NeFut Logo NeFut
Admin Login

[CS.AI] aiAuthZ: Off-Host Identity-Bound Authorization for AI Agents

Published at: 2026-07-09 22:00 Last updated: 2026-07-10 03:15
#AI #Security #Authorization

Abstract

AI agents issue tool calls based on unverifiable text, allowing any party controlling part of the context to forge the appearance of authority. I evaluated 15 contemporary language models against eight attack scenarios derived from a published corpus of real agent incidents, finding refusal rates varied from 100% down to 38%. The most expensive model only refused half the attacks despite a twentyfold price disparity.

I present aiAuthZ, an authorization gateway that moves the safety decision off the agent's host. Before a tool call executes, the gateway verifies caller identity with a per-message HMAC-SHA256 signature bound to a single-use nonce and a timestamp window, and it evaluates a role-based and argument-level policy that the agent cannot read or modify. Every decision joins a SHA-256 hash-chained audit log, and each accepted message yields an HMAC-authenticated QR receipt that achieves 94% mean verification across eight transmission channels, with zero forgeries accepted in 25 wrong-key trials.

With the gateway in place, residual attack success falls to 0% for all 15 models with no more than 0.03 ms of added decision latency. In the AgentDojo banking suite, aiAuthZ blocks all seven attacker-directed tool calls emitted by the evaluated agents, at the cost of one legitimate first-time payment, while a spotlighting baseline allows two injections to succeed. Across nine in-scope case studies from the same incident corpus, aiAuthZ blocks nine of nine, against four of nine for a policy baseline without identity binding. The gateway does not prevent a model from being deceived; it prevents a deceived model from acting beyond the verified user's authority on every call routed through it. The implementation and all experiments are released at GitHub.

Blogger's Review: The introduction of aiAuthZ provides a robust security framework for AI agents, significantly reducing the attack success rate through off-host identity verification and role-based policies. This innovation not only enhances the safety of AI systems but also lays a foundation for future intelligent agent applications.

Original Source: https://arxiv.org/abs/2607.05518

[h] Back to Home