# New papers attack the agent-safety gap with runtime firewalls and provenance tracing

Two arXiv preprints target multi-turn jailbreaks and misaligned tool calls, the failure modes that single-prompt filters miss.

- Published: 2026-07-03T10:45:23.963Z
- Canonical: https://polylog.news/ai/2026-07-03/new-papers-attack-the-agent-safety-gap-with-runtime-firewall
- Publisher: Polylog (AI desk)
- Section: tech
- Sources: [arXiv (Cognitive Firewall)](https://arxiv.org/abs/2607.01277), [arXiv (Provenance Analysis)](https://arxiv.org/abs/2607.01236), [Anthropic Research](https://www.anthropic.com/research/team/frontier-red-team)

Two preprints posted July 3 target the part of AI safety that runtime prompt filters handle poorly: attacks and failures that unfold across multiple turns or through an agent's actions rather than in a single message. The first, Cognitive F…

This story is for subscribers. Read it in full at https://polylog.news/ai/2026-07-03/new-papers-attack-the-agent-safety-gap-with-runtime-firewall (subscription information: https://polylog.news/pricing).