PS-UIE proposes a privilege-separated architecture to continuously enforce the integrity of file-backed user-space executable objects within Confidential Virtual Machines (CVMs) like AMD SEV-SNP.

The paper introduces Neo, an agentic program analysis framework that successfully detects zero-day privilege escalation vulnerabilities in complex, polyglot microservices by combining LLMs with advanc…

ALPS is an automated, vendor-agnostic framework that enforces least privilege in serverless functions by analyzing code and generating precise security policies, achieving high coverage and significan…

The paper introduces SuperPaymaster, an Asset-Oriented Abstraction (AOA) paymaster that eliminates the need for a centralized off-chain signer, thereby improving the decentralization and efficiency of…

The paper introduces a new benchmark and decomposition method, Sufficiency-Tightness Decomposition, demonstrating that current coding agents struggle to accurately infer least-privilege authorization,…

The paper proposes a two-stage post-training pipeline to create a small, local LLM agent (PrivEsc-LLM) capable of performing Linux privilege escalation, achieving high success rates while drastically…

Grimlock is an Agent Guard that enhances security for high-agency systems by enforcing identity, authorization, and scope-bound communication through eBPF and attested TLS channels, without modifying…

ChainCaps introduces a novel runtime capability budgeting system that prevents 'permission laundering' in complex tool-using agents, significantly reducing attack success rates while maintaining benig…

The paper proposes the Secret-Use Delegation Protocol (SUDP) to solve the Agent Secret Use (ASU) problem, ensuring that autonomous agents can perform user-authorized operations without gaining reusabl…

The paper introduces GrantBox, a new security sandbox that evaluates how well LLM agents handle real-world tool privileges, finding that agents remain highly vulnerable to sophisticated attacks.

The paper introduces EBCC, an OCI-compatible runtime architecture that manages composite confidential-computing workloads by integrating TEE-backed execution into the standard container lifecycle.

The paper proposes a RADIUS-based framework to maintain persistent device identity for Network Access Control (NAC) despite modern operating system MAC address randomization, ensuring regulatory compl…

PragLocker is a novel prompt protection scheme that secures valuable LLM agent prompts against theft and reuse by other proprietary models by making them non-portable.

The paper introduces ExploitBench, a capability-graded benchmark that measures the progressive stages of exploitation, demonstrating that while current frontier models can easily trigger bugs, achievi…

The paper proposes a comprehensive cryptographic distribution provenance system to structurally defend against dependency confusion attacks in software package ecosystems.

AgentVisor is a novel defense framework that uses semantic virtualization, inspired by OS principles, to significantly reduce LLM agent vulnerability to prompt injection while maintaining high utility…

The paper proposes Federated Computing as Code (FCaC), a declarative architecture that enforces sovereignty-critical constraints in federated systems by compiling authority into cryptographically veri…

ProcRoute is a system that restricts internal network route access to specific, authorized applications, preventing unprivileged processes from exploiting split-tunnel VPN routes.

The paper introduces MolTrust, a production-deployed trust infrastructure built on W3C standards (VCs and DIDs) that provides a verifiable, multi-layered authorization framework for autonomous AI agen…

The paper introduces TEERepair, a framework that automatically repairs severe security vulnerabilities caused by improper partitioning in Trusted Execution Environments (TEEs) by combining a domain-sp…