Research
Commit-Time Authorization: Why LLM Agents Acting on Stale Authority Evidence Is a Distinct Vulnerability Class
LLM agents can commit durable effects using authority evidence that was valid earlier in execution — a DOM snapshot, approval epoch, version witness, branch token, or worker result — even after that evidence goes stale. The paper studies the commit boundary and defines 'commit-time authorization': a durable effect is authorized only if the licensing witness remains fresh, causally prior, bound to the same effect, and eligible at commit time. It's a precise framing of a subtle real-world agent bug where 'it was allowed a moment ago' silently becomes 'it shouldn't be allowed now.'
Source
↳ Follow the thread