Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents
For developers and deployers of autonomous AI agents, this work tackles the critical security problem of excessive tool exposure, offering a practical learned governance approach.
Aethelgard addresses the capability overprovisioning problem in autonomous AI agents, where tasks receive 15x more tools than needed, by enforcing least privilege through a learned policy that reduces attack surface without sacrificing task completion.
Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x overprovision ratio that we call the capability overprovisioning problem. Existing defenses, including the NemoClaw container sandbox and the Cisco DefenseClaw skill scanner, address containment and threat detection but do not learn the minimum viable capability set for each task type. We present Aethelgard, a four layer adaptive governance framework that enforces least privilege for AI agents through a learned policy. Layer 1, the Capability Governor, dynamically scopes which tools the agent is aware of in each session. Layer 3, the Safety Router, intercepts tool calls before execution using a hybrid rule based and fine tuned classifier. Layer 2, the RL Learning Policy, trains a PPO policy on the accumulated audit log to learn the minimum viable skill set for each task type.