This week in AI papers

We keep an eye on new AI papers on arXiv, pick one or two that really matter each day, and share the key ideas — no hype, just clear explanations.

Unpacked by our trio: Alex the plain-language host, Marc the hands-on power user, and Jamie the senior ML engineer.

Survey of LLM Agent Communication with MCP: A Software Design Pattern Centric Review

2026-05-31

Excerpt — This comprehensive survey explores how classical software design patterns can improve communication reliability and scalability in LLM-driven multi-agent systems. It focuses on the Model Context Protocol (MCP), tracing…

📝 Article 📄 PDF

NaviAgent: Graph-Driven Bilevel Planning for Scalable Tool Orchestration

2026-05-29

Excerpt — NaviAgent tackles the challenge of coordinating hundreds or thousands of external tools invoked by LLM agents. By leveraging graph-driven bilevel planning, it offers a scalable orchestration method that reduces error…

📝 Article 📄 PDF

Semantic Attacks on Tool-Augmented LLMs: Securing the Model Context Protocol Against Malicious Tool Descriptors

2026-05-30

Excerpt — This paper exposes vulnerabilities in MCP where tool descriptors—treated as trusted metadata—can be exploited to manipulate LLM reasoning. It highlights a critical security gap in tool-augmented LLMs and proposes…

📝 Article 📄 PDF

ADR: An Agentic Detection System for Enterprise Agentic AI Security

2026-05-25

Excerpt — ADR is the first large-scale, production-proven framework designed to detect and respond to security threats in agentic AI operating via MCP. It addresses limited observability and the challenge of tracing causal chains…

📝 Article 📄 PDF

LivePI: More Realistic Benchmarking of Agents Against Indirect Prompt Injection

2026-05-25

Excerpt — LivePI presents a benchmark for evaluating AI agents’ resilience to indirect prompt injection (IPI) attacks via untrusted inputs like emails or downloaded files. It moves beyond small-scale or simulated evaluations to…

📝 Article 📄 PDF

SafeGPT: Preventing Data Leakage and Unethical Outputs in Enterprise LLM Use

2026-05-27

Excerpt — SafeGPT introduces a two-sided guardrail system combining input-side detection/redaction with output-side moderation and reframing to prevent sensitive data leakage and unethical content generation in enterprise…

📝 Article 📄 PDF

Whispers of Wealth: Red-Teaming Google's Agent Payments Protocol via Prompt Injection

2026-05-27

Excerpt — This red-teaming study probes the security of Google’s Agent Payments Protocol (AP2), revealing how prompt injection can compromise agent-led financial transactions despite cryptographic safeguards. **Why read it?**…

📝 Article 📄 PDF

The Misattribution Gap: When Memory Poisoning Looks Like Model Failure in Agentic AI

2026-05-30

Excerpt — This paper identifies a structural failure in diagnosing agent misconduct: memory-layer attacks can mimic model misalignment, leading to misapplied fixes. It formalizes Semantic Norm Drift (SND) as a distinct cause of…

📝 Article 📄 PDF

From Refusal to Recovery: A Control-Theoretic Approach to Generative AI Guardrails

2026-05-26

Excerpt — Moving beyond simple content blocking, this work proposes a control-theoretic framework for AI guardrails that preempt downstream harms like financial or physical damage through dynamic intervention strategies. **Why…

📝 Article 📄 PDF

ESLD (External Surrogate Latent Defense): A Latent-Space Architecture for Faster and Safer AI Assistants

2026-05-26

Excerpt — ESLD introduces a latent-space defense architecture to detect and mitigate malicious inputs from multiple sources before they influence agent reasoning, reducing prompt injection risks. **Why read it?** Engineers…

📝 Article 📄 PDF

Governance by Construction for Generalist Agents

2026-05-29

Excerpt — CUGA’s policy-as-code system enables enterprises to specify allowed actions, human oversight triggers, and information exposure rules modularly—without rebuilding agents per domain. **Why read it?** This approach…

📝 Article 📄 PDF

Beyond Semantic Similarity: A Two-Phase Non-Parametric Retrieval Workflow for Corporate Credit Underwriting

2026-05-28

Excerpt — Addressing the similarity-utility gap in Retrieval-Augmented Generation pipelines, this paper proposes a two-phase retrieval method to extract actionable evidence from complex financial documents. **Why read it?** It…

📝 Article 📄 PDF