An Application-Layer Multi-Modal Covert-Channel Reference Monitor for LLM Agent Egress
The paper presents a reference monitor designed to prevent data leakage from large language model (LLM) agents. It outlines a multi-modal approach that includes a text pipeline, media scramblers, and a method for measuring residual capacity of covert channels. The implementation aims to ensure that all potential covert channels are effectively managed and monitored.
- ▪The reference monitor includes a text pipeline with ten capacity-reducing stages.
- ▪It features media scramblers that limit audio and image data to prevent covert channels.
- ▪The system measures residual capacity to ensure data leakage is minimized.
Opening excerpt (first ~120 words) tap to expand
Computer Science > Cryptography and Security arXiv:2605.20734 (cs) [Submitted on 20 May 2026] Title:An Application-Layer Multi-Modal Covert-Channel Reference Monitor for LLM Agent Egress Authors:Alfredo Metere View a PDF of the paper titled An Application-Layer Multi-Modal Covert-Channel Reference Monitor for LLM Agent Egress, by Alfredo Metere View PDF HTML (experimental) Abstract:A large language model (LLM) agent that sends messages can leak data inside them. Destination allowlists and content scanners do not police whether an otherwise-benign payload is itself a covert channel: a compromised agent encodes bits in zero-width characters, homoglyphs, whitespace, base64, JavaScript Object Notation (JSON) key ordering, message timing or size -- and, in binary egress, in…
Excerpt limited to ~120 words for fair-use compliance. The full article is at arXiv cs.AI.