ChainCaps: Preventing Permission Laundering in AI Tool Composition

A new safety mechanism called ChainCaps has been developed by researchers to enhance the runtime security of AI agents that utilize tools, effectively addressing the issue of 'permission laundering.' This occurs when an agent meets individual permission criteria but combines tools in a way that leads to dangerous results, such as unauthorized access to sensitive information. ChainCaps operates on a monotonic capability budget, where each value has a specific budget tied to its sink, and tool combinations only reduce authority. This system functions as a transparent MCP proxy, requiring no alterations to existing agent or tool servers. ChainCaps demonstrated a decrease in attack success rates when tested on 82 tasks across five leading models from three different providers. The research paper can be found on arXiv.