{"total":15,"items":[{"citing_arxiv_id":"2605.22333","ref_index":23,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"A First Measurement Study on Authentication Security in Real-World Remote MCP Servers","primary_cat":"cs.CR","submitted_at":"2026-05-21T11:22:21+00:00","verdict":"CONDITIONAL","verdict_confidence":"LOW","novelty_score":8.0,"formal_verification":"none","one_line_summary":"First measurement study of 7,973 remote MCP servers finds 40.55% lack authentication and all 119 tested OAuth servers have flaws that risk data leaks or account takeover.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.19035","ref_index":57,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Trustworthy Agent Network: Trust in Agent Networks Must Be Baked In, Not Bolted On","primary_cat":"cs.AI","submitted_at":"2026-05-18T18:57:54+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":4.0,"formal_verification":"none","one_line_summary":"Argues that trustworthiness in Agent-to-Agent networks requires a new conceptual framework with four design pillars baked in from the beginning, as retrofitting existing single-agent methods is insufficient.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.14859","ref_index":41,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Do Coding Agents Understand Least-Privilege Authorization?","primary_cat":"cs.CR","submitted_at":"2026-05-14T14:05:58+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"Coding agents struggle to infer least-privilege file permissions by omitting needed accesses while granting unused or sensitive ones, but Sufficiency-Tightness Decomposition improves sensitive-task success by up to 15.8% and reduces attacks.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.12364","ref_index":13,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Attacks and Mitigations for Distributed Governance of Agentic AI under Byzantine Adversaries","primary_cat":"cs.CR","submitted_at":"2026-05-12T16:33:50+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"Identifies concrete attacks from a malicious Provider on SAGA and proposes SAGA-BFT, SAGA-MON, SAGA-AUD, and SAGA-HYB mitigations offering different security-performance trade-offs.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"authenticate their interactions, ensure they follow their owner's policies, attribute their actions to the users that own them, and revoke malicious agents from the system [9]. Several solutions have been proposed, including require- ments for agent identities [10], capability taxonomies [11], at- tribution mechanisms [12], authorization with delegation [13], indexing [14] and decentralized identifiers [15], but these remain largely theoretical, lacking implementation, empirical evaluation, or provable guarantees. More concrete proposals exist but each carries significant limitations: constitution-based defenses [16] and just-in-time policy determination [17] rely on the LLM itself for enforcement, while protocol-hardening"},{"citing_arxiv_id":"2605.11487","ref_index":32,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Digital Identity for Agentic Systems: Toward a Portable Authorization Standard for Autonomous Agents","primary_cat":"cs.CR","submitted_at":"2026-05-12T04:04:34+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":4.0,"formal_verification":"none","one_line_summary":"Proposes a portable authorization model for autonomous agents featuring issuer-authored payloads, typed constraint algebra, delegation attenuation, and fail-closed semantics to enable consistent cross-boundary enforcement.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.10481","ref_index":34,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Safe Multi-Agent Behavior Must Be Maintained, Not Merely Asserted: Constraint Drift in LLM-Based Multi-Agent Systems","primary_cat":"cs.MA","submitted_at":"2026-05-11T12:43:19+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"Safety constraints in LLM-based multi-agent systems commonly weaken during execution through memory, communication, and tool use, requiring them to be maintained as explicit state rather than asserted once.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"Xu, Xiangru Tang, Mingchen Zhuge, Jiayi Pan, Yueqi Song, Bowen Li, Jaskirat Singh, Hoang H. Tran, Fuqiang Li, Ren Ma, Mingzhang Zheng, Bill Qian, Yanjun Shao, Niklas Muennighoff, Yizhe Zhang, Binyuan Hui, Junyang Lin, Robert Brennan, Hao Peng, Heng Ji, and Graham Neubig. Openhands: An open platform for ai software developers as generalist agents, 2025. URLhttps://arxiv.org/abs/2407.16741. [34] Qingyun Wu, Gagan Bansal, Jieyu Zhang, Yiran Wu, Beibin Li, Erkang Zhu, Li Jiang, Xiaoyun Zhang, Shaokun Zhang, Jiale Liu, Ahmed Hassan Awadallah, Ryen W White, Doug Burger, and Chi Wang. Autogen: Enabling next-gen llm applications via multi-agent conversation, 2023. URLhttps://arxiv.org/abs/2308.08155. [35] Faouzi El Yagoubi, Godwin Badu-Marfo, and Ranwa Al Mallah."},{"citing_arxiv_id":"2605.06933","ref_index":52,"ref_count":2,"confidence":0.9,"is_internal_anchor":false,"paper_title":"MAGIQ: A Post-Quantum Multi-Agentic AI Governance System with Provable Security","primary_cat":"cs.LG","submitted_at":"2026-05-07T20:46:07+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"MAGIQ introduces a post-quantum governance system for multi-agent AI that supports policy budgets, session enforcement, message attribution, and UC-based security proofs while comparing overhead to SAGA.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.19211","ref_index":19,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"ClawNet: Human-Symbiotic Agent Network for Cross-User Autonomous Cooperation","primary_cat":"cs.AI","submitted_at":"2026-04-21T08:15:05+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"ClawNet digitizes human collaborative relationships into a network of identity-governed AI agents that collaborate on behalf of their owners through a central orchestrator enforcing binding and verification.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.16300","ref_index":7,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Consent Chain Degradation in Embodied Multi-Agent Systems: Bridging the Gap Between AI Agent Governance and Robot Ethics","primary_cat":"cs.CY","submitted_at":"2026-04-17T11:57:40+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"Defines consent chain degradation in multi-robot systems and proposes the CoRVE three-layer governance architecture plus regulatory gap analysis.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.07695","ref_index":15,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"AITH: A Post-Quantum Continuous Delegation Protocol for Human-AI Trust Establishment","primary_cat":"cs.CR","submitted_at":"2026-04-09T01:30:28+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"partial","one_line_summary":"AITH provides a continuous delegation protocol with ML-DSA signatures, a six-check boundary engine, push revocation, and Tamarin-verified security theorems for human-AI trust.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.05485","ref_index":19,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Auditable Agents","primary_cat":"cs.AI","submitted_at":"2026-04-07T06:25:49+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"No agent system can be accountable without auditability, which requires five dimensions (action recoverability, lifecycle coverage, policy checkability, responsibility attribution, evidence integrity) and mechanisms for detect/enforce/recover.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.02767","ref_index":19,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"SentinelAgent: Intent-Verified Delegation Chains for Securing Federal Multi-Agent AI Systems","primary_cat":"cs.CR","submitted_at":"2026-04-03T06:25:18+00:00","verdict":"CONDITIONAL","verdict_confidence":"LOW","novelty_score":8.0,"formal_verification":"partial","one_line_summary":"SentinelAgent defines seven properties for verifiable delegation chains in multi-agent AI systems and reports a protocol achieving 100% true positive rate at 0% false positives on a 516-scenario benchmark while using TLA+ to verify six deterministic properties.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"be reconstructed for a FISMA audit? Why existing work is insufficient.Individual components of this problem have been addressed in isolation. SEAgent [15] handles access control but not delegation chains. ShieldA- gent [16] verifies safety policies but not multi-agent delega- tion. Agent Behavioral Contracts [17] bounds drift for single agents, not chains. South et al. [19] handle authentication but not intent or compliance. The OW ASP Top 10 for Agentic Applications [8] identifies the risks but provides no formal defense. The CSA Agentic Trust Framework [9] provides governance maturity models but no enforcement mechanism. The missing piece is a single formal model that ties authority, intent, compliance, forensics, and containment together across"},{"citing_arxiv_id":"2603.09002","ref_index":54,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Security Considerations for Multi-agent Systems","primary_cat":"cs.CR","submitted_at":"2026-03-09T22:46:27+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"No existing AI security framework covers a majority of the 193 identified multi-agent system threats in any category, with OWASP Agentic Security Initiative achieving the highest overall coverage at 65.3%.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2512.00520","ref_index":23,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Toward a Safe Internet of Agents","primary_cat":"cs.MA","submitted_at":"2025-11-29T15:31:16+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":4.0,"formal_verification":"none","one_line_summary":"The paper proposes a bottom-up framework for safe agentic AI systems that treats each component as a dual-use interface where added capabilities also expand attack surfaces across single agents, multi-agent systems, and interoperable ecosystems.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2506.23978","ref_index":89,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"LLM Agents Are the Antidote to Walled Gardens","primary_cat":"cs.LG","submitted_at":"2025-06-30T15:45:17+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":4.0,"formal_verification":"none","one_line_summary":"LLM agents enable universal interoperability by serving as automatic translators and adapters between proprietary digital services.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null}],"limit":50,"offset":0}