SafetyDrift: Predicting When AI Agents Cross the Line Before They Actually Do

ArXi:2603.27148v1 Announce Type: cross When an LLM agent reads a confidential file, then writes a summary, then emails it externally, no single step is unsafe, but the sequence is a data leak. We call this safety drift: individually safe actions compounding into violations. Prior work has measured this problem; we predict it. SafetyDrift models agent safety trajectories as absorbing Marko chains, computing the probability that a trajectory will reach a violation within a given number of steps via closed form absorption analysis.