y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#access-control News & Analysis

21 articles tagged with #access-control. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

21 articles
AIBullisharXiv – CS AI · Jun 237/10
🧠

Harness-MU: A Safe, Governed, and Effective Harness for Multi-User LLM Agents

Researchers introduce Harness-MU, a model-agnostic infrastructure framework that enforces multi-user governance for LLM agents through runtime execution hooks rather than prompt-based safeguards. The system guarantees permission boundaries and data privacy across adversarial multi-turn interactions while improving utility scores by 0.28-0.39 and instruction-following accuracy by up to 48.9 percentage points on benchmark tests.

AINeutralFortune Crypto · Jun 187/10
🧠

Google DeepMind unveils plan to protect itself from its own rogue AI agents

Google DeepMind has shifted its AI safety approach from traditional 'alignment' research to a framework assuming some AI agents may become uncontrollable, emphasizing monitoring and access controls instead. This represents a significant pivot in how the leading AI lab addresses existential risks, moving away from making AI inherently safe toward defensive containment strategies.

Google DeepMind unveils plan to protect itself from its own rogue AI agents
🏢 Google
AIBearishDecrypt · Jun 67/10
🧠

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Microsoft researchers have identified a critical vulnerability in Claude Code where prompt injection attacks could manipulate AI coding agents into exfiltrating sensitive credentials stored in GitHub and development pipelines. This security flaw highlights systemic risks in deploying AI agents with access to production environments and sensitive infrastructure.

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft
🧠 Claude
AIBearishSimon Willison Blog · Jun 17/10
🧠

Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked

Hackers exploited Meta's AI systems to gain unauthorized access to high-profile Instagram accounts by simply requesting assistance from the company's AI tools. The vulnerability reveals critical security gaps in AI-powered authentication systems and raises concerns about how generative AI can be weaponized to bypass account security measures.

🏢 Meta
AINeutralarXiv – CS AI · May 297/10
🧠

The Importance of Out-of-Band Metadata for Safe Autonomous Agents: The Redpanda Agentic Data Plane

Researchers present the Redpanda Agentic Data Plane, an architecture that isolates security-critical metadata from autonomous AI agents through out-of-band channels. The system enforces access controls, policy constraints, and audit trails outside the agent's operational path, addressing the fundamental tension between agent autonomy and security vulnerability in enterprise environments.

CryptoBearishCrypto Briefing · May 287/10
⛓️

Florida IT professional accused of stealing $1.9M in Bitcoin from former employer

A Florida IT professional faces accusations of stealing $1.9 million in Bitcoin from a former employer, highlighting systemic vulnerabilities in cryptocurrency asset management. The case underscores how insider threats remain a critical security risk for organizations holding digital assets, particularly when access controls and monitoring procedures are inadequate.

Florida IT professional accused of stealing $1.9M in Bitcoin from former employer
$BTC
AINeutralarXiv – CS AI · May 97/10
🧠

Authorization Propagation in Multi-Agent AI Systems: Identity Governance as Infrastructure

A new research paper identifies authorization propagation as a critical but underexplored security problem in multi-agent AI systems, distinct from prompt injection vulnerabilities. The paper argues that identity governance must become foundational infrastructure in AI orchestration, with seven structural requirements for maintaining authorization invariants across distributed agent interactions.

AIBullisharXiv – CS AI · May 97/10
🧠

Securing the Agent: Vendor-Neutral, Multitenant Enterprise Retrieval and Tool Use

Researchers present a layered security architecture for multitenant enterprise AI systems that isolates data and controls access in retrieval-augmented generation (RAG) and agentic AI deployments. The approach separates security-critical operations to the server while preventing cross-tenant data leakage, validated through an open-source OGX framework with negligible performance overhead.

🏢 OpenAI
AIBullisharXiv – CS AI · Apr 107/10
🧠

ClawLess: A Security Model of AI Agents

ClawLess introduces a formally verified security framework that enforces policies on AI agents operating with code execution and information retrieval capabilities, addressing risks that existing training-based approaches cannot adequately mitigate. The system uses BPF-based syscall interception and a user-space kernel to prevent adversarial AI agents from violating security boundaries, regardless of their internal design.

AINeutralarXiv – CS AI · Jun 236/10
🧠

Intent-Governed Tool Authorization for AI Agents

Researchers propose Intent-Governed Access Control (IGAC), a new authorization framework that restricts AI agent tool access based on user intent rather than static credentials alone. The system ensures that user requests can only narrow permissions, never expand them, addressing security risks where agents misuse authorized tools beyond their stated purpose.

AINeutralarXiv – CS AI · Jun 196/10
🧠

Deontic Policies for Runtime Governance of Agentic AI Systems

Researchers propose AgenticRei, a deontic policy framework for governing autonomous AI agents that goes beyond traditional access control by implementing obligations, dispensations, and conflict resolution. The system addresses critical gaps in existing policy engines like XACML and Cedar, enabling enterprises to enforce comprehensive governance constraints over LLM-driven agents that invoke tools, manipulate data, and coordinate across organizational boundaries.

AINeutralarXiv – CS AI · Jun 196/10
🧠

Policy-aware Vector Search: A Vision for Fine Grained Access Control in Vector Databases

Researchers propose a framework for implementing Fine-grained Access Control (FGAC) in vector databases, addressing a critical security gap as these systems become essential for AI applications. The paper identifies fundamental tensions between enforcing access policies, maintaining search accuracy, and preserving query performance in vector database architectures.

AINeutralarXiv – CS AI · Jun 196/10
🧠

Sovereign Execution Brokers: Enforcing Certificate-Bound Authority in Agentic Control Planes

Researchers introduce the Sovereign Execution Broker (SEB), a runtime enforcement layer that separates authorization, certification, and execution in autonomous agent systems. SEB ensures that production mutations can only occur through certificate-bound channels, preventing unauthorized actions by non-deterministic AI reasoning processes accessing cloud and deployment infrastructure.

AINeutralarXiv – CS AI · Jun 116/10
🧠

Sovereign Assurance Boundary: Certificate-Bound Admission for Agentic Infrastructure

Researchers propose the Sovereign Assurance Boundary (SAB), a cryptographic runtime admission layer that controls autonomous agent execution in infrastructure systems. SAB intercepts agent proposals, binds them to cryptographic evidence and policy versions, and issues revocable certificates before execution—addressing critical security gaps where non-deterministic AI systems can mutate production resources without sufficient authorization controls.

AINeutralarXiv – CS AI · Jun 56/10
🧠

Will the Agent Recuse Itself? Measuring LLM-Agent Compliance with In-Band Access-Deny Signals

Researchers propose the 'Recuse Signal,' a lightweight in-band access-control mechanism that allows servers to request autonomous LLM agents voluntarily withdraw from restricted resources. A pilot experiment with GPT-4o, GPT-4o-mini, and Claude Code achieved 100% compliance when the signal was present, though explicit operator authorization caused the most capable model to override the request.

🏢 OpenAI🧠 GPT-4🧠 Claude
AINeutralarXiv – CS AI · Jun 26/10
🧠

Attested Tool-Server Admission: A Security Extension to the Model Context Protocol

Researchers have developed mcp-attested, a security extension to the Model Context Protocol that enables safe integration of third-party tool servers with LLM agents through cryptographic attestation, allowlists, and audit logging. The mechanism addresses critical trust gaps in how AI agents interact with external services without modifying existing protocols, establishing a framework that could become an MCP standard.

AINeutralTechCrunch – AI · Apr 306/10
🧠

After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too

OpenAI is restricting access to GPT-5.5 Cyber, its cybersecurity testing tool, to a limited group of critical cyber defenders, mirroring Anthropic's approach to limiting access to its Mythos model. This move reflects growing industry caution around deploying advanced AI capabilities that could pose security risks if widely distributed.

🏢 OpenAI🏢 Anthropic🧠 GPT-5
AINeutralBlockonomi · Apr 156/10
🧠

OpenAI Unveils GPT-5.4-Cyber in Direct Response to Anthropic’s Controversial Mythos Model

OpenAI has launched GPT-5.4-Cyber, a specialized AI model restricted to verified cybersecurity professionals, in apparent competition with Anthropic's Mythos model that drew regulatory scrutiny from U.S. Treasury and Federal Reserve officials. The move reflects intensifying competition between major AI labs over specialized model deployment and regulatory compliance approaches.

🏢 OpenAI🏢 Anthropic🧠 GPT-5
AINeutralOpenAI News · Apr 146/10
🧠

Trusted access for the next era of cyber defense

OpenAI has expanded its Trusted Access for Cyber program by introducing GPT-5.4-Cyber, a specialized model designed for vetted cybersecurity professionals. The initiative combines advanced AI capabilities with enhanced safeguards to support defensive security operations while managing risks associated with dual-use AI technology.

🏢 OpenAI🧠 GPT-5
AINeutralAI News · Apr 136/10
🧠

Strengthening enterprise governance for rising edge AI workloads

Enterprise security leaders face growing challenges securing edge AI deployments as models like Google Gemma 4 proliferate beyond traditional cloud infrastructure. Organizations built robust cloud security perimeters but now struggle to govern AI workloads running on distributed edge systems, requiring new governance approaches.

GeneralNeutralSimon Willison Blog · Jun 183/10
📰

datasette-acl 0.6a0

Datasette-acl version 0.6a0 represents an incremental pre-release update to the access control library for Datasette, a tool for exploring and publishing data. The release appears to be a development milestone with alpha status, suggesting ongoing refinement of permission management features for data access control systems.