Agentic AI Runtime Security and Self-Defense (2025) (arxiv.org)

The introduction of the A2AS (Agentic AI Runtime Security and Self-Defense) framework marks a significant advancement in securing AI agents and applications powered by large language models (LLMs). Equivalent to how HTTPS protects web traffic, A2AS establishes essential security measures that enforce certified behavior and ensure the integrity of context windows, which are crucial for reliable model performance. By defining clear security boundaries, authenticating prompts, and implementing custom policies, the framework promotes a defense-in-depth strategy that mitigates potential vulnerabilities. Importantly, the A2AS framework, built on the BASIC security model (Behavior certificates, Authenticated prompts, Security boundaries, In-context defenses, and Codified policies), avoids common issues like latency overhead and operational complexities. This innovative approach paves the way for a standardized security protocol in the AI/ML community, promising enhanced safety for deploying AI applications in real-world scenarios. As the first in a series of papers on this topic, the introduction of A2AS not only highlights the necessity of security in AI systems but also sets a foundation for developing a comprehensive industry standard in AI runtime security.