Skip to content

Topic intelligence

Agent Infrastructure Security

Editorial reporting and normalized Signal records connected to this coverage area.

Briefs
3
Records
3

3 briefs

Related briefs

Daily editorial synthesis whose front matter identifies this topic as a primary coverage area.

3 records

Topic Signal records

Structured event records explicitly categorized under this topic, preserving source status, confidence, limitations, and analysis.

KB-SIGNAL-20260717-001Proposal

CAVA proposes canonical action identities for governing agents across heterogeneous runtimes

Source

CAVA: Canonical Action Verification and Attestation for Runtime Governance of Agentic AI Systems

Verified

Jul 17, 2026

Jurisdiction

Global

Impact: MediumConfidence: Medium

Factual summary

CAVA proposes converting agent activity from shell, MCP, browser, API, workflow, and managed-agent runtimes into versioned canonical action objects. Policy decisions, approvals, execution evidence, and optional attestations bind to deterministic fingerprints over action semantics rather than raw text or runtime-native identifiers. The paper reports results from 96 seed scenarios expanded into 384 controlled runtime variants.

Domain impact

Canonical action identity could give agent authorization and audit systems a portable object for comparing actions across runtimes, limiting approval drift, verifying receipt integrity, and disclosing whether a deployment can observe, warn, gate, or block before side effects occur.

Keelbase analysis

The durable signal is the distinction between recording an event and identifying the operational action that authority governed. CAVA supplies a useful schema, threat model, and buyer-evaluation vocabulary, but its perfect controlled-corpus scores should not be treated as universal validation. External traces, independent reproduction, broader parser coverage, and adversarial testing remain necessary.

Source classification

Primary Data

Limitations

  • The source is an arXiv v1 preprint and its peer-review status is not established.
  • The benchmark corpus and comparison baselines were designed by the paper's author.
  • Keelbase Signal did not independently execute or reproduce the benchmark.
  • The public corpus is small relative to the diversity of enterprise agent runtimes.
  • Production parser packs, enterprise thresholds, customer connector rules, and managed evidence components are withheld.
  • Azure cases are semantic deployment drills rather than live mutating cloud tests.
  • Canonical fingerprints and intact receipts do not prove that an action was safe, appropriate, or correctly approved.
  • Observe-only runtime coverage is not equivalent to inline enforcement.
KB-SIGNAL-20260714-003Confirmed

Fixture attestation network publishes agent runtime verification profile

Source

Keelbase Signal fictional fixture

Verified

Jul 14, 2026

Jurisdiction

Global

Impact: MediumConfidence: High

Factual summary

A fictional infrastructure consortium publishes a profile for verifying runtime identity, software measurements, and signed execution evidence before granting tool access.

Domain impact

Attestation could help authorization systems distinguish an approved runtime from an unverified environment, while leaving behavioral safety unproven.

Keelbase analysis

The fixture preserves the boundary between verifiable runtime properties and unsupported claims that secure infrastructure guarantees safe agent behavior.

Source classification

Commentary

Limitations

  • Fictional fixture content for contract and interface testing only.
KB-SIGNAL-20260713-001Confirmed

Fixture framework maps agent security across four evidence layers

Source

Keelbase Signal fictional fixture

Verified

Jul 13, 2026

Jurisdiction

Global

Impact: HighConfidence: High

Factual summary

A fictional framework separates infrastructure, tool, agent-behavior, and model risks so each layer can use evidence suited to its attack surface.

Domain impact

Security teams would need distinct controls for deterministic infrastructure findings, semantic tool risks, behavioral failures, and model-level attacks.

Keelbase analysis

The fixture illustrates why governed agent systems need layered safeguards instead of treating every failure as a prompt problem.

Source classification

Commentary

Limitations

  • Fictional fixture content for contract and interface testing only.