To address high-risk failures in monitoring LLM-based agents—such as unauthorized sensitive data leakage—this paper introduces the *Control Safety Case* framework, shifting AI safety assurance from capability alignment to rigorous verification of control robustness. Methodologically, it integrates red-teaming adversarial testing, formal modeling of control effectiveness, agent behavior stimulation, and conservative probabilistic extrapolation to construct a testable, three-layer evidential chain. This work provides the first systematic definition of the framework and delivers a structured, reusable safety argument template for pre-deployment trustworthiness assessment of high-risk LLM agents. The contribution advances AI governance by supplying auditable, reproducible technical evidence, significantly enhancing the quantifiability and rigor of failure-mode analysis for safety-critical controls. (124 words)

As LLM agents gain a greater capacity to cause harm, AI developers might increasingly rely on control measures such as monitoring to justify that they are safe. We sketch how developers could construct a"control safety case", which is a structured argument that models are incapable of subverting control measures in order to cause unacceptable outcomes. As a case study, we sketch an argument that a hypothetical LLM agent deployed internally at an AI company won't exfiltrate sensitive information. The sketch relies on evidence from a"control evaluation,"' where a red team deliberately designs models to exfiltrate data in a proxy for the deployment environment. The safety case then hinges on several claims: (1) the red team adequately elicits model capabilities to exfiltrate data, (2) control measures remain at least as effective in deployment, and (3) developers conservatively extrapolate model performance to predict the probability of data exfiltration in deployment. This safety case sketch is a step toward more concrete arguments that can be used to show that a dangerously capable LLM agent is safe to deploy.