The paper proposes a compositional governance framework to provide richer, dynamic authorization semantics necessary for governing autonomous agentic AI systems, moving beyond traditional static IAM m…

The paper introduces a new benchmark and decomposition method, Sufficiency-Tightness Decomposition, demonstrating that current coding agents struggle to accurately infer least-privilege authorization,…

The paper introduces MuSimA, a web-based tool that addresses the lack of large-scale synthetic dataset generation for Attribute-based Access Control (ABAC) systems.

The paper proposes ExAI5G, a logic-based explainable AI framework that integrates a Transformer-based IDS with XAI techniques to provide highly accurate and transparent intrusion detection for 5G netw…

The paper introduces Sketch-based Access Control (SBAC), a multimodal AI-assisted system that helps users iteratively refine vague access control preferences into precise, intent-aligned policies thro…

The paper introduces the Open Agent Passport (OAP), a deterministic pre-action authorization framework that intercepts and validates AI agent tool calls against a declarative policy, achieving a 0% su…

The paper introduces Conleash, a client-side middleware that uses a risk lattice to enforce granular, boundary-scoped authorization for tool invocations, significantly improving user consent and secur…

Permit is a novel framework that enforces fine-grained, permission-aware control over the hidden states of LLMs, preventing information leakage even when sensitive data is present in the context.

The paper proposes an architectural proxy (MCP) to enforce robust, reliable tool access control for LLM agents, demonstrating that this structural enforcement is necessary because prompt-based restric…

The paper introduces a certified purity architecture that strengthens governance in cognitive workflow systems by replacing insufficient runtime checks with cryptographically attested structural guara…

The paper introduces APLiance, a novel ABAC framework that models privacy policies as access requests and checks their compliance against legal requirements by mapping law sections to ABAC rules.

The paper argues that traditional identity-based reputation mechanisms are structurally inapplicable to language model agents because their mutable, modular nature makes them ontologically dissociativ…

The paper proposes a novel design for website interaction that provides fine-grained access control, enabling agentic AI to safely perform delegated critical tasks on a user's behalf.

The paper introduces PROPARAG, an automated framework that autonomously assesses how well organizational cybersecurity policies comply with standard security controls, achieving high F1 scores on real…

The paper proposes a novel hybrid authorization framework that combines roles and First-Order Logic to enforce fine-grained, triple-level access control for autonomous agents interacting with knowledg…

The study evaluated text-based explanations of Trusted Execution Environments (TEEs) to non-experts, finding that while non-technical explanations improved understanding, they did not significantly in…

The paper argues that the Authorization-Execution Gap (AEG)—the divergence between intended authorization and actual execution—is a critical safety and security flaw in open-world agents, requiring so…

The paper proposes Proof-Carrying Agent Actions (PCAA), a runtime-neutral governance model that uses action certificates to consistently track and authorize high-risk actions across diverse and hetero…

The paper introduces AgentSecBench, a security evaluation framework that measures prompt injection, privacy leakage, and tool-use integrity in LLM agents by defining formal security games and testing…

The paper introduces 'causality laundering,' a novel security vulnerability in tool-calling LLM agents where adversaries exfiltrate information by probing denied actions, and proposes the Agentic Refe…