The paper proposes a compositional governance framework to provide richer, dynamic authorization semantics necessary for governing autonomous agentic AI systems, moving beyond traditional static IAM m…

The paper introduces the Open Agent Passport (OAP), a deterministic pre-action authorization framework that intercepts and validates AI agent tool calls against a declarative policy, achieving a 0% su…

The paper introduces a new benchmark and decomposition method, Sufficiency-Tightness Decomposition, demonstrating that current coding agents struggle to accurately infer least-privilege authorization,…

SkillScope introduces a graph-based framework to enforce fine-grained least-privilege in LLM Agent Skills, significantly reducing over-privileged actions while maintaining task functionality.

The paper introduces MolTrust, a production-deployed trust infrastructure built on W3C standards (VCs and DIDs) that provides a verifiable, multi-layered authorization framework for autonomous AI agen…

The paper introduces GAAP, an execution environment that deterministically guarantees the confidentiality of private user data by enforcing user-defined permission specifications on AI agents, even ag…

ChainCaps introduces a novel runtime capability budgeting system that prevents 'permission laundering' in complex tool-using agents, significantly reducing attack success rates while maintaining benig…

AgentVisor is a novel defense framework that uses semantic virtualization, inspired by OS principles, to significantly reduce LLM agent vulnerability to prompt injection while maintaining high utility…

The paper argues that the Authorization-Execution Gap (AEG)—the divergence between intended authorization and actual execution—is a critical safety and security flaw in open-world agents, requiring so…

The paper proposes a novel design for website interaction that provides fine-grained access control, enabling agentic AI to safely perform delegated critical tasks on a user's behalf.

This paper analyzes the security of LLM-based autonomous agents by drawing parallels to operating system security, finding that while some vulnerabilities are inherent, many can be mitigated using est…

The paper introduces GrantBox, a new security sandbox that evaluates how well LLM agents handle real-world tool privileges, finding that agents remain highly vulnerable to sophisticated attacks.

The paper proposes AuthGraph, a dual-graph defense framework that structurally compares information provenance (what data was used) against a clean authorization baseline to detect fine-grained, param…

The paper introduces PACT, a provenance-aware runtime monitor that enhances agent security by tracking the origin and trust of individual tool arguments, solving the granularity mismatch in LLM agent…

The paper proposes an architectural proxy (MCP) to enforce robust, reliable tool access control for LLM agents, demonstrating that this structural enforcement is necessary because prompt-based restric…

PragLocker is a novel prompt protection scheme that secures valuable LLM agent prompts against theft and reuse by other proprietary models by making them non-portable.

The paper proposes AgentDID, a decentralized framework using DIDs and verifiable credentials to provide trustless identity authentication and dynamic state verification for autonomous, self-managed AI…

The paper introduces a contextual security framework for LLM agents, defining security properties and reformulating various attacks and defenses based on the context of execution.

The paper introduces AgentSecBench, a security evaluation framework that measures prompt injection, privacy leakage, and tool-use integrity in LLM agents by defining formal security games and testing…

The paper proposes a portable authorization standard for autonomous agents, addressing the structural gaps in existing identity models when agents operate across organizational boundaries.