The authors build ARSM-Agent, a medical decision-making agent with a six-stage security pipeline: input risk perception, medical evidence constraint, knowledge consistency verification, decision confidence reweighting, safety output control, and adversarial feedback updates. They train with a weighted joint objective (30% decision accuracy, 30% adversarial robustness, 20% safety refusal, 20% knowledge consistency) and show it reduces attack success rate to 8.7% under semantic perturbation, prompt injection, drug-name confusion, and false-evidence attacks, while maintaining 0.91 knowledge consistency. Ablation experiments quantify each module's contribution to accuracy and attack resistance.
Main takeaways:
- ARSM-Agent uses a six-stage pipeline: risk perception, evidence constraint, consistency verification, confidence reweighting, safety control, and adversarial feedback
- Trained with a weighted joint objective: 30% decision accuracy, 30% adversarial robustness, 20% safety refusal, 20% knowledge consistency
- Reduces overall attack success rate to 8.7% under semantic perturbation, prompt injection, drug-name confusion, and false-evidence attacks
- Achieves 0.91 knowledge consistency score (agreement with verified medical knowledge)
- Ablation shows each module contributes 4.4–9.1% accuracy and reduces attack success rate by 6.9–13.8%