A2AS: Agentic AI Runtime Security and Self-Defense
It addresses security vulnerabilities in AI agents and LLM applications for developers and users, proposing a foundational but incremental approach.
The paper introduces the A2AS framework as a security layer for AI agents and LLM-powered applications to enforce certified behavior and ensure context window integrity, aiming to establish an industry standard without requiring latency overhead or model retraining.
The A2AS framework is introduced as a security layer for AI agents and LLM-powered applications, similar to how HTTPS secures HTTP. A2AS enforces certified behavior, activates model self-defense, and ensures context window integrity. It defines security boundaries, authenticates prompts, applies security rules and custom policies, and controls agentic behavior, enabling a defense-in-depth strategy. The A2AS framework avoids latency overhead, external dependencies, architectural changes, model retraining, and operational complexity. The BASIC security model is introduced as the A2AS foundation: (B) Behavior certificates enable behavior enforcement, (A) Authenticated prompts enable context window integrity, (S) Security boundaries enable untrusted input isolation, (I) In-context defenses enable secure model reasoning, (C) Codified policies enable application-specific rules. This first paper in the series introduces the BASIC security model and the A2AS framework, exploring their potential toward establishing the A2AS industry standard.