New Protocol Addresses Secret-Use Security in Agentic AI Systems

A recent study published on arXiv presents the Secret-Use Delegation Protocol (SUDP), aimed at mitigating security risks in agentic AI systems that manage user secrets for APIs, messaging services, and cloud platforms. Presently, bearer-secret interfaces authorize by exposure, which places a reusable secret or its derivative within a model-steerable area, resulting in potential account breaches from transient prompt injections or tool-side compromises. While current defenses address aspects like secret storage and runtime monitoring, they lack a unified specification for the agentic obligation: enabling an untrusted autonomous requester to perform user-authorized secret-backed actions without revealing reusable authority. The authors define this challenge as the Agent Secret Use (ASU) problem and categorize security properties, distinguishing between structural obligations and robustness issues. The paper can be found on arXiv with ID 2604.24920.