Beyond Zero: Enterprise Security for the AI Era

Joseph Valente; Michal Zalewski

arxiv: 2605.22985 · v1 · pith:B7WAMMB2new · submitted 2026-05-21 · 💻 cs.CR

Beyond Zero: Enterprise Security for the AI Era

Joseph Valente , Michal Zalewski This is my paper

Pith reviewed 2026-05-25 05:37 UTC · model grok-4.3

classification 💻 cs.CR

keywords zero trustAI securityaccess controlenterprise securitydynamic authorizationAI agentsper-action decisions

0 comments

The pith

Beyond Zero shrinks enterprise trust boundaries to individual actions and pairs static rules with AI reasoning to secure thousands of decisions per second.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper argues that application-level zero trust cannot keep pace with autonomous AI agents and rapid corporate data flows. It introduces Beyond Zero as an architecture that evaluates access at the level of each resource and method for both humans and agents. Static authorization guarantees are combined with dynamic AI-driven reasoning to produce decisions at machine speed. If the approach holds, enterprises gain the ability to operate as self-defending systems that mediate high volumes of mixed human and machine activity without enlarging the attack surface.

Core claim

Beyond Zero performs per-resource and method access decisions for humans and agents at machine speed. It shrinks the trust boundary from the application level to the individual action and couples static authorization guarantees with dynamic, AI-driven reasoning, enabling a self-defending enterprise capable of mediating thousands of human and machine decisions per second.

What carries the argument

The Beyond Zero architecture, which integrates static authorization with dynamic AI-driven reasoning to evaluate access at the per-resource and per-method level.

If this is right

Trust boundaries contract from whole applications to single actions or methods.
Enterprises gain the capacity to mediate thousands of human and machine decisions per second.
Static authorization rules remain enforceable while dynamic reasoning handles novel cases.
The model supports both human users and autonomous AI agents under the same decision framework.
Industry standards for this access model can be developed from the outlined architecture.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same per-action mediation could extend to other high-velocity environments such as real-time financial trading systems.
Integration with existing identity providers would require mapping their outputs into the static-plus-dynamic decision layer.
Performance claims would need measurement under sustained adversarial AI-agent traffic to confirm no hidden latency costs appear.
Adoption would shift security engineering focus from application boundaries to action-level policy definition.

Load-bearing premise

Dynamic AI-driven reasoning can be reliably combined with static authorization to produce correct decisions at high speed without creating new vulnerabilities or performance problems.

What would settle it

A test deployment in which thousands of mixed human and AI-agent access requests per second are processed and either all unauthorized attempts are blocked correctly or at least one unauthorized attempt succeeds or the system falls below required throughput.

read the original abstract

The rise of autonomous AI agents and the accelerating velocity of corporate data access are stretching the application-centric model of zero trust security to its breaking point. This paper introduces Beyond Zero, a new security paradigm designed for the AI era. The Beyond Zero architecture performs per-resource and method access decisions for humans and agents at machine speed. By shrinking the trust boundary from the application level to the individual action, and by coupling static authorization guarantees with dynamic, AI-driven reasoning, Beyond Zero enables a self-defending enterprise capable of mediating thousands of human and machine decisions per second. This paper outlines Google's vision for the future of this access model as well a call for industry collaboration and standards development.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is a high-level industry vision statement on security for AI agents rather than a technical paper with evidence or mechanisms.

read the letter

The main thing to know is that this paper lays out a conceptual vision called Beyond Zero for enterprise security in the AI era, but it stays entirely at the level of description with no implementation details, models, or validation. It argues for shrinking trust boundaries to individual actions and mixing static authorization with dynamic AI-driven decisions to handle high volumes of human and agent activity at machine speed. That framing identifies a real scaling issue with current zero trust approaches under autonomous agents, and the paper makes a straightforward case for why finer-grained controls could matter for corporate data protection. It does this without overclaiming specific breakthroughs, which keeps the tone measured. The soft spots are straightforward and central: there are no algorithms, performance estimates, security analyses, or even informal examples of how the static and dynamic components would interact or avoid new risks like erroneous AI decisions or added latency. The architecture is presented as enabling a self-defending enterprise, yet nothing grounds that outcome beyond the initial premise. This leaves the core proposal untestable on the page. The work is aimed at enterprise security teams and groups working on standards or industry collaboration. Academic or research readers seeking verifiable advances, reproducible elements, or engagement with prior technical results on access control will not find substance to build on. It does not rise to the level that would justify sending it out for peer review in a research venue.

Referee Report

1 major / 0 minor

Summary. The paper introduces Beyond Zero, a proposed security paradigm for the AI era that performs per-resource and method-level access decisions for humans and autonomous agents at machine speed. It argues that shrinking the trust boundary from the application level to individual actions, while coupling static authorization guarantees with dynamic AI-driven reasoning, will enable a self-defending enterprise; the manuscript outlines Google's vision for this model and issues a call for industry collaboration and standards development.

Significance. If realized, the proposed shift to action-level trust boundaries and hybrid static/dynamic authorization could address scalability limits of conventional zero-trust architectures under high-velocity AI agent workloads and stimulate standards work. As presented, however, the contribution is limited to a high-level conceptual outline without technical construction or validation.

major comments (1)

[Abstract] Abstract: the central claim that the architecture 'enables a self-defending enterprise capable of mediating thousands of human and machine decisions per second' rests on the unelaborated premise that static authorization can be reliably coupled with dynamic AI reasoning at machine speed without new vulnerabilities or performance costs; no threat model, integration mechanism, or feasibility argument is supplied to support this.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the detailed review and the recognition of the potential significance of the proposed paradigm. The manuscript is a position paper presenting a high-level vision and call for standards development rather than a technical systems paper with implementation details.

read point-by-point responses

Referee: [Abstract] Abstract: the central claim that the architecture 'enables a self-defending enterprise capable of mediating thousands of human and machine decisions per second' rests on the unelaborated premise that static authorization can be reliably coupled with dynamic AI reasoning at machine speed without new vulnerabilities or performance costs; no threat model, integration mechanism, or feasibility argument is supplied to support this.

Authors: The manuscript is explicitly framed as a conceptual outline of Google's vision for Beyond Zero together with an invitation for industry collaboration on standards. It does not claim to deliver a complete architecture, threat model, or performance analysis; those elements would belong to follow-on technical work once the paradigm is adopted. The central claim describes the intended outcome of the proposed shift in trust boundaries and the hybrid static/dynamic model, not a validated result. We therefore do not believe the paper requires the requested technical elaboration to fulfill its stated purpose. revision: no

Circularity Check

0 steps flagged

No significant circularity; position paper without derivations or predictions

full rationale

The document is explicitly a vision/position paper that introduces an aspirational architecture and calls for industry collaboration. It contains no equations, formal models, algorithms, quantitative predictions, or derivation chains. The central claims are high-level statements about shrinking trust boundaries and coupling static/dynamic reasoning, presented as forward-looking outlines rather than results derived from inputs. No self-definitional reductions, fitted inputs called predictions, or self-citation load-bearing steps exist because no technical construction or falsifiable premises are advanced. This is the expected outcome for non-technical position papers.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The abstract introduces the Beyond Zero concept at a high level but supplies no technical content, free parameters, background axioms, or new postulated entities with independent evidence.

pith-pipeline@v0.9.0 · 5629 in / 993 out tokens · 23389 ms · 2026-05-25T05:37:18.939615+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

1 extracted references · 1 canonical work pages

[1]

BeyondCorp: A New Approach to Enterprise Se- curity, Rory Ward, Betsy Beyer, ;login:, Vol. 39, No. 6 (2014), pp. 6-11. 8

work page 2014

[1] [1]

BeyondCorp: A New Approach to Enterprise Se- curity, Rory Ward, Betsy Beyer, ;login:, Vol. 39, No. 6 (2014), pp. 6-11. 8

work page 2014