Reddit
New Paper 'aiAuthZ' Moves Agent Authorization Off-Host, Reports 0% Residual Attack Across 15 LLMs
A new arXiv paper, 'aiAuthZ: Off-Host, Identity-Bound Authorization for AI Agents' (2607.05518, submitted July 6), moves authorization decisions off the agent host, binding every action to a per-message HMAC-SHA256 signature plus role- and argument-level policy. It reports 0% residual attack success across 15 tested LLMs with minimal added latency. Directly relevant to the credential-exfiltration attacks (Ghost Commit, JADEPUFFER) dominating this week's agent-security news. (Note: 8 days old, just outside the 7-day arXiv window.)
Source
↳ Follow the thread