COPLAS talk: The LLMbda Calculus: AI Agents, Conversations, and Information Flow
Abstract:
Large language models now sit at the heart of agentic systems that interleave LLM calls with tools, code, and planning loops. This tight coupling creates a powerful but fragile computational model—one where a single injected prompt can silently steer later reasoning, trigger unsafe actions, or corrupt outputs.
In this talk, I introduce the LLMbda calculus, a minimal lambda calculus extended with dynamic information‑flow control and primitives for constructing prompt‑response conversations. The calculus models LLM invocations directly in the semantics, making it possible to reason formally about planner loops, prompt‑injection vulnerabilities, and defenses such as sandboxed sub‑conversations and isolation of generated code.
A termination‑insensitive noninterference theorem provides integrity and confidentiality guarantees, showing that even highly dynamic agentic workflows can be given a rigorous semantic foundation. This framework opens the door to principled reasoning about the safety of LLM‑based agents.
Joint work with Zac Garby (U. Nottingham) and Andrew D Gordon (U. Edinburgh)
Host: Boel Nelson, DIKU
This is a public talk. All are welcome. No registration required. Feel free to forward this invitation.
The Copenhagen Programming Languages Seminar (COPLAS) is a collaboration between DTU, ITU, Roskilde University, UCPH and AAU. To post to and be informed about COPLAS activities and related talks, visit here