Risk-Aware LLM Agents for Geospatial Data Retrieval, ISPRS 2026

Kyle Gao, Joel Cumming, Jonathan Li, Linlin Xu and David A. Clausi submitted "Risk-Aware LLM Agents for Geospatial Data Retrieval: Design and Preliminary Adversarial Evaluation" to arXiv (arXiv:2606.15077) on 13 Jun 2026 and the paper is accepted for publication in the International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences (ISPRS Archives), ISPRS Congress 2026. The paper describes an LLM-driven framework that converts user intent expressed in natural language into structured API calls to retrieve remote sensing data from cloud-based geospatial catalogues.

Design and components

The architecture coordinates three specialized agents. Guardrail provides safety and policy enforcement. General-QA handles intent interpretation. Recommender-Analyst produces schema-aware API call generation. The system translates user queries into structured API requests, enabling access to satellite imagery and environmental datasets hosted in cloud-based geospatial catalogues.

The authors describe the framework as modular and portable: it is designed to work across platforms through API schema substitution. They position the architecture as an interface between user intent and geospatial infrastructure, intended to streamline Earth observation workflows. The paper lists potential application areas including environmental monitoring, disaster response, and climate analysis.

Preliminary adversarial evaluation

The paper reports preliminary experiments under adversarial multi-turn settings. Those tests found that prompt-level safety instructions improve robustness against adversarial inputs. Despite that improvement, the authors observed rare high-impact failures in API manipulation scenarios. Those failures highlight a remaining attack surface and lead the authors to argue for adaptive, system-level defenses that balance safety, usability and cost efficiency. That motivation underpins the design and proposed use of the intercept-level Guardrail agent.

The evaluation is described as preliminary and adversarial, indicating the authors focused on multi-turn interactions where an LLM-driven agent both interprets intent and constructs API calls. The findings emphasize that prompt-level mitigations are useful but insufficient by themselves for certain high-impact manipulation cases.

Why it matters

Embedding LLMs in geospatial retrieval pipelines changes how nontechnical users can access satellite imagery and environmental data: natural-language queries become structured API calls, lowering the barrier to assemble datasets. At the same time, the paper makes clear that attackers or malformed interactions can manipulate API calls in ways that prompt-level safeguards do not always prevent. The result is a tension between usability and system-level safety that the authors make central to their design.

By proposing a Guardrail agent deployed at the intercept level, the authors shift attention from purely prompt-based controls to coordinated enforcement inside the system. That approach matters because satellite and environmental data workflows can have high operational and cost consequences if API calls are manipulated or misissued.

What to watch

Look for the ISPRS Congress 2026 publication and any follow-on work that expands the adversarial evaluation beyond preliminary tests. Concrete signals to watch are demonstrations of adaptive, system-level defenses in deployed pipelines and evaluations showing a reduction in the rare high-impact API manipulation failures the authors observed.