A2AS: Agentic AI Runtime Security and Self-Defense

A2AS enforces certified behavior, activates model self-defense, and ensures context wi ndow i ntegrity. It defi nes security boundaries, authentic ates prompts, applies security rules and custom policies, and cont rols agentic behavior, enabli ng a defense-i n-depth st rategy. The A2AS framework avoids latency overhe ad, external dependencies, architectural changes, model ret rai ni ng, and operational complexity. The BASIC security model is i nt roduced as the A2AS foundation: (B) Behavior certific ates enable behavior enforcement, (A) Authentic ated prompts enable context wi ndow i ntegrity, (S) S ecurity boundaries enable unt rusted i nput isol ation, (I) I n-context defenses enable secure model re asoni ng, (C) Codified policies enable applic ation-specific rules. The advancements i n Artificial I ntelligence (AI) and its i ntegration across sensitive fields, such as he althc are, fi nance, and critic al i nfrast ructure, have i ncre ased the attack surface of such AI systems. They expose applic ations and data to risks of exfilt ration, i nfection, and mani pulation, potentially compromisi ng confidentiality, i ntegrity, and availability. Movi ng beyond theoretic al risks, a growi ng number of re al-world AI security i ncidents are bei ng reported [1] . The developments i n Large Language Models (LLMs) have i nt roduced a p aradigm shift i n AI engi neeri ng, where buildi ng AI systems is largely centered around i ntegrati ng LLM models. These models have thei r i nherent vulnerabilities that exp and the attack surface and i nt roduce additional security risks.