Pith. sign in

REVIEW 27 cited by

Authenticated Delegation and Authorized AI Agents

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2501.09674 v1 pith:LIUC7D4L submitted 2025-01-16 cs.CY cs.AIcs.NI

Authenticated Delegation and Authorized AI Agents

classification cs.CY cs.AIcs.NI
keywords agentsaccessaccountabilitydelegationframeworkwhileagentauditable
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

The rapid deployment of autonomous AI agents creates urgent challenges around authorization, accountability, and access control in digital spaces. New standards are needed to know whom AI agents act on behalf of and guide their use appropriately, protecting online spaces while unlocking the value of task delegation to autonomous agents. We introduce a novel framework for authenticated, authorized, and auditable delegation of authority to AI agents, where human users can securely delegate and restrict the permissions and scope of agents while maintaining clear chains of accountability. This framework builds on existing identification and access management protocols, extending OAuth 2.0 and OpenID Connect with agent-specific credentials and metadata, maintaining compatibility with established authentication and web infrastructure. Further, we propose a framework for translating flexible, natural language permissions into auditable access control configurations, enabling robust scoping of AI agent capabilities across diverse interaction modalities. Taken together, this practical approach facilitates immediate deployment of AI agents while addressing key security and accountability concerns, working toward ensuring agentic AI systems perform only appropriate actions and providing a tool for digital service providers to enable AI agent interactions without risking harm from scalable interaction.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 27 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. A First Measurement Study on Authentication Security in Real-World Remote MCP Servers

    cs.CR 2026-05 conditional novelty 8.0

    First measurement study of 7,973 remote MCP servers finds 40.55% lack authentication and all 119 tested OAuth servers have flaws that risk data leaks or account takeover.

  2. SentinelAgent: Intent-Verified Delegation Chains for Securing Federal Multi-Agent AI Systems

    cs.CR 2026-04 conditional novelty 8.0 partial

    SentinelAgent defines seven properties for verifiable delegation chains in multi-agent AI systems and reports a protocol achieving 100% true positive rate at 0% false positives on a 516-scenario benchmark while using ...

  3. Dissociative Identity: Language Model Agents Lack Grounding for Reputation Mechanisms

    cs.CY 2026-05 conditional novelty 7.0

    VLMs preserve linearly separable visual magnitudes and can compare them, yet collapse at symbolic mapping because visual and textual number spaces remain fractured and disjoint.

  4. Do Coding Agents Understand Least-Privilege Authorization?

    cs.CR 2026-05 unverdicted novelty 7.0

    Coding agents struggle to infer least-privilege file permissions by omitting needed accesses while granting unused or sensitive ones, but Sufficiency-Tightness Decomposition improves sensitive-task success by up to 15...

  5. Attacks and Mitigations for Distributed Governance of Agentic AI under Byzantine Adversaries

    cs.CR 2026-05 unverdicted novelty 7.0

    Identifies concrete attacks from a malicious Provider on SAGA and proposes SAGA-BFT, SAGA-MON, SAGA-AUD, and SAGA-HYB mitigations offering different security-performance trade-offs.

  6. ClawNet: Human-Symbiotic Agent Network for Cross-User Autonomous Cooperation

    cs.AI 2026-04 unverdicted novelty 7.0

    ClawNet digitizes human collaborative relationships into a network of identity-governed AI agents that collaborate on behalf of their owners through a central orchestrator enforcing binding and verification.

  7. The Balkanization of Execution-Security Research for AI Coding Agents: Isolation, Access Control, and Time-of-Check-to-Time-of-Use Vulnerabilities

    cs.CR 2026-07 accept novelty 6.5

    Execution-security research for AI coding agents is fragmented across 17 mechanism categories with five unaddressed cross-cutting gaps, including missing head-to-head isolation-vs-capability evaluation and untested re...

  8. Governed Individuation: Cryptographically Decoupling an Agent's Learning from Its Authority

    cs.AI 2026-07 conditional novelty 6.5

    Governed individuation cryptographically freezes an agent's authority ceiling and gates every action by semantic effect, proving learning cannot widen permissions without an operator signature.

  9. Token-Flow Firewall: Semantic Runtime Auditing for Persistent AI Agents

    cs.CR 2026-07 conditional novelty 6.0

    TokenWall mediates persistent-agent security by auditing source–sink token flows with a local small model and selective large-model escalation, cutting CIK-Bench attack success to 12.5% at low benign latency.

  10. Governable Individuals: An Identity Layer for Embodied Agents That Keep Learning

    q-bio.NC 2026-07 conditional novelty 6.0

    A governable individual keeps unbounded learning inside a frozen, signed boundary commitment enforced by semantic-effect mediation, because learned refusal and behavioral fingerprinting alone fail.

  11. Dissociative Identity: Language Model Agents Lack Grounding for Reputation Mechanisms

    cs.CY 2026-05 unverdicted novelty 6.0

    LM agents' changeable modules prevent persistent identity and sanction sensitivity, making reputation mechanisms structurally inapplicable and requiring protocol-based behavioral harnesses instead.

  12. MAGIQ: A Post-Quantum Multi-Agentic AI Governance System with Provable Security

    cs.LG 2026-05 unverdicted novelty 6.0

    MAGIQ introduces a post-quantum secure system for policy definition, enforcement, and accountability in multi-agent AI using novel cryptographic protocols and UC framework proofs.

  13. Auditable Agents

    cs.AI 2026-04 unverdicted novelty 6.0

    No agent system can be accountable without auditability, which requires five dimensions (action recoverability, lifecycle coverage, policy checkability, responsibility attribution, evidence integrity) and mechanisms f...

  14. Security Considerations for Multi-agent Systems

    cs.CR 2026-03 unverdicted novelty 6.0

    No existing AI security framework covers a majority of the 193 identified multi-agent system threats in any category, with OWASP Agentic Security Initiative achieving the highest overall coverage at 65.3%.

  15. Clarus: Coordinating Autonomous Research Agents toward Web-Scale Scientific Collaboration

    cs.AI 2026-06 unverdicted novelty 5.0

    Clarus is a four-layer collaboration infrastructure with a project-agent-resource model that reformulates research as an open, traceable, multi-participant process.

  16. Deontic Policies for Runtime Governance of Agentic AI Systems

    cs.AI 2026-06 unverdicted novelty 5.0

    AgenticRei applies the Rei deontic framework in OWL for runtime governance of agentic AI, handling obligations and waivers that standard policy engines lack.

  17. Overlaying Governance: A Compositional Authorization Framework for Delegation and Scope in Agentic AI

    cs.AI 2026-06 unverdicted novelty 5.0

    Introduces a compositional governance framework defining delegation types, resource scope attenuation, and an overlay operator for agentic AI authorization policies.

  18. Safe Multi-Agent Behavior Must Be Maintained, Not Merely Asserted: Constraint Drift in LLM-Based Multi-Agent Systems

    cs.MA 2026-05 unverdicted novelty 5.0

    Safety constraints in LLM-based multi-agent systems commonly weaken during execution through memory, communication, and tool use, requiring them to be maintained as explicit state rather than asserted once.

  19. MAGIQ: A Post-Quantum Multi-Agentic AI Governance System with Provable Security

    cs.LG 2026-05 unverdicted novelty 5.0

    MAGIQ introduces a post-quantum governance system for multi-agent AI that supports policy budgets, session enforcement, message attribution, and UC-based security proofs while comparing overhead to SAGA.

  20. Consent Chain Degradation in Embodied Multi-Agent Systems: Bridging the Gap Between AI Agent Governance and Robot Ethics

    cs.CY 2026-04 unverdicted novelty 5.0

    Defines consent chain degradation in multi-robot systems and proposes the CoRVE three-layer governance architecture plus regulatory gap analysis.

  21. AITH: A Post-Quantum Continuous Delegation Protocol for Human-AI Trust Establishment

    cs.CR 2026-04 unverdicted novelty 5.0 partial

    AITH provides a continuous delegation protocol with ML-DSA signatures, a six-check boundary engine, push revocation, and Tamarin-verified security theorems for human-AI trust.

  22. Trustworthy Agent Network: Trust in Agent Networks Must Be Baked In, Not Bolted On

    cs.AI 2026-05 unverdicted novelty 4.0

    Argues that trustworthiness in Agent-to-Agent networks requires a new conceptual framework with four design pillars baked in from the beginning, as retrofitting existing single-agent methods is insufficient.

  23. Digital Identity for Agentic Systems: Toward a Portable Authorization Standard for Autonomous Agents

    cs.CR 2026-05 unverdicted novelty 4.0

    Proposes a portable authorization model for autonomous agents featuring issuer-authored payloads, typed constraint algebra, delegation attenuation, and fail-closed semantics to enable consistent cross-boundary enforcement.

  24. Toward a Safe Internet of Agents

    cs.MA 2025-11 unverdicted novelty 4.0

    The paper proposes a bottom-up framework for safe agentic AI systems that treats each component as a dual-use interface where added capabilities also expand attack surfaces across single agents, multi-agent systems, a...

  25. LLM Agents Are the Antidote to Walled Gardens

    cs.LG 2025-06 unverdicted novelty 4.0

    LLM agents enable universal interoperability by serving as automatic translators and adapters between proprietary digital services.

  26. The Agentic Web Requires New Normative Infrastructure

    cs.CY 2026-06 unverdicted novelty 3.0

    The agentic web requires new normative infrastructure of laws, norms, and practices to allow user-delegated AI agents to access online properties without being blocked as malicious bots.

  27. The Importance of Out-of-Band Metadata for Safe Autonomous Agents: The Redpanda Agentic Data Plane

    cs.AI 2026-05 unverdicted novelty 3.0

    The Redpanda Agentic Data Plane uses out-of-band metadata channels to enforce data scoping, action constraints, and tamper-proof auditing on autonomous AI agents.