This research addresses the security gap in agentic control planes where non-deterministic autonomous agent reasoning interacts with deterministic infrastructure mutations. Traditional IAM fails to validate real-time intent, creating a risk of unauthorized infrastructure changes if an agent's reasoning drifts or is compromised. The proposed architecture implements a Sovereign Assurance Boundary (SAB) to certify intent via cryptographic execution contracts and a Sovereign Execution Broker (SEB) to enforce these contracts. By decoupling identity from capability and utilizing short-lived, scoped execution identities and live-state drift detection, the framework prevents unauthorized mutations regardless of the agent's internal state.
-
Research Overview & Threat Model
- Transition from "Identity-as-Access" to "Certified-Intent-as-Capability" to secure non-deterministic AI agents.
- Addresses the failure of static IAM to validate the specific intent of autonomous mutation requests in real-time.
- Mitigates "reasoning drift" where agent outputs deviate from organizational security policy during production execution.
-
Technical Architecture: SAB & SEB
- Sovereign Assurance Boundary (SAB): Acts as the policy evaluator that validates agent proposals and issues signed, short-lived execution certificates.
- Sovereign Execution Broker (SEB): Serves as the mandatory runtime enforcement point that verifies certificates before invoking target APIs.
- Certificate-Bound Contracts: Cryptographic payloads specifying the exact mutation intent, validity windows, and strict policy constraints.
-
Enforcement Mechanisms & State Integrity
- Scoped Execution Identities: The SEB mints single-use, ephemeral identities only after certificate verification, ensuring zero persistent privilege.
- Live-State Drift Detection: SEB validates that the target infrastructure state remains consistent with the certified contract immediately prior to execution.
- Epoch-based Security: Implementation of policy and revocation epochs to enable the rapid neutralization of compromised agent authority.
-
Deployment & Impact Metrics
- Bypass-Prevention: Architectural requirements ensure production APIs reject all identities not originating from the SEB.
- Performance Overhead: Analysis focuses on the latency introduced by the SAB/SEB verification handshake within AWS and Kubernetes environments.
- Resilience Testing: System robustness is measured via fault injection and the temporal efficiency of revocation propagation.
-
Industry & Defense Implications
- Establishes a formal verification layer for agentic workflows, moving toward a Zero Trust model for autonomous entities.
- Provides a scalable blueprint for transitioning IAM from identity-centric to intent-centric control planes.
- Drastically reduces the blast radius of compromised LLM-driven agents by restricting execution to pre-verified, signed contracts.
Related posts
- arXiv (Computer Science - Cryptography and Security) — Sovereign Execution Brokers: Enforcing Certificate-Bound Authority in Agentic Control Planes
- Nlogn
- Thecuberesearch
- Chatpaper