[2603.20953] Before the Tool Call: Deterministic Pre-Action Authorization for Autonomous AI Agents

Computer Science > Cryptography and Security arXiv:2603.20953 (cs) [Submitted on 21 Mar 2026] Title:Before the Tool Call: Deterministic Pre-Action Authorization for Autonomous AI Agents Authors:Uchi Uchibeke View a PDF of the paper titled Before the Tool Call: Deterministic Pre-Action Authorization for Autonomous AI Agents, by Uchi Uchibeke View PDF HTML (experimental) Abstract:AI agents today have passwords but no permission slips. They execute tool calls (fund transfers, database queries, shell commands, sub-agent delegation) with no standard mechanism to enforce authorization before the action executes. Current safety architectures rely on model alignment (probabilistic, training-time) and post-hoc evaluation (retrospective, batch). Neither provides deterministic, policy-based enforcement at the individual tool call level. We characterize this gap as the pre-action authorization problem and present the Open Agent Passport (OAP), an open specification and reference implementation that intercepts tool calls synchronously before execution, evaluates them against a declarative policy, and produces a cryptographically signed audit record. OAP enforces authorization decisions in a measured median of 53 ms (N=1,000). In a live adversarial testbed (4,437 authorization decisions across 1,151 sessions, $5,000 bounty), social engineering succeeded against the model 74.6% of the time under a permissive policy; under a restrictive OAP policy, a comparable population of attackers ach...