Heartbeat-Bound Hierarchical Credentials for AI Agent Swarm Revocation
The Heartbeat-Bound Hierarchical Credentials (HBHC) protocol introduces a solution to the security issue present in autonomous AI agent swarms, where subordinate agents persist in performing privileged tasks even after the operator has shut down. Current revocation methods, such as OAuth 2.0 introspection, OCSP, and W3C Status Lists, necessitate a connection to a central authority, which can leave 'zombie agents' operational for extended periods. HBHC ties the validity of credentials to regular parent liveness proofs, enabling verifiers to ensure freshness using only a cached public key and local clock, eliminating the need for network interactions. When heartbeat signals stop, all subordinate credentials become invalid within a deterministically defined window W_z ≤ W_max + Δ_h + ε, assuming bounded clock skew and secure enclave-held parent keys. Testing with real LLM-powered agent swarms (GPT-4o-mini) shows a 90× decrease in revocation latency compared to traditional methods.
Key facts
- HBHC is a cryptographic protocol for credential revocation in AI agent swarms.
- It binds credential validity to periodic parent liveness proofs.
- Verifiers use only a cached public key and local clock, no network round-trip required.
- Existing mechanisms (OAuth 2.0, OCSP, W3C Status Lists) require network connectivity to a central authority.
- Zombie agents can execute privileged operations for minutes to hours after shutdown with current methods.
- When heartbeat generation ceases, descendant credentials become unusable within a bounded window.
- The bounded window is W_z ≤ W_max + Δ_h + ε, conditional on clock skew and secure enclaves.
- Evaluation with GPT-4o-mini agent swarms shows a 90× reduction in revocation latency.
Entities
Institutions
- arXiv