# 每日论文简报 - 生成时间:2026-06-19 14:26:15 (Asia/Shanghai) - 检索窗口:最近 24 小时 - 命中概览:LM=15, Agent Runtime Security=4, Terminal and SWE Agents=3 - 排序策略:hybrid (relevance first, published_at tie-break) ## 今日重点 - 主题「LLM」:命中 18 篇,覆盖 LM、Agent Runtime Security 等,代表论文包括 《QMFOL: Benchmarking Large Language Model Reasoning via Quantifiable Monadic First-Order Logic Test Case Generation》、《LLM agent safety, multi-turn red-teaming, jailbreak benchmarks, adversarial robustness, safety-critical systems》。 - 主题「Language Model」:命中 14 篇,覆盖 LM、Agent Runtime Security,代表论文包括 《QMFOL: Benchmarking Large Language Model Reasoning via Quantifiable Monadic First-Order Logic Test Case Generation》、《LLM agent safety, multi-turn red-teaming, jailbreak benchmarks, adversarial robustness, safety-critical systems》。 - 主题「Agent」:命中 8 篇,覆盖 LM、Agent Runtime Security 等,代表论文包括 《ScholarQuest: A Taxonomy-Guided Benchmark for Agentic Academic Paper Search in Open Literature Environments》、《LedgerAgent: Structured State for Policy-Adherent Tool-Calling Agents》。 - 主题「RAG」:命中 1 篇,覆盖 LM,代表论文包括 《LedgerAgent: Structured State for Policy-Adherent Tool-Calling Agents》。 - 主题「Coding Agent」:命中 1 篇,覆盖 Terminal and SWE Agents,代表论文包括 《N-Version Programming with Coding Agents》。 ## 栏目状态 - LM:15 篇 - Agent Runtime Security:4 篇 - Terminal and SWE Agents:3 篇 ## 主题聚焦 ### LLM - 命中篇数:18 - 覆盖分组:LM、Agent Runtime Security、Terminal and SWE Agents - 代表论文:《QMFOL: Benchmarking Large Language Model Reasoning via Quantifiable Monadic First-Order Logic Test Case Generation》、《LLM agent safety, multi-turn red-teaming, jailbreak benchmarks, adversarial robustness, safety-critical systems》、《Navigating Unreliable Parametric and Contextual Knowledge: Explicit Knowledge Conflict Resolution for LLM Inference》 - 主题速读: - 《QMFOL: Benchmarking Large Language Model Reasoning via Quantifiable Monadic First-Order Logic Test Case Generation》〔评测 / 方法〕:Large Language Models (LLMs) have made significant progress in reasoning, particularly in deductive reasoning, which is crucial for high-stakes decision-making… - 《LLM agent safety, multi-turn red-teaming, jailbreak benchmarks, adversarial robustness, safety-critical systems》〔评测 / 数据 / 方法〕:Large language model (LLM) agents are increasingly proposed as supervisory components for safety-critical systems, yet their robustness under sustained, adapti… ### Language Model - 命中篇数:14 - 覆盖分组:LM、Agent Runtime Security - 代表论文:《QMFOL: Benchmarking Large Language Model Reasoning via Quantifiable Monadic First-Order Logic Test Case Generation》、《LLM agent safety, multi-turn red-teaming, jailbreak benchmarks, adversarial robustness, safety-critical systems》、《Navigating Unreliable Parametric and Contextual Knowledge: Explicit Knowledge Conflict Resolution for LLM Inference》 - 主题速读: - 《QMFOL: Benchmarking Large Language Model Reasoning via Quantifiable Monadic First-Order Logic Test Case Generation》〔评测 / 方法〕:Large Language Models (LLMs) have made significant progress in reasoning, particularly in deductive reasoning, which is crucial for high-stakes decision-making… - 《LLM agent safety, multi-turn red-teaming, jailbreak benchmarks, adversarial robustness, safety-critical systems》〔评测 / 数据 / 方法〕:Large language model (LLM) agents are increasingly proposed as supervisory components for safety-critical systems, yet their robustness under sustained, adapti… ### Agent - 命中篇数:8 - 覆盖分组:LM、Agent Runtime Security、Terminal and SWE Agents - 代表论文:《ScholarQuest: A Taxonomy-Guided Benchmark for Agentic Academic Paper Search in Open Literature Environments》、《LedgerAgent: Structured State for Policy-Adherent Tool-Calling Agents》、《Analyzing Defensive Misdirection Against Model-Guided Automated Attacks on Agentic AI Systems》 - 主题速读: - 《ScholarQuest: A Taxonomy-Guided Benchmark for Agentic Academic Paper Search in Open Literature Environments》〔评测 / 应用 / 方法〕:Academic paper search is a core step in scientific research, and LLM-based search agents are emerging as a promising paradigm for iterative, intent-driven lite… - 《LedgerAgent: Structured State for Policy-Adherent Tool-Calling Agents》〔评测 / 方法〕:Policy-adherent tool-calling agents in customer-service domains must maintain task states across turns while calling tools and obeying domain policies. Task st… ### RAG - 命中篇数:1 - 覆盖分组:LM - 代表论文:《LedgerAgent: Structured State for Policy-Adherent Tool-Calling Agents》 - 主题速读: - 《LedgerAgent: Structured State for Policy-Adherent Tool-Calling Agents》〔评测 / 方法〕:Policy-adherent tool-calling agents in customer-service domains must maintain task states across turns while calling tools and obeying domain policies. Task st… ### Coding Agent - 命中篇数:1 - 覆盖分组:Terminal and SWE Agents - 代表论文:《N-Version Programming with Coding Agents》 - 主题速读: - 《N-Version Programming with Coding Agents》〔方法〕:This paper revisits the classical concept on N-version programming in the setting of contemporary AI coding agents. Revisiting the seminal Knight-Leveson exper… ## LM 观察 ### 本组速览 - 《QMFOL: Benchmarking Large Language Model Reasoning via Quantifiable Monadic First-Order Logic Test Case Generation》〔评测 / 方法〕:Large Language Models (LLMs) have made significant progress in reasoning, particularly in deductive reasoning, which is crucial for high-stakes decision-making… - 《LLM agent safety, multi-turn red-teaming, jailbreak benchmarks, adversarial robustness, safety-critical systems》〔评测 / 数据 / 方法〕:Large language model (LLM) agents are increasingly proposed as supervisory components for safety-critical systems, yet their robustness under sustained, adapti… - 《Navigating Unreliable Parametric and Contextual Knowledge: Explicit Knowledge Conflict Resolution for LLM Inference》〔评测 / 方法〕:Large language models (LLMs) have achieved strong performance across a wide range of language-based tasks by leveraging both extensive parametric knowledge and… - 《Contagion Networks: Evaluator Bias Propagation in Multi-Agent LLM Systems》〔评测 / 方法〕:When large language models serve as evaluators in multi-agent systems, their systematic evaluation biases propagate through the agent network. We introduce Con… - 《Your Mouse and Eyes Secretly Leak Your Preference: LLM Alignment using Implicit Feedback from Users》〔数据 / 方法〕:To align a Large Language Model (LLM), most existing methods collect explicit human feedback and train a reward model to predict the human preference based on… ### 论文速览 1. [QMFOL: Benchmarking Large Language Model Reasoning via Quantifiable Monadic First-Order Logic Test Case Generation](https://arxiv.org/abs/2606.20227v1) - Published:2026-06-18 21:40 - 作者:Xinyi Zheng,Ling Shi,Tianlong Yu,Yongxin Zhao,Lorenz Goette,Kailong Wang - 来源:arxiv - 相关性分数:221 - 命中原因:title matched "language model"; title matched "large language model"; title matched "reasoning"; title matched "benchmark" - 分类:cs.AI, cs.SE - 标签:评测 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20227v1 - 摘要:Large Language Models (LLMs) have made significant progress in reasoning, particularly in deductive reasoning, which is crucial for high-stakes decision-making. As models improve, evaluation benchmarks should evolve to keep pace. However, existing benchmarks lack fine-grained control over logical complexity and struggle to balance semantic diversity with logical consistency. To address these issues, we propose QMFOL, an automated framework for generating monadic first-order logic reasoning tasks with quantifiable and controllable complexity. It constructs formal logical structures using conjunction and disjunction patterns, enabling precise control over reasoning depth, width, label types, and distractors. These structures are then translated into natural language via LLMs, with logical consistency ensured through round-trip verification using an external prover. Based on our framework, we build QMFOLBench, a benchmark comprising 2880 instances with 960 configurations across diverse logical and semantic dimensions. Evaluations on six large reasoning models (LRMs) and two LLMs show that performance degrades and computational overhead increases with rising logical complexity. Models perform better on True-labeled tasks than on False or Unknown ones, and exhibit sensitivity to semantic variation. Overall, QMFOL offers a scalable and reliable approach for constructing deductive reasoning benchmarks with controllable complexity, enabling more precise evaluation of reasoning capabilities in modern language models. 2. [LLM agent safety, multi-turn red-teaming, jailbreak benchmarks, adversarial robustness, safety-critical systems](https://arxiv.org/abs/2606.20408v1) - Published:2026-06-18 23:57 - 作者:Hanwool Lee,Dasol Choi,Bokyeong Kim,Seung Geun Kim,Haon Park - 来源:arxiv - 相关性分数:201 - 命中原因:title matched "LLM"; title matched "agent"; title matched "benchmark"; summary matched "language model" - 分类:cs.CR, cs.AI - 标签:评测 / 数据 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20408v1 - 摘要:Large language model (LLM) agents are increasingly proposed as supervisory components for safety-critical systems, yet their robustness under sustained, adaptive adversarial pressure remains poorly characterized. We present NRT-Bench, a benchmark for multi-turn red-teaming of LLM agents acting as operators of a safety-critical system, instantiated in a simulated nuclear power plant control room. A five-role operator team, each backed by a configurable LLM, runs a plant governed by six critical safety functions (CSFs), while adversaries inject messages over four channels in bounded multi-turn sessions with per-turn feedback. Harm is an objective signal rather than LLM-judged text: a run terminates the moment any CSF is lost, attributed to the causing message. Evaluating four frontier operator models under a fixed-attack paired-replay protocol, we find that adaptive multi-turn attacks reliably push the operator team past a safety limit: across the four models, between 8.7% and 12.1% of attack sessions end with the plant losing a critical safety function. Although the four models look almost equally robust by this aggregate rate, their failures barely overlap: of $149$ sessions, none defeat all four models while a third defeat at least one, so vulnerabilities are nearly disjoint across models rather than nested. The effect of added defences is strongly model-dependent: the same guardrail stack or safety-advisor agent that lowers attack success for one model can raise it for another. We release the simulation venue, attack dataset, and replay tooling for reproducible safety evaluation of LLM agents. 3. [Navigating Unreliable Parametric and Contextual Knowledge: Explicit Knowledge Conflict Resolution for LLM Inference](https://arxiv.org/abs/2606.20245v1) - Published:2026-06-18 21:56 - 作者:Huang Peng,Jiuyang Tang,Weixin Zeng,Hao Xu,Xiang Zhao - 来源:arxiv - 相关性分数:191 - 命中原因:title matched "LLM"; summary matched "language model"; summary matched "large language model"; summary matched "reasoning" - 分类:cs.AI - 标签:评测 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20245v1 - 摘要:Large language models (LLMs) have achieved strong performance across a wide range of language-based tasks by leveraging both extensive parametric knowledge and in-context learning ability, enabling them to incorporate external information provided in the input prompt. However, the integration of external knowledge can introduce conflicts, not only between the model's internal parametric knowledge and the external information, but also among multiple pieces of external contexts. Existing approaches typically assume that either the model or the provided context is reliable, overlooking the possibility that both sources may contain errors, and avoid conflicts by privileging one source over the other, rather than actively resolving inconsistencies. To address these limitations, we propose a novel framework MACR for LLM knowledge conflict resolution that moves beyond the conventional binary choice paradigm and incorporates an explicit conflict-resolution mechanism based on a multi-agent reasoning approach. Specifically, we first propose an adaptive knowledge assessment and retrieval approach that employs a modified semantic entropy measure to quantify an LLM's confidence in its answer to a given query. Based on this confidence estimation, MACR either externalizes the model's internal knowledge as textual representations or retrieves relevant external knowledge when internal knowledge is insufficient, generating basic contexts for subsequent reasoning. Then we introduce an inductive multi-agent reasoning framework with three specialized agents that, respectively, induce explicit rules, analyze potential conflicts, and resolve inconsistencies across all available contexts. Empirical results demonstrate that MACR significantly outperforms state-of-the-art baselines across benchmarks, while also providing interpretable resolutions of explicit conflicts. 4. [Contagion Networks: Evaluator Bias Propagation in Multi-Agent LLM Systems](https://arxiv.org/abs/2606.20493v1) - Published:2026-06-19 01:09 - 作者:Zewen Liu - 来源:arxiv - 相关性分数:162 - 命中原因:title matched "LLM"; title matched "agent"; summary matched "language model"; summary matched "large language model" - 分类:cs.LG, cs.AI, cs.MA - 标签:评测 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20493v1 - 摘要:When large language models serve as evaluators in multi-agent systems, their systematic evaluation biases propagate through the agent network. We introduce Contagion Networks, a formal framework for measuring how evaluator biases spread across interacting LLM agents. In a controlled 3-agent experiment using DeepSeek-chat with three distinct evaluator bias profiles (structured, balanced, evidence-based), we measure the Cross-Agent Contagion Matrix Gamma_3 and find that evaluator biases consistently propagate between agents (gamma in [0.157, 0.352]), even within the same underlying model. We identify three propagation regimes governed by the spectral radius rho(Gamma_N), and demonstrate that homogeneous-model agents produce contagion coefficients 3-5x weaker than cross-model coefficients observed in prior work (MM-EPC: gamma approx 0.85-1.3), placing them in the suppression regime. We show that increasing evaluator committee size from k=1 to k=3 reduces effective contagion by 72.4%, providing an actionable mitigation strategy. We release the open-source Contagion Network experimental framework. 5. [Your Mouse and Eyes Secretly Leak Your Preference: LLM Alignment using Implicit Feedback from Users](https://arxiv.org/abs/2606.20482v1) - Published:2026-06-19 01:00 - 作者:Haw-Shiuan Chang,Jeffrey Gomez,Mehul Patwari,Aryan Sajith,Hamed Zamani - 来源:arxiv - 相关性分数:162 - 命中原因:title matched "LLM"; title matched "alignment"; summary matched "language model"; summary matched "large language model" - 分类:cs.CL, cs.HC, cs.LG - 标签:数据 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20482v1 - 摘要:To align a Large Language Model (LLM), most existing methods collect explicit human feedback and train a reward model to predict the human preference based on the response text. These existing methods have two key limitations. First, the users rarely provide explicit feedback for LLM responses, which makes the high-quality preference annotation expensive to collect. Second, the methods do not leverage implicit human feedback, which has proven vital to the economic moats of Internet giants. To quantify the value of implicit feedback, we build a new dataset called IFLLM, which collects 1336 multi-turn questions from the 59 Mechanical Turk workers, their mouse trajectories, and eye gazing points to the LLMs' responses from their webcams. IFLLM shows that the users have very diverse types of gazing behavior and mouse trajectories. Our reward model based on the implicit user feedback boosts the accuracy of the text-based reward model from 55% to 64% and nearly triples the relative response quality improvements after applying the DPO to eight LLMs, demonstrating the value of implicit feedback in the wild. Our data collection website, dataset, and codes can be found at https://github.com/themehulpatwari/llm-implicit-feedback/. 6. [AutoPass: Evidence-Guided LLM Agents for Compiler Performance Tuning](https://arxiv.org/abs/2606.20373v1) - Published:2026-06-18 23:35 - 作者:Zepeng Li,Jie Ren,Zhanyong Tang,Jie Zheng,Zheng Wang - 来源:arxiv - 相关性分数:161 - 命中原因:title matched "LLM"; title matched "agent"; summary matched "language model"; summary matched "large language model" - 分类:cs.SE, cs.AI - 标签:评测 / 应用 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20373v1 - 摘要:Large Language Models (LLMs) show promise for code compilation tasks, but applying them to runtime performance tuning is difficult due to complex microarchitectural effects and noisy runtime measurements. We present AutoPass, a multi-agent framework for compiler performance tuning that uses compiler and runtime evidence to guide LLM-generated optimization decisions. Rather than treating the compiler as a black box like prior auto-tuning schemes, AutoPass opens up the compiler to the LLM, enabling it to query compiler-internal optimization states and analyze the intermediate representation to orchestrate compiler options. The search process iteratively refines optimization configurations using measured runtime feedback to diagnose regressions and guide latency-improving edits. AutoPass operates in an inference-only, training-free setting and requires no offline training or task-specific fine-tuning, making it readily applicable to new benchmarks and platforms. We implement AutoPass on the LLVM compiler and evaluate it on server-grade x86-64 and embedded ARM64 systems. AutoPass outperforms expert-tuned heuristics and classical autotuning methods, achieving geometric-mean speedups of 1.043x and 1.117x over LLVM -O3 on x86-64 and ARM64, respectively. 7. [StylisticBias: A Few Human Visual Cues Drive Most Social Biases in MLLMs](https://arxiv.org/abs/2606.20527v1) - Published:2026-06-19 01:39 - 作者:Shaghayegh Kolli,Timo Cavelius,Nafiseh Nikeghbal,Samantha Dalal,Jana Diesner - 来源:arxiv - 相关性分数:141 - 命中原因:title matched "LLM"; summary matched "language model"; summary matched "large language model"; summary matched "benchmark" - 分类:cs.CL, cs.CV - 标签:评测 / 数据 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20527v1 - 摘要:Multimodal large language models (MLLMs) are increasingly deployed in personally and societally consequential settings, yet the visual cues that shape how these models judge people remain poorly understood. Prior work often compares different (groups of) individuals, making it difficult to separate appearance effects from identity differences. We introduce StylisticBias, a controlled benchmark for evaluating attribute-level social bias in MLLMs. We generate 500 photorealistic base faces and create about 50 single-attribute variations per face, producing about 25K images. This design keeps identity fixed and changes one visual attribute at a time. It lets us measure how specific cues shift model judgments. We evaluate six MLLMs across 25 binary social judgment scenarios. We find that age and body type dominate identity-level effects, while fashion style and other visual cues drive the largest attribute-level shifts. We further find that about 15 attributes account for nearly 80\% of the total variation, showing that bias is concentrated in a small set of visual cues. Sensitivity is strongest in judgments that are semantically aligned with appearance, especially socioeconomic and style-related judgments. We release StylisticBias as a benchmark for fine-grained bias evaluation in multimodal models. Code and dataset: https://github.com/timo-cavelius/StylisticBias and https://hf.co/datasets/shaghayegh/stylistic-bias-dataset. 8. [ScholarQuest: A Taxonomy-Guided Benchmark for Agentic Academic Paper Search in Open Literature Environments](https://arxiv.org/abs/2606.20235v1) - Published:2026-06-18 21:47 - 作者:Tingyue Pan,Mingyue Cheng,Daoyu Wang,Yitong Zhou,Jie Ouyang,Qi Liu 等 - 来源:arxiv - 相关性分数:141 - 命中原因:title matched "agent"; title matched "benchmark"; summary matched "LLM"; summary matched "evaluation" - 分类:cs.IR, cs.AI - 标签:评测 / 应用 / 方法 - 主题词:LLM / Agent - PDF:https://arxiv.org/pdf/2606.20235v1 - 摘要:Academic paper search is a core step in scientific research, and LLM-based search agents are emerging as a promising paradigm for iterative, intent-driven literature exploration. However, existing benchmarks are insufficient for systematically evaluating agentic academic search under realistic open literature environments. We propose ScholarQuest, a large-scale, taxonomy-guided benchmark for agentic academic paper search. ScholarQuest is constructed from over 1,000 computer science topics and four representative research intents, including method-oriented, setting-anchored, comparison-based, and scope-controlled queries. It further provides scalable answer construction and a shared retrieval backend ScholarBase for reproducible evaluation. Benchmarking results show that agentic methods outperform single-shot retrieval baselines, yet the best-performing agent only achieves 0.314 Recall@100 and 0.355 Recall@All, indicating substantial room for improvement. In addition, analyses of search efficiency, intent-level robustness, and failure cases further highlight the benchmark's ability to provide multi-dimensional evaluation signals for academic paper search agents. 9. [Multi-View Decompilation for LLM-Based Malware Classification](https://arxiv.org/abs/2606.20436v1) - Published:2026-06-19 00:15 - 作者:Bercan Turkmen,Vyas Raina - 来源:arxiv - 相关性分数:139 - 命中原因:title matched "LLM"; summary matched "language model"; summary matched "large language model"; summary matched "RAG" - 分类:cs.CR, cs.AI - 标签:评测 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20436v1 - 摘要:Malware analysts often inspect compiled binaries through decompiled pseudo-C, when source code is unavailable. Recent work suggests that large language models (LLMs) can assist this process by classifying decompiled code as benign or malicious, but existing pipelines typically rely on a single decompiler view. We argue that this assumption is fragile: decompilers are lossy heuristic tools, and different decompilers can expose different artefacts of the same binary. We curate a benchmark of benign utilities and malicious programs spanning a range of threat behaviors. Each sample is compiled and decompiled with both Ghidra and RetDec, yielding matched pseudo-C views. Across a range of LLMs from major model families, we find that providing both decompiler views improves malicious-class F1, mainly by increasing recall on malicious samples. Agreement analyses further show that Ghidra and RetDec make partially different errors, supporting the view that decompiler outputs provide complementary evidence. Our results suggest that multi-decompiler prompting is a simple, training-free way to improve LLM-based malware triage in practical settings. 10. [Multi-LCB: Extending LiveCodeBench to Multiple Programming Languages](https://arxiv.org/abs/2606.20517v1) - Published:2026-06-19 01:35 - 作者:Maria Ivanova,Pavel Zadorozhny,Rodion Levichev,Ivan Petrov,Adamenko Pavel,Ivan Lopatin 等 - 来源:arxiv - 相关性分数:137 - 命中原因:summary matched "language model"; summary matched "large language model"; summary matched "LLM"; summary matched "reasoning" - 分类:cs.AI, cs.PL - 标签:评测 / 数据 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20517v1 - 摘要:LiveCodeBench (LCB) has recently become a widely adopted benchmark for evaluating large language models (LLMs) on code-generation tasks. By curating competitive programming problems, constantly adding fresh problems to the set, and filtering them by release dates, LCB provides contamination-aware evaluation and offers a holistic view of coding capability. However, LCB remains restricted to Python, leaving open the question of whether LLMs can generalize across the diverse programming languages required in real-world software engineering. We introduce Multi-LCB, a benchmark for evaluating LLMs across twelve programming languages, including Python. Multi-LCB transforms Python tasks from the LCB dataset into equivalent tasks in other languages while preserving LCB's contamination controls and evaluation protocol. Because it is fully compatible with the original LCB format, Multi-LCB will automatically track future LCB updates, enabling systematic assessment of cross-language code generation competence and requiring models to sustain performance well beyond Python. We evaluated 24 LLMs for instruction and reasoning on Multi-LCB, uncovering evidence of Python overfitting, language-specific contamination, and substantial disparities in multilingual performance. Our results establish Multi-LCB as a rigorous new benchmark for multi-programming-language code evaluation, directly addressing LCB's primary limitation and exposing critical gaps in current LLM capabilities. 11. [Evaluating and Enhancing Negation Comprehension in Remote Sensing MLLMs](https://arxiv.org/abs/2606.20177v1) - Published:2026-06-18 20:46 - 作者:Haochen Han,Jue Wang,Alex Jinpeng Wang,Fangming Liu - 来源:arxiv - 相关性分数:136 - 命中原因:title matched "LLM"; summary matched "language model"; summary matched "large language model"; summary matched "benchmark" - 分类:cs.CV, cs.AI - 标签:评测 / 应用 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20177v1 - 摘要:Multimodal Large Language Models (MLLMs) have demonstrated remarkable success in various Remote Sensing (RS) tasks. However, their ability to comprehend negation remains underexplored, limiting deployment in real-world applications where models must explicitly identify what is false or absent, e.g., emergency responders need to locate non-flooded routes for evacuation. To comprehensively study this limitation, we introduce RS-Neg, the first benchmark to evaluate negation understanding across region-level to scene-level tasks. Specifically, we design an automated data generation pipeline for RS imagery, using LLMs to synthesize diverse negation queries, and introduce a dynamic visual focus module for verification. Our evaluation reveals that advanced RS MLLMs struggle with negation, exhibiting hallucinations and substantial performance degradation. To close this gap, we propose NeFo, a novel test-time learning method that explicitly incorporates the logical role of negation into the model optimization. Remarkably, using about 5\% unlabeled test samples, NeFo significantly improves the negation understanding of models and shows strong generalization to unseen tasks. Code and data will be released upon acceptance. 12. [PsyScore: A Psychometrically-Aware Framework for Trait-Adaptive Essay Scoring and ZPD-Scaffolded Feedback](https://arxiv.org/abs/2606.20287v1) - Published:2026-06-18 22:29 - 作者:Wei Xia,Jin Wu,Haoran Shi,Xiangyu Wang,Chanjin Zheng - 来源:arxiv - 相关性分数:134 - 命中原因:summary matched "language model"; summary matched "large language model"; summary matched "LLM"; summary matched "agent" - 分类:cs.CL - 标签:评测 / 数据 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20287v1 - 摘要:Effective Automated Essay Scoring (AES) are expected to support both reliable assessment and actionable instructional feedback. However, existing approaches often treat scoring and feedback as separate components: neural scoring models provide limited interpretability, while Large Language Model (LLM)-based feedback is typically insensitive to learners proficiency levels. To address this fragmentation, this work proposes PsyScore, a psychometrically-aware framework that integrates diagnostic assessment with instructional scaffolding through a shared latent ability representation. PsyScore comprises three key modules: a Trait-Adaptive Neural IRT Scorer that incorporates the Graded Partial Credit Model (GPCM) into a neural architecture, enabling the precise estimation of student ability while maintaining psychometric interpretability, a ZPD-Scaffolded Feedback Generator, which conditions multi-agent feedback strategies on the diagnosed ability parameter to adapt instructional focus across different proficiency levels, and a Multi-Perspective Feedback Evaluation Strategy that assesses feedback quality via pairwise preference judgements and student revision simulations. Experiments on the ASAP++ dataset demonstrate that PsyScore achieves competitive scoring performance while providing more pedagogically aligned feedback. 13. [Apparent Psychological Profiles of Large Language Models are Largely a Measurement Artifact](https://arxiv.org/abs/2606.20205v1) - Published:2026-06-18 21:18 - 作者:Jelena Meyer,David Garcia,Dirk U. Wulff - 来源:arxiv - 相关性分数:122 - 命中原因:title matched "language model"; title matched "large language model"; summary matched "LLM"; has PDF - 分类:cs.AI, cs.CL, cs.HC - 标签:评测 / 应用 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20205v1 - 摘要:Psychological instruments designed for humans are increasingly used to assign large language models (LLMs) stable psychological profiles that affect their usability, safety assessment, and use as proxies for human participants in research. Using a formal psychometric framework, we show that these profiles are largely a measurement artifact. Administering a battery of personality and risk-preference instruments spanning self-reports and behavioral tasks to 56 instruction-tuned LLMs alongside large human reference samples, we report four findings. First, differences between models are driven not by the traits an instrument targets but by a directional response bias, a tendency to respond toward one end of the scale, or one labeled option, regardless of item content; a variance decomposition attributes 81-90% of between-model variation to this bias, against 9-16% in humans. Second, the bias declines with model capability but is not eliminated by it. Third, because bias rather than trait drives responding, an instrument's apparent reliability is almost entirely predicted by its response orthogonality, a term we coin for the proportion of items for which trait and bias point in opposite directions. Fourth, the profile a model appears to have shifts with the items used and can be manufactured through item selection. These results demonstrate that the apparent psychological profiles of LLMs are artifacts of the instrument used to measure them, not properties of the models themselves. As instruments borrowed from human psychology are rarely fully orthogonal and may inherently lack validity for LLMs, we call for dedicated assessments centered on response orthogonality. 14. [ELVA: Exploring Ranking-Driven Universal Multimodal Retrieval](https://arxiv.org/abs/2606.20280v1) - Published:2026-06-18 22:23 - 作者:Yuhan Liu,Pei Fu,Hang Li,Yukun Qi,Chao Jiang,Jingwen Fu 等 - 来源:arxiv - 相关性分数:115 - 命中原因:summary matched "language model"; summary matched "large language model"; summary matched "LLM"; summary matched "RAG" - 分类:cs.IR, cs.AI - 标签:评测 / 方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20280v1 - 摘要:Leveraging Multimodal Large Language Models (MLLMs) via contrastive learning has become a mainstream paradigm for improving the performance of Universal Multimodal Retrieval (UMR). However, previous works have ignored the grain blindness when adapting the contrastive paradigm into retrieval tasks. Grain blindness refers to the tendency of the model to overlook grain-level information contained in the query, which is crucial for effectively handling complex queries. This stems from contrastive learning treating samples as a binary classification (positive/negative), while ignoring the different information carried by each negative sample. To address this, we argue that negatives should be treated differently according to their similarity to the positive sample, enabling the model to learn distinct grain information from each negative. In this paper, we introduce a simple but effective framework, called ELVA, a novel rule-based RL framework that mitigates grain blindness through ranking-driven MLLMs. 1) Instead of relying on reward models, we extend Reinforcement Learning with Verifiable Rewards (RLVR) to retrieval tasks, allowing the model to explore new ranking behaviors without explicit ranking labels. 2) By utilizing rule-based rewards, our approach jointly optimizes the ranking of negative samples while enlarging the similarity gap between positive and negative. To more precisely measure grain blindness, we further introduce MRBench, a new benchmark specifically designed for multi-grain query scenarios. ELVA achieves state-of-the-art results across standard retrieval benchmarks, and its notable 13.1% improvement on MRBench further demonstrates its effectiveness in alleviating grain blindness. 15. [LedgerAgent: Structured State for Policy-Adherent Tool-Calling Agents](https://arxiv.org/abs/2606.20529v1) - Published:2026-06-19 01:41 - 作者:Md Nayem Uddin,Amir Saeidi,Eduardo Blanco,Chitta Baral - 来源:arxiv - 相关性分数:109 - 命中原因:title matched "agent"; title matched "RAG"; has PDF; has rich summary - 分类:cs.AI, cs.CL - 标签:评测 / 方法 - 主题词:Agent / RAG - PDF:https://arxiv.org/pdf/2606.20529v1 - 摘要:Policy-adherent tool-calling agents in customer-service domains must maintain task states across turns while calling tools and obeying domain policies. Task states consist of relevant facts, identifiers, constraints, and conditions observed through user interaction and tool calls. In standard agents, task states are not represented separately. Observations, tool returns, and policy instructions are placed in the prompt, leaving agents to reconstruct the relevant states from the prompt each time they decide what to do next. This design makes state management implicit, creating two common failure modes. An agent may retrieve the right facts but later ground its decision in stale, missing, or incorrect information; and a syntactically valid tool call may still violate a domain policy that depends on the current task state. We introduce \textsc{LedgerAgent}, an inference-time method for tool-calling agents that maintains observed task states in a separate ledger and renders the states into the prompt. The ledger is also used to check state-dependent policy constraints before environment-changing tool calls are executed, blocking policy violations. Across four customer-service domains and a mixed panel of open- and closed-weight models, \textsc{LedgerAgent} improves average pass\textasciicircum{}k over a standard prompt-based tool-calling approach, with the largest gains under stricter multi-trial consistency metrics. ## Agent Runtime Security 观察 ### 本组速览 - 《What Do Safety-Aligned LLMs Learn From Mixed Compliance Demonstrations?》〔方法〕:Prior work has shown that in-context demonstrations can jailbreak language models, but it remains unclear how models interpret different types of compliance de… - 《Analyzing Defensive Misdirection Against Model-Guided Automated Attacks on Agentic AI Systems》〔评测 / 应用 / 方法〕:Agentic AI systems increasingly rely on language-model components to interpret instructions, process external data, invoke tools, and coordinate with other age… - 《RACL: Reasoning-Agent Control Layers for Continuous Metaheuristic Learning》〔评测 / 应用 / 方法〕:This paper introduces RACL, a Reasoning-Agent Control Layer for metaheuristics. RACL places a reasoning agent above an existing optimizer. The agent does not r… - 《Beyond Static Endpoints: Tool Programs as an Interface for Flexible Agentic Web Services》〔应用 / 方法〕:In the agentic web era, LLM-based agents increasingly invoke web services as tools, yet most interfaces remain \emph{static endpoints} that poorly express long… ### 论文速览 1. [What Do Safety-Aligned LLMs Learn From Mixed Compliance Demonstrations?](https://arxiv.org/abs/2606.20508v1) - Published:2026-06-19 01:25 - 作者:Sihui Dai,Mann Patel - 来源:arxiv - 相关性分数:46 - 命中原因:summary matched "jailbreak"; has PDF; has rich summary; has complete metadata - 分类:cs.AI, cs.LG - 标签:方法 - 主题词:LLM / Language Model - PDF:https://arxiv.org/pdf/2606.20508v1 - 摘要:Prior work has shown that in-context demonstrations can jailbreak language models, but it remains unclear how models interpret different types of compliance demonstrations. We study this by mixing benign compliance demonstrations (non-harmful request, helpful response) with harmful compliance demonstrations (harmful request, helpful response) and testing three hypotheses about how demonstration composition drives harmful compliance. Across four models, we find that benign and harmful demonstrations are not interchangeable: benign demonstrations can either reduce or increase harmful compliance depending on the model. We further show that preference optimization is the critical training stage that prevents benign demonstrations from increasing harmful compliance, that demonstration ordering exhibits strong recency bias, and that models differ in how refusal interacts with in-context learning: some adopt demonstrated formatting even when refusing, while others override all in-context signals upon refusal. Taken together, this work moves beyond showing that demonstration-based jailbreaking works to characterizing how it works: what models extract from compliance demonstrations depends on demonstration content, ordering, and training methodology. 2. [Analyzing Defensive Misdirection Against Model-Guided Automated Attacks on Agentic AI Systems](https://arxiv.org/abs/2606.20470v1) - Published:2026-06-19 00:50 - 作者:Reza Soosahabi,Vivek Namsani - 来源:arxiv - 相关性分数:46 - 命中原因:summary matched "jailbreak"; has PDF; has rich summary; has complete metadata - 分类:cs.CR, cs.AI - 标签:评测 / 应用 / 方法 - 主题词:Agent / Benchmark - PDF:https://arxiv.org/pdf/2606.20470v1 - 摘要:Agentic AI systems increasingly rely on language-model components to interpret instructions, process external data, invoke tools, and coordinate with other agents. These capabilities make prompt-injection and jailbreak attacks more consequential, especially as attackers adopt model-guided automation to scale probing, prompt refinement, and response evaluation. This work analyzes the resulting attack-defense setting through a probabilistic model of a target system, its defense mechanism, and the attacker's automated judge. Our analysis shows that conventional detect-and-block defenses can allow attacker success rate (ASR) to approach one as the query budget grows, since predictable refusals provide useful feedback to automated search. We then examine detect-and-misdirect, where detected malicious interactions receive controlled, non-operational responses designed to induce false-positive errors in the attacker's judge. This strategy reduces the positive predictive value of attacker-selected candidates and yields a bounded asymptotic ASR. We evaluate a proof-of-concept realization of this strategy through Contextual Misdirection via Progressive Engagement (CMPE), a lightweight conversational misdirection method designed to replace predictable refusal text with safe but strategically misleading responses in automated jailbreak settings. On jailbreak benchmarks, CMPE reduces estimated ASR upper bounds by up to two orders of magnitude and nearly eliminates verified attack success in end-to-end PAIR and GPTFuzz attack runs. 3. [RACL: Reasoning-Agent Control Layers for Continuous Metaheuristic Learning](https://arxiv.org/abs/2606.20142v1) - Published:2026-06-18 20:05 - 作者:Antón Asla Manzárraga - 来源:arxiv - 相关性分数:41 - 命中原因:summary matched "guardrail"; has PDF; has rich summary; has complete metadata - 分类:cs.AI, cs.MA - 标签:评测 / 应用 / 方法 - 主题词:Agent / Evaluation - PDF:https://arxiv.org/pdf/2606.20142v1 - 摘要:This paper introduces RACL, a Reasoning-Agent Control Layer for metaheuristics. RACL places a reasoning agent above an existing optimizer. The agent does not replace the optimizer and does not modify business constraints. Instead, it controls the optimizer's internal search behavior by observing operational memory, reasoning over past behavior, formulating bounded hypotheses, testing interventions, evaluating outcomes, applying guardrails, consolidating useful policies and explaining its decisions. The experiment uses vehicle routing as a testbed, but the contribution is not a new routing solver, a particular ALNS configuration or a specific set of routing rules. The contribution is the RACL method: a way for a reasoning agent to discover, validate, consolidate and explain algorithmic control rules for a metaheuristic. In the current experimental setting, RACL improves or ties the Operational Memory Policy in 21 of 21 feasible cases and improves or ties a non-reasoning Stagnation-Triggered Policy in 18 of 21 feasible cases, with an average RACL vs STP cost delta of -0.641%. In the Sevilla-9/10 runtime sample, RACL improves average cost by -8.337% versus Fixed and -1.605% versus STP without showing material computational overhead. During the proof-of-concept, Codex was used as an in-the-loop reasoning agent observing executions, interpreting logs and proposing live bounded interventions. The policy proxy was later used only to make quantitative evaluation reproducible. 4. [Beyond Static Endpoints: Tool Programs as an Interface for Flexible Agentic Web Services](https://arxiv.org/abs/2606.19992v1) - Published:2026-06-18 17:31 - 作者:Mugeng Liu,Shuoqi Li,Yixuan Zhang,Yun Ma - 来源:arxiv - 相关性分数:39 - 命中原因:summary matched "sandboxing"; has PDF; has rich summary; has complete metadata - 分类:cs.SE, cs.AI - 标签:应用 / 方法 - 主题词:LLM / Agent - PDF:https://arxiv.org/pdf/2606.19992v1 - 摘要:In the agentic web era, LLM-based agents increasingly invoke web services as tools, yet most interfaces remain \emph{static endpoints} that poorly express long-horizon workflows with loops, conditionals, joins, and retries. We present ToolPro, which represents an agent's tool intent as an \emph{executable tool program} that compactly encodes multi-step service interactions with explicit effect types. ToolPro combines constraint-guided program construction, effect-aware replay for exactly-once state-modifying calls, and a profile-driven policy that decides when program execution outperforms stepwise calling. We instantiate ToolPro over MCP-style services with WebAssembly sandboxing and evaluate it on diverse workflows of real-world applications. ToolPro reduces end-to-end latency by up to 53.4\% and client-side traffic by up to 96.1\%, with larger gains under higher network latency and workflow complexity. ## Terminal and SWE Agents 观察 ### 本组速览 - 《Probe-and-Refine Tuning of Repository Guidance for Coding Agents》〔应用 / 方法〕:LLM-based coding agents need higher-level operational knowledge about a repository (which files house which subsystems, how to run the test suite, which workfl… - 《Phoenix: Safe GitHub Issue Resolution via Multi-Agent LLMs》〔评测 / 应用 / 方法〕:We present Phoenix, a multi-agent LLM system that resolves GitHub issues from triage through pull-request creation, combining seven layered safety controls wit… - 《N-Version Programming with Coding Agents》〔方法〕:This paper revisits the classical concept on N-version programming in the setting of contemporary AI coding agents. Revisiting the seminal Knight-Leveson exper… ### 论文速览 1. [Probe-and-Refine Tuning of Repository Guidance for Coding Agents](https://arxiv.org/abs/2606.20512v1) - Published:2026-06-19 01:30 - 作者:Asa Shepard,Jeannie Albrecht - 来源:arxiv - 相关性分数:87 - 命中原因:title matched "coding agent"; summary matched "SWE-bench"; has PDF; has rich summary - 分类:cs.SE, cs.LG - 标签:应用 / 方法 - 主题词:LLM / Agent - PDF:https://arxiv.org/pdf/2606.20512v1 - 摘要:LLM-based coding agents need higher-level operational knowledge about a repository (which files house which subsystems, how to run the test suite, which workflows have historically led to wrong fixes) that does not exist in the code itself. Engineers typically maintain \texttt{AGENTS.md} files to supply this context as instructions for coding agents, but whether they help is contested: recent studies disagree on whether LLM-generated guidance improves or harms agent performance. In this paper we show that how the guidance is produced is the decisive variable, and introduce \emph{probe-and-refine tuning}: a procedure that uses synthetic bug-fix probes to iteratively diagnose and patch a repository's guidance file through single-shot LLM calls, with no agent loop or tool use during tuning. On SWE-bench Verified across four independent trials with Qwen3.5-35B-A3B at 200 steps, probe-and-refine achieves 33.0\,\% mean resolve rate vs.\ 28.3\,\% for the static knowledge base used to initialize it and 25.5\,\% for an unguided baseline ($p < 0.001$ for both probe-and-refine contrasts). The improvement comes from coverage rather than precision: refined guidance produces evaluable patches for 14.5 percentage points (pp) more instances while per-patch precision remains statistically constant ($\sim$59\,\%, $p = 0.119$), showing that improved guidance helps agents reach the correct file rather than improving the quality of the changes they make. Further, a step-budget experiment shows that guidance is what lets the agent use a larger step budget productively, and a cross-model experiment with NVIDIA-Nemotron-3-Nano-30B-A3B finds that the tuning loop degrades when the model cannot generate sufficiently diagnostic output, though per-patch precision remains constant even then. 2. [Phoenix: Safe GitHub Issue Resolution via Multi-Agent LLMs](https://arxiv.org/abs/2606.20243v1) - Published:2026-06-18 21:56 - 作者:Kipngeno Koech,Muhammad Adam,Baimam Boukar Jean Jacques,Joao Barros - 来源:arxiv - 相关性分数:83 - 命中原因:title matched "issue resolution"; summary matched "SWE-bench"; has PDF; has rich summary - 分类:cs.SE, cs.MA - 标签:评测 / 应用 / 方法 - 主题词:LLM / Agent - PDF:https://arxiv.org/pdf/2606.20243v1 - 摘要:We present Phoenix, a multi-agent LLM system that resolves GitHub issues from triage through pull-request creation, combining seven layered safety controls with a baseline-aware test evaluation strategy. Phoenix decomposes the work across six specialized agents. Planner, reproducer, coder, tester, failure analyst and Pull Request (PR) agent, all coordinated by a label-based GitHub webhook state machine. Every change is checked against a baseline test run before a pull request is opened. On a 24-instance slice of SWE-bench Lite. run on the production webhook path, Phoenix oracle-resolves 75% of instances with no pass-to-pass regressions on successful runs; this curated slice is not directly comparable to full-split leaderboard results, and we discuss the limits of the comparison. A complementary pilot on 42 real issues across 14 repositories yields 100% correctness preservation (CP; mean 122s on the hard tier). Manual inspection shows that about half of the resulting pull requests are well-targeted fixes. The other half place code at incorrect paths, a planner localization limitation we are addressing with retrieval. We also report the deployment failure modes (WAF filtering, token expiry, permission boundaries, flaky CI) that motivated each safety mechanism. 3. [N-Version Programming with Coding Agents](https://arxiv.org/abs/2606.20158v1) - Published:2026-06-18 20:23 - 作者:Javier Ron,Benoit Baudry,Martin Monperrus - 来源:arxiv - 相关性分数:63 - 命中原因:title matched "coding agent"; has PDF; has rich summary; has complete metadata - 分类:cs.SE - 标签:方法 - 主题词:Agent / Coding Agent - PDF:https://arxiv.org/pdf/2606.20158v1 - 摘要:This paper revisits the classical concept on N-version programming in the setting of contemporary AI coding agents. Revisiting the seminal Knight-Leveson experiment, we study whether diversity across agent systems, models, and implementation languages creates diverse failure modes. Using the Knight-Leveson's, Launch Interceptor Program Specification, we evaluate 48 agent-generated implementations on a shared oracle and a campaign of 1,000,000 randomized test inputs. The results show substantial common-mode failure, along the findings of Knight-Leveson. Further analysis that many of those co-occuring failures can be traced to where is specification is particularly hard or ambiguous. We also demonstrate that diversity from coding agents provides practical benefit: across majority voting three-version units, the mean failure count drops from 387.44 for single versions to 130.99 for triples, and 11,844 N-version units exhibit zero observed failures. Our original results is the strongest evidence to date that N-Version Programming with coding agents is a useful engineering strategy.