[2604.06284] ClawLess: A Security Model of AI Agents

Computer Science > Cryptography and Security arXiv:2604.06284 (cs) [Submitted on 7 Apr 2026] Title:ClawLess: A Security Model of AI Agents Authors:Hongyi Lu, Nian Liu, Shuai Wang, Fengwei Zhang View a PDF of the paper titled ClawLess: A Security Model of AI Agents, by Hongyi Lu and 3 other authors View PDF HTML (experimental) Abstract:Autonomous AI agents powered by Large Language Models can reason, plan, and execute complex tasks, but their ability to autonomously retrieve information and run code introduces significant security risks. Existing approaches attempt to regulate agent behavior through training or prompting, which does not offer fundamental security guarantees. We present ClawLess, a security framework that enforces formally verified policies on AI agents under a worst-case threat model where the agent itself may be adversarial. ClawLess formalizes a fine-grained security model over system entities, trust scopes, and permissions to express dynamic policies that adapt to agents' runtime behavior. These policies are translated into concrete security rules and enforced through a user-space kernel augmented with BPF-based syscall interception. This approach bridges the formal security model with practical enforcement, ensuring security regardless of the agent's internal design. Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI) Cite as: arXiv:2604.06284 [cs.CR]   (or arXiv:2604.06284v1 [cs.CR] for this version)   https://doi.org/10.48550/...