RestriktAI: Enhancing Safety and Control for Autonomous AI Agents

Jan 20, 2025

RestriktAI: Enhancing Safety and Control for Autonomous AI Agents

João Lucas Duim, Juan Belieni

Read Project

Details

Summary

This proposal addresses a critical gap in AI safety by mitigating the risks posed by autonomous AI agents. These systems often require access to sensitive resources that expose them to vulnerabilities, misuse, or exploitation. Current AI solutions lack robust mechanisms for enforcing granular access controls or evaluating the safety of AI-generated scripts. We propose a comprehensive solution that confines scripts to predefined, sandboxed environments with strict operational boundaries, ensuring controlled and secure interactions with system resources. An integrated auditor LLM also evaluates scripts for potential vulnerabilities or malicious intent before execution, adding a critical layer of safety. Our solution utilizes a scalable, cloud-based infrastructure that adapts to diverse enterprise use cases.

See Code

Download PDF

View Presentation

Cite this work:

@misc {

title={

RestriktAI: Enhancing Safety and Control for Autonomous AI Agents

author={

João Lucas Duim, Juan Belieni

date={

1/20/25

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Review

Reviewer Name

Constructive critique

Criteria 1:

Advancing interpretability (Possible questions to answer in this criteria: Does the project contribute to the field of mechanistic interpretability? Does it provide new insights into understanding or steering AI model behavior? How well does it move us towards reprogramming AI models? How original and innovative is the approach?)

2.5

Criteria 2:

Relevance for AI safety (Possible questions to answer in this criteria: How important is the contribution to advancing the field of AI safety? Do we expect the results to generalize beyond the specific case(s) presented in the submission? Does the approach introduce new safety mechanisms or enhance existing ones in innovative ways?))

2.5

Criteria 3:

Methodology & presentation (Possible questions to answer in this criteria: How well is the project executed from a technical standpoint?, Is the code well-structured, documented, and reproducible?, How effectively does it utilize Goodfire's SDK/API and other provided resources?, How clearly and effectively is the research presented in the paper?, Quality of visualizations and demos (if applicable), Clarity of methodology explanation and results interpretation))

2.5

Reviewer's Comments

Finn

some good ideas in there, I think the concepts could be a bit more clearly seperated, what is just automated red teaming vs. what is the proposed technical solution for the sandbox environment. Would look more strongly in either direction and provide more code. I would ask myself where my strengths are and which solution or approach (you also mentioned some governance elements in there) are best suited to be persuid by the team.

C1:

C2:

1.8

C3:

1.2

Jaime Raldua

I like the overall direction of RestriktAI, but I have mixed feelings about their approach. Running LLMs in sandboxes isn't really groundbreaking, and using another LLM as an auditor is something we've seen before. That said, I'm pretty excited about their idea of developing a custom scripting language specifically for AI use, that's actually a fresh take that could open up some interesting possibilities for safer AI interactions.

The SQL injection demo is cool and shows the system works for current threats. The project seems too focused on immediate issues like jailbreaking, which might not be as relevant when we're dealing with more capable AI systems. While it's a solid starting point for improving current AI safety, I'm not fully convinced it'll scale well to address the deeper, more complex safety challenges.

C1:

2.5

C2:

C3:

2.8

Recent Projects

View All

Mar 24, 2025

Attention Pattern Based Information Flow Visualization Tool

Understanding information flow in transformer-based language models is crucial for mechanistic interpretability. We introduce a visualization tool that extracts and represents attention patterns across model components, revealing how tokens influence each other during processing. Our tool automatically identifies and color-codes functional attention head types based on established taxonomies from recent research on indirect object identification (Wang et al., 2022), factual recall (Chughtai et al., 2024), and factual association retrieval (Geva et al., 2023). This interactive approach enables researchers to trace information propagation through transformer architectures, providing deeper insights into how these models implement reasoning and knowledge retrieval capabilities.

Mar 24, 2025

jaime project Title

bbb

Mar 25, 2025

Safe ai

The rapid adoption of AI in critical industries like healthcare and legal services has highlighted the urgent need for robust risk mitigation mechanisms. While domain-specific AI agents offer efficiency, they often lack transparency and accountability, raising concerns about safety, reliability, and compliance. The stakes are high, as AI failures in these sectors can lead to catastrophic outcomes, including loss of life, legal repercussions, and significant financial and reputational damage. Current solutions, such as regulatory frameworks and quality assurance protocols, provide only partial protection against the multifaceted risks associated with AI deployment. This situation underscores the necessity for an innovative approach that combines comprehensive risk assessment with financial safeguards to ensure the responsible and secure implementation of AI technologies across high-stakes industries.

Mar 24, 2025