Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Contextual Agent Security: A Policy for Every Purpose

Lillian Tsai, Eugene Bagdasarian

TL;DR

The paper tackles the problem of securing generalist agents whose actions must be judged within diverse contexts. It introduces Conseca, a framework that generates just-in-time, context-specific security policies using trusted context and a policy generator (LLMs) and enforces them deterministically to prevent contextually inappropriate actions. Key contributions include a modular design separating policy generation from enforcement, a prototype implementation on a Linux-based agent, and empirical case studies comparing Conseca to no-policy and static-policy baselines. The work demonstrates that contextual policies can achieve utility comparable to permissive baselines while improving security by denying actions that do not align with the current context and purpose. This approach offers a scalable direction for securing multi-purpose agents as they encounter broader and more nuanced contexts in real-world deployments.

Abstract

Judging an action's safety requires knowledge of the context in which the action takes place. To human agents who act in various contexts, this may seem obvious: performing an action such as email deletion may or may not be appropriate depending on the email's content, the goal (e.g., to erase sensitive emails or to clean up trash), and the type of email address (e.g., work or personal). Unlike people, computational systems have often had only limited agency in limited contexts. Thus, manually crafted policies and user confirmation (e.g., smartphone app permissions or network access control lists), while imperfect, have sufficed to restrict harmful actions. However, with the upcoming deployment of generalist agents that support a multitude of tasks (e.g., an automated personal assistant), we argue that we must rethink security designs to adapt to the scale of contexts and capabilities of these systems. As a first step, this paper explores contextual security in the domain of agents and proposes contextual agent security (Conseca), a framework to generate just-in-time, contextual, and human-verifiable security policies.

Contextual Agent Security: A Policy for Every Purpose

TL;DR

The paper tackles the problem of securing generalist agents whose actions must be judged within diverse contexts. It introduces Conseca, a framework that generates just-in-time, context-specific security policies using trusted context and a policy generator (LLMs) and enforces them deterministically to prevent contextually inappropriate actions. Key contributions include a modular design separating policy generation from enforcement, a prototype implementation on a Linux-based agent, and empirical case studies comparing Conseca to no-policy and static-policy baselines. The work demonstrates that contextual policies can achieve utility comparable to permissive baselines while improving security by denying actions that do not align with the current context and purpose. This approach offers a scalable direction for securing multi-purpose agents as they encounter broader and more nuanced contexts in real-world deployments.

Abstract

Judging an action's safety requires knowledge of the context in which the action takes place. To human agents who act in various contexts, this may seem obvious: performing an action such as email deletion may or may not be appropriate depending on the email's content, the goal (e.g., to erase sensitive emails or to clean up trash), and the type of email address (e.g., work or personal). Unlike people, computational systems have often had only limited agency in limited contexts. Thus, manually crafted policies and user confirmation (e.g., smartphone app permissions or network access control lists), while imperfect, have sufficed to restrict harmful actions. However, with the upcoming deployment of generalist agents that support a multitude of tasks (e.g., an automated personal assistant), we argue that we must rethink security designs to adapt to the scale of contexts and capabilities of these systems. As a first step, this paper explores contextual security in the domain of agents and proposes contextual agent security (Conseca), a framework to generate just-in-time, contextual, and human-verifiable security policies.

Paper Structure

This paper contains 26 sections, 3 figures.

Table of Contents

  1. Introduction
  2. Background and Threat Model
  3. Threat Model
  4. Design
  5. Trusted Context
  6. Contextual Security Policies
  7. Deterministic Policy Enforcement
  8. Security Discussion
  9. Proof-of-Concept
  10. The Conseca Prototype
  11. Policy Limitations.
  12. Trusted Context.
  13. Agent Integration.
  14. Case Studies
  15. Setup.
  16. ...and 11 more sections

Figures (3)

  • Figure 1: An agent contains a planner and an executor that interfaces with external tools. Untrusted context from the initial request or tool responses may compromise the agent.
  • Figure 2: Conseca enables policy generation and enforcement for an example computer use agent with access to external tools. Green lines indicate Conseca's control flows.
  • Figure 3: The agent with Conseca achieves comparable utility to an agent with a static permissive policy and completes more tasks (avg over 5 trials) than with a restrictive static policy. Conseca demonstrates potential to deny contextually inappropriate actions, which permissive policies fail to do.