HCP enforces eight execution-layer security invariants in MCP-style agent systems and blocks all ten benchmark attacks, unlike naive and mitigated connection-layer baselines.
Jflow: Practical mostly-static information flow control,
5 Pith papers cite this work. Polarity classification is still indexing.
years
2026 5verdicts
UNVERDICTED 5representative citing papers
ActPlane introduces an OS-kernel policy engine using an information-flow control DSL and eBPF to enforce agent harness policies, achieving better compliance on indirect paths with 1.9-8.4% overhead.
GIF introduces a Jacobian-based upper bound on input-output mutual information in LLMs with formal Lean proof and strong empirical recall on injection and leakage benchmarks.
LBAC is a new programming model that enforces user-specified policies on agentic applications by requiring agent-generated programs to be well-typed in the context of the scaffolding code.
Introduces a certified purity architecture with restricted WebAssembly, cryptographic purity certificates, verification gates, and attestation to enforce effect-free executors in cognitive workflows, claiming proofs of bypass elimination and low-overhead evaluation on four executors.
citing papers explorer
-
From Tool Connection to Execution Control: Benchmarking Security Invariants in MCP-Style Agent Runtimes
HCP enforces eight execution-layer security invariants in MCP-style agent systems and blocks all ten benchmark attacks, unlike naive and mitigated connection-layer baselines.
-
ActPlane: Programmable OS-Level Policy Enforcement for Agent Harnesses
ActPlane introduces an OS-kernel policy engine using an information-flow control DSL and eBPF to enforce agent harness policies, achieving better compliance on indirect paths with 1.9-8.4% overhead.
-
GIF: Locally Sound Geometric Information Flow Control for LLMs
GIF introduces a Jacobian-based upper bound on input-output mutual information in LLMs with formal Lean proof and strong empirical recall on injection and leakage benchmarks.
-
Language-Based Agent Control
LBAC is a new programming model that enforces user-specified policies on agentic applications by requiring agent-generated programs to be well-typed in the context of the scaffolding code.
-
Certified Purity for Cognitive Workflow Executors: From Static Analysis to Cryptographic Attestation
Introduces a certified purity architecture with restricted WebAssembly, cryptographic purity certificates, verification gates, and attestation to enforce effect-free executors in cognitive workflows, claiming proofs of bypass elimination and low-overhead evaluation on four executors.