful tool-level effects [1][2]. Prompt policies altered endpoint outcomes, but the effects depended on both the model and the protocol used [1][2]. The researchers note that SafeClawBench provides a reproducible framework for comparing agent models and prompt-policy conditions without conflating textual compliance, evidence-supported harm, and executable state changes [1][2]. The open-source dataset is available on Hugging Face [2]. The paper appears on arXiv with a link to the arXivLabs framework, a community collaboration space that allows third-party developers to build experimental tools on top of the repository’s article pages [4][5]. arXivLabs projects, which include citation explorers and code-finding tools, operate under guidelines that require partners to share arXiv’s values of openness, community, excellence, and user data privacy [4].
controversyapplicationregulationresearch-papertool-releasemodel-releaseproduct-launchsafety-researchbenchmarkinfrastructurecommentary
Background sources we checked (7)
- arxiv.org ↗ Tool-using language-model agents introduce security failures that go beyond unsafe text: they can disclose protected objects, write persistent memory, send messages, modify databases, or trigger harmful code and tool effects. Existing evaluations often collapse these stages into …
- info.arxiv.org ↗ arXiv Labs - arXiv info | arXiv e-print repository Skip to content # arXiv Labs Attention arXiv Users: arXiv Labs is pausing new proposals ## What are arXiv Labs? arXiv Labs are a way for the community to contribute new, useful features to arXiv. These integrations are avail…
- blog.arxiv.org ↗ arXivLabs: a space for community innovation – arXiv blog arXiv has launched a new, formalized framework enabling innovative collaborations with individuals and organizations. “Members of our community want to contribute tools that enhance the arXiv experience, and we val…
- info.arxiv.org ↗ arXivLabs: Showcase - arXiv info | arXiv e-print repository ... # arXivLabs: Showcase ... arXiv is surrounded by a community of researchers and developers working at the cutting edge of information science and technology. ... While the arXiv team is focused on our core mission—pr…
- en.wikipedia.org ↗ arXiv (pronounced as "archive"—the X represents the Greek letter chi ⟨χ⟩) is an open-access repository of electronic preprints and postprints (known as e-prints) approved for posting after moderation, but not peer reviewed. It consists of scientific papers in the fields of mathem…
- en.wikipedia.org ↗ 14 (fourteen) is the natural number following 13 and preceding 15.…
- en.wikipedia.org ↗ A large language model (LLM) is a type of machine learning model designed for natural language processing tasks such as language generation. LLMs are language models with many parameters, and are trained with self-supervised learning on a vast amount of text.…