Authenticated Workflows: A Systems Approach to Protecting Agentic AI
Mohan Rajagopalan, Vinay Rao
TL;DR
This paper introduces authenticated workflows, a cryptographic trust layer for enterprise agentic AI, ensuring deterministic security by protecting prompts, tools, data, and context through formal proofs and practical runtime integration.
Contribution
It presents a novel security framework with cryptographic guarantees and a scalable policy language, MAPL, for safeguarding agentic AI workflows in enterprise settings.
Findings
Achieved 100% recall with zero false positives in tests.
Protected against 9 of 10 OWASP Top 10 risks.
Mitigated two high-impact production CVEs.
Abstract
Agentic AI systems automate enterprise workflows but existing defenses--guardrails, semantic filters--are probabilistic and routinely bypassed. We introduce authenticated workflows, the first complete trust layer for enterprise agentic AI. Security reduces to protecting four fundamental boundaries: prompts, tools, data, and context. We enforce intent (operations satisfy organizational policies) and integrity (operations are cryptographically authentic) at every boundary crossing, combining cryptographic elimination of attack classes with runtime policy enforcement. This delivers deterministic security--operations either carry valid cryptographic proof or are rejected. We introduce MAPL, an AI-native policy language that expresses agentic constraints dynamically as agents evolve and invocation context changes, scaling as O(log M + N) policies versus O(M x N) rules through hierarchical…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Adversarial Robustness in Machine Learning · Access Control and Trust