Continuous Agent Semantic Authorization for Zero-Trust AI
A new arXiv paper proposes Continuous Agent Semantic Authorization (CASA), a hybrid runtime enforcement model for authorizing LLM-driven agents in zero-trust environments. The model combines deterministic and semantic controls via an interception layer to prevent tampering, falsification, and permission escalation in multi-turn conversations and distributed collaboration. Five deterministic controls enforce structural and data-integrity guarantees over message flow, while a semantic inspection component verifies agent intent. The approach addresses security risks in delegated authorization flows that lack visibility into original subject intent.
Key facts
- Paper arXiv:2605.02682v1 proposes CASA for LLM-driven agent authorization
- Hybrid model combines deterministic and semantic controls
- Zero-trust interception layer enforces five deterministic controls
- Semantic inspection verifies agent intent
- Addresses risks in multi-turn conversations and distributed collaboration
- Prevents tampering, falsification, and permission escalation
- Current delegated authorization flows lack visibility into subject intent
Entities
Institutions
- arXiv