Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Vision for Access Control in LLM-based Agent Systems

Xinfeng Li, Dong Huang, Jie Li, Hongyi Cai, Zhenhong Zhou, Wei Dong, XiaoFeng Wang, Yang Liu

TL;DR

This paper identifies the inadequacy of static access control for LLM-based agents and proposes Agent Access Control (AAC), a framework that treats permissions as information-flow governance rather than binary gates. AAC uses two modules—Multi-dimensional Contextual Evaluation and Adaptive Response Formulation—driven by a dedicated core engine to assess context, shape outputs, and enforce least-privilege, need-to-know policies. The approach leverages a neuro-symbolic reasoning architecture to combine contextual understanding with formal policy logic for auditable decisions, enabling nuanced redaction, summarization, and paraphrasing. If adopted, AAC could provide safer, more explainable agent behavior in complex environments by aligning technical safeguards with human-like judgment and cultural/legal norms.

Abstract

The autonomy and contextual complexity of LLM-based agents render traditional access control (AC) mechanisms insufficient. Static, rule-based systems designed for predictable environments are fundamentally ill-equipped to manage the dynamic information flows inherent in agentic interactions. This position paper argues for a paradigm shift from binary access control to a more sophisticated model of information governance, positing that the core challenge is not merely about permission, but about governing the flow of information. We introduce Agent Access Control (AAC), a novel framework that reframes AC as a dynamic, context-aware process of information flow governance. AAC operates on two core modules: (1) multi-dimensional contextual evaluation, which assesses not just identity but also relationships, scenarios, and norms; and (2) adaptive response formulation, which moves beyond simple allow/deny decisions to shape information through redaction, summarization, and paraphrasing. This vision, powered by a dedicated AC reasoning engine, aims to bridge the gap between human-like nuanced judgment and scalable Al safety, proposing a new conceptual lens for future research in trustworthy agent design.

A Vision for Access Control in LLM-based Agent Systems

TL;DR

This paper identifies the inadequacy of static access control for LLM-based agents and proposes Agent Access Control (AAC), a framework that treats permissions as information-flow governance rather than binary gates. AAC uses two modules—Multi-dimensional Contextual Evaluation and Adaptive Response Formulation—driven by a dedicated core engine to assess context, shape outputs, and enforce least-privilege, need-to-know policies. The approach leverages a neuro-symbolic reasoning architecture to combine contextual understanding with formal policy logic for auditable decisions, enabling nuanced redaction, summarization, and paraphrasing. If adopted, AAC could provide safer, more explainable agent behavior in complex environments by aligning technical safeguards with human-like judgment and cultural/legal norms.

Abstract

The autonomy and contextual complexity of LLM-based agents render traditional access control (AC) mechanisms insufficient. Static, rule-based systems designed for predictable environments are fundamentally ill-equipped to manage the dynamic information flows inherent in agentic interactions. This position paper argues for a paradigm shift from binary access control to a more sophisticated model of information governance, positing that the core challenge is not merely about permission, but about governing the flow of information. We introduce Agent Access Control (AAC), a novel framework that reframes AC as a dynamic, context-aware process of information flow governance. AAC operates on two core modules: (1) multi-dimensional contextual evaluation, which assesses not just identity but also relationships, scenarios, and norms; and (2) adaptive response formulation, which moves beyond simple allow/deny decisions to shape information through redaction, summarization, and paraphrasing. This vision, powered by a dedicated AC reasoning engine, aims to bridge the gap between human-like nuanced judgment and scalable Al safety, proposing a new conceptual lens for future research in trustworthy agent design.

Paper Structure

This paper contains 6 sections, 1 figure.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. The Agent Access Control (AAC) Framework
  4. The Core Engine: Reasoning for Access Control
  5. Implications and Future Challenges
  6. Conclusion

Figures (1)

  • Figure 1: The overall pipeline of Agent Access control(AAC). We integrated multi-dimensional contextual information, such as user identity, task intention, and interaction history, to generate fine-grained and task-specific strategies. These strategies guide the agent in making interpretable access control decisions to respond to various potential attacks from adversaries.