Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents

TL;DR

This paper introduces Aethelgard, a four-layer adaptive framework that enforces least privilege in autonomous AI agents by learning minimal capability sets and dynamically controlling tool access.

Contribution

It presents a novel multi-layered approach combining learned policies and rule-based filtering to improve capability governance for AI agents.

Findings

The RL policy effectively learns minimal tool sets for different tasks.

The framework reduces overprovisioning by dynamically scoping agent capabilities.

Hybrid filtering improves safety by intercepting tool calls before execution.

Abstract

Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x overprovision ratio that we call the capability overprovisioning problem. Existing defenses, including the NemoClaw container sandbox and the Cisco DefenseClaw skill scanner, address containment and threat detection but do not learn the minimum viable capability set for each task type. We present Aethelgard, a four layer adaptive governance framework that enforces least privilege for AI agents through a learned policy. Layer 1, the Capability Governor, dynamically scopes which tools the agent is aware of in each session. Layer 3, the Safety Router, intercepts tool calls before execution using a hybrid rule based and fine tuned classifier. Layer 2, the RL Learning Policy, trains a PPO policy on the accumulated audit log to learn the minimum viable skill set for each task type.