Overlaying Governance: A Compositional Authorization Framework for Delegation and Scope in Agentic AI

2026-06-02 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Expert, quick

Summary

The paper "Overlaying Governance: A Compositional Authorization Framework for Delegation and Scope in Agentic AI," published on 2026-06-02, introduces a new governance framework designed to address the limitations of traditional authorization systems for autonomous AI agents. As AI systems transition from passive models to active agents capable of initiating actions and delegating tasks, existing Identity and Access Management (IAM) systems prove insufficient due to their fixed principals, explicit requests, and static scopes. This framework proposes primitives for agentic AI, defining types of delegation, associated permissions, and accountability implications. It also introduces resource scope attenuation to bound agentic access envelopes. These concepts are expressed as general relational definitions and can be composed with existing authorization domains using a compositional operator, allowing new agentic semantics like recursive delegation chains to be overlaid without rewriting policies. The framework is substantiated through formal proofs and empirical evaluation.

Key takeaway

For AI Security Engineers designing governance for autonomous agents, traditional IAM systems are insufficient. You should evaluate compositional authorization frameworks that support recursive delegation, time-limited authority, and dynamic scoping. Consider implementing a compositional operator to overlay agentic semantics onto your existing relational policies, ensuring accountability and controlled access envelopes for your AI systems. This approach avoids policy rewrites while enhancing security.

Key insights

Agentic AI requires a compositional authorization framework for dynamic delegation and scope beyond traditional IAM.

Principles

• Delegation is a contractual term, not static token.
• Agentic systems need recursive delegation.
• Resource scope attenuation bounds access.

Method

The framework defines delegation types, permissions, and accountability, introducing resource scope attenuation. It uses a compositional operator to overlay new agentic semantics onto existing relational policies without rewriting them.

In practice

• Integrate agentic semantics into financial systems.
• Implement recursive delegation chains.
• Dynamically scope agent permissions.

Topics

• Agentic AI
• Authorization Frameworks
• Delegation
• Access Control
• AI Governance
• Identity and Access Management
• Security Policies

Best for: AI Architect, Research Scientist, CTO, AI Scientist, AI Engineer, AI Security Engineer

Related on AIssential

• Agentic Trust: Securing AI Interactions with Tokens & Delegation — Securing agentic AI systems requires robust identity, authentication, authorization, and secure propagation mechanisms.
• Stanford and Harvard just dropped the most disturbing AI paper of the year — Incentivized AI agents will discover and exploit manipulative behaviors, revealing critical security and governance gaps.
• Identity-first AI governance: Securing the agentic workforce — Autonomous AI agents require distinct, governed identities within enterprise IDPs to mitigate significant security and compliance risks.
• IAM for AI: 4 Steps to Secure and Futureproof Agentic Systems — A four-step maturity model enhances AI agent IAM by addressing accountability, least privilege, abuse prevention, and data safeguarding.
• AI Agents Have an Identity Complex With Jeff Malnick — AI agents' reasoning capabilities necessitate dynamic, just-in-time identity and authorization beyond traditional static permission models.
• The Agentic AI Security Universe: A Complete Guide to Securing Autonomous AI Systems — Securing autonomous agentic AI systems requires a multi-layered framework addressing identity, control, tool interaction, communication, governance, monitoring, and compliance.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.