IVADO Workshop on Assessing and Improving the Capabilities and Safety of Agents. (Oct. 3 to Oct. 6, 2025)

By Ada Tur, Undergrad researcher at McGill NLP (ada.tur@mila.quebec)

Write-Up

As evidenced by the rapid growth of web- and computer-use LLM agents released over the past year, excitement about the capabilities and applications of agents has surged. IVADO’s 2025 Thematic Semester series features the theme Autonomous LLM Agents, including an agents bootcamp held in August and two workshops hosted in Montreal. The first of these workshops took place from Oct 3rd to Oct 6 at HEC Montréal, drawing many prominent researchers and academics who shared their latest work.

Day 1

The first day began with a presentation by CMU Professor Ruslan Salakhutdinov titled “Multimodal Autonomous AI Agents.” He discussed recent work from his laboratory, emphasizing progress with VisualWebArena  as a benchmark for realistic multimodal web agents. In this framework, webpage interactions are modeled as Partially Observable Markov Decision Processes, enabling clearer reasoning and more effective search. Yet, significant challenges remain: agents still struggle with long-term planning and abstraction, underscoring the need for value-guided exploration and large-scale, self-improving agent pipelines.

#aiagents #webagents #reasoning #multimodal #vlm #visionlanguage #nlp

Next, Professor Yu Su from Ohio State University revisited Moravec’s Paradox and its implications for modern agents. Moravec’s Paradox originally stated that simulating intelligence is easy, but replicating mobility is hard. Professor Su argued that this gap has now shifted: today, agents show relatively strong performance on computer-use tasks yet remain weak in symbolic reasoning. Despite rapid progress, computer-use agents plateau around 60 percent accuracy on OSWorld and WebArena. His recent work Mind2Web2 reframes evaluation through rubric trees, achieving nearly perfect consistency in agent scoring while revealing the enduring divide between symbolic intelligence and grounded usability.

#aiagents #webagents #agentevaluation #moravecsparadox #computeruseagents

Professor Bo Li from UIUC then addressed safety in agents. Through projects such as AgentPoison and ShieldAgent, she demonstrated multilayered defenses in which sub-agents enforce tailored safety policies. Her approach employs knowledge-enabled guardrails that act as scalable external layers rather than modifications of model weights. She described an ideal agentic configuration in which a primary agent coordinates smaller, specialized sub-agents, each with domain-specific guardrails.

#aiagents #webagents #aisafety #redteaming #agentsafety

Professor Parisa Kordjamshidi of Michigan State University presented research on compositional reasoning in vision-language models and on how neuro-symbolic AI can strengthen grounding abilities. She argued that genuine understanding in agents requires compositional reasoning grounded in neuro-symbolic representations. Her papers NeSyCoCo and FoRESTdemonstrate that integrating symbolic logic with vision-language models improves interpretability and robustness. By linking spatial logic with visual grounding, she bridges perception and reasoning, proposing DomiKnowS as a unified framework for neuro-symbolic AI.

#aiagents #grounding #symbolicreasoning #compositionalreasoning #visionlanguagemodels

Later, Professor Daniel Fried from CMU presented his work on workflow memory and programmatic abstractions for agents, drawing on papers such as  Agent Workflow Memory and Inducing Programmatic Skills for Agentic Tasks. His research shows that induced programs—not free-form text—produce more verifiable and reusable behaviors. Comparing human and agent workflows, he found that agents tend to code where humans ideate, highlighting the need for better human–agent interaction models built on shared abstractions.

#aiagents #webagents #codingagents #agentmemory #hci #abstractions

Professor Joyce Chai of the University of Michigan introduced her paper on Proactive Assistant Dialogue Generation for perceptually enabled task guidance, in which agents learn from synthetic dialogue grounded in egocentric video. Using situated-interaction simulation via Amazon Alexa’s SimBot and synthetic training pipelines, her framework trains multimodal agents that can guide humans through complex tasks—such as cooking—bridging digital and physical environments seamlessly.

#aiagents #embodiedai #embodiedagents #multimodalai #grounding

Finally, Professor Yoav Artzi from Cornell concluded the day with a thought-provoking presentation on rethinking how LLMs access knowledge. His paper Limited Memory Language Models proposes externalizing knowledge from model parameters into modular databases, reducing hallucinations, improving factual accuracy, and simplifying unlearning. This separation of reasoning from memory allows for safer, more controllable agents with minimal internal knowledge, enabling faster training, transparent updates, and progress toward modular, interpretable reasoning.

#aiagents #webagents #agentmemory #externalmemory #controllableagents #finetuning

Day 2

Professor Graham Neubig of CMU opened the second day by sharing lessons from deploying coding agents in real-world settings: 1. simplicity scales, 2. hybrid GUI–API setups outperform others, 3. agentic training (through rollouts, synthetic data, and human demonstrations) is essential, 4. benchmarking must be ecologically valid, and 5. agents must co-adapt with human users. His VersaBench framework stresses ecological validity—evaluating agents as humans actually use them: interactively and imperfectly.

#aiagents #webagents #aisafety #scaling #benchmark #humancomputerinteraction

Professor Aishwarya Agrawal of UdeM then examined how multimodal agents reason about visual edits and cultural alignment. Her laboratory found that while supervised fine-tuning with chain-of-thought degraded image-editing performance, reinforcement-learning-based fine-tuning improved relational reasoning. Her papers Learning What Matters and CulturalFrames show that agents acquire skills progressively and must be assessed for cultural alignment as rigorously as for visual accuracy.

#aiagents #webagents #imageediting #culture #chainofthought #multimodal

Professor Yonatan Bisk of CMU discussed spatial and semantic awareness in embodied models. His MoTIF and Vid2Robot studies reveal that models still fail to integrate spatial continuity, overfitting to visual rather than conceptual features. He concluded that genuine embodied understanding requires inductive biases—not merely larger models—to connect conceptual and physical space.

#aiagents #semantics #spatialawareness #embodiedai #grounding

Next, Professor Ivan Titov from the University of Edinburgh spoke on faithful reasoning and privacy-preserving collaboration. His paper Truthful or Fabricated? shows that reasoning traces can conceal false justifications. Introducing counterfactual signals and privacy profiles allows multi-agent systems to collaborate effectively while minimizing data exposure and maintaining a balance between utility and control.

#aiagents #faithfulness #trustworthyai #reasoning #privacy #humancomputerinteraction

Professor Abhik Roychoudhury of the National University of Singapore explored how trust can be established between developers and coding agents. His work Programming with Trust connects developer intent and buggy code through formal analysis, generating logical properties that guide reliable fixes. By embedding analysis within the agent—beyond code or text—he envisions tools that iteratively refine their understanding of issues through stratified search, potentially extending to broader software-engineering and security contexts once trust conditions are well defined.

#aiagents #trustworthyai #embeddings #codingagents #computeruseagents

Finally, Professor Huan Sun from Ohio State University closed the day by examining the link between capability growth and safety gaps. Her laboratory’s RedTeamCUA and Reversal Curse papers model compositional-reasoning failures, showing that surface labels can distort conceptual generalization. Echoing Professor Neubig, she argued that future safety testing must be systematic, ecologically valid, and grounded in realistic threat scenarios.

#aiagents #webagents #computeruseagents #aisafety #compositionalreasoning

Day 3

Professor Tao Yu from Hong Kong University began Day 3 with a presentation on agent evaluation frameworks, highlighting OSWorld and AgentNet as foundational for scalable computer-use agents. His approach reframes computer interfaces as structured, Python-based environments, enabling automatic state setup and evaluation. He identified reflection, memory, planning, and prediction as the four core pillars of CUAs and argued that high-quality chain-of-thought reasoning bridges perception and agency. Looking forward, he called for foundation models that act as embodied agents capable of safe operation across digital and physical domains.

#aiagents #webagents #computeruseagents #embodiedai #codingagents #reasoning

Professor Xin Eric Wang of UC Santa Barbara analyzed the limitations of current CUAs—from poor grounding to inconsistent task success. His Agent S3 framework addresses the cold-start problem via self-supervised exploration, while a mixture of grounding experts handles visual, textual, and structural reasoning. Papers such as Soft Thinking and GRIT show that “thinking with images” amplifies both reasoning and grounding. Wang envisions self-evolving CUAs that refine and adapt through repeated experience, potentially achieving superhuman precision in computer interaction.

#aiagents #webagents #computeruseagents #multimodal #reasoning #grounding

A panel followed with Professors Joyce Chai, Tao Yu, Graham Neubig, Parisa Kordjamshidi, Yu Su, and moderator Victor Zhong. Discussion centered on grounding, world modeling, and reliable reward design. Panelists agreed that safety begins with grounding—whether interpreted as translation across domains or as bridging distinct “worlds.” They warned of catastrophic forgetting in continual learning and emphasized the need for agents that know when to act and when to stop.

#aiagents #grounding #aisafety #continuallearning #webagents

Alexandre Drouin from ServiceNow presented his team’s extensive agent-related research, leveraging WorkArena and BrowserGym for long-horizon, high-cognition web tasks. Their Just-In-Time Episodic Feedback paper enables agents to learn from their own mistakes by identifying failure loops. With UI-Vision, he showed that user-interface understanding remains largely unsolved, while DRBench and DoomArena extend evaluation to data-retrieval and security contexts. He concluded that the future of agentic work depends on open, agent-agnostic, and security-aware benchmarks.

#aiagents #webagents #aisafety #codingagents #privacy #retrieval

Professor Andrea Bajcsy of CMU then approached safety from a control-theory perspective, emphasizing deployment-time guardrails over model rewrites. Her paper Latent Safety Filters computes safe trajectories directly within an agent’s internal state space, co-optimizing classifier and policy. By incorporating uncertainty awareness, the framework supports recovery from unseen failures. Bajcsy envisions agentic guardrails that not only block unsafe behavior but also anticipate and recover from it in real time.

#robotics #aiagents #aisafety #multimodal #reasoning #grounding

The day concluded with Professor Zhijing Jin from the University of Toronto, who explored ways to give agents causal intelligence—the ability to distinguish correlation from causation. In works such as CLadder and Causal AI Scientist, she models scientific reasoning as a causal decision process in which LLMs learn to form and test hypotheses. Her research extends retrieval-augmented generation (RAG) by embedding causal graphs into LLM reasoning, aiming for agents capable of autonomously synthesizing and validating scientific discoveries.

#aiagents #aiscientist #causalintelligence #retrieval #reasoning #rag

Day 4

Professor Yoshua Bengio of Université de Montréal opened the final day with a call to shift from agentic competition to epistemic cooperation. His Scientist AI proposal envisions non-agentic systems—AIs functioning as predictors that model the world without implicit goals. Using Bayesian posteriors as “probabilistic oracles,” such models could assess risk while remaining fundamentally non-agentic, protecting researchers from loss of control and unintended behaviors.

#aiagents #aiscientist #aisafety #worldmodeling

Professor Prithviraj Ammanabrolu of UC San Diego analyzed the balance between safety and capability, suggesting that scalable “levers” such as model priors, rewards, and environments can reconcile the two. His group shows that fine-grained human feedback and lightweight reward modeling can achieve alignment without exhaustive supervision. In works like MINDCraft and Beyond Needles in the Embodied Haystack, he demonstrates that simple, well-structured environments enable agents to generalize safely across complex tasks.

#aiagents #embodiedai #humancomputerinteraction #scaling #aisafety

Finally, Professor Dawn Song of UC Berkeley closed the workshop by underscoring that cybersecurity is the frontline of AI safety. Her team’s AgentVigil and AgentXploit frameworks show that memory, retrieval, and tool use expose agents to new vulnerabilities. Through works such as Progent, she emphasized the need for standardized, reproducible risk-assessment platforms for agentic systems.

#aiagents #aisafety #webagents #retrieval #agentmemory #cybersecurity

Across all talks and sessions, one central theme dominated: capability and safety are no longer separable. From compositional reasoning to secure deployment, contemporary agentic-AI research is converging on self-improving yet safeguarded agents—systems that reason, plan, and act responsibly in both digital and embodied worlds. IVADO’s second workshop in this series will take place from November 17 to 19, featuring many more talks from leading AI researchers worldwide.