Governing Dynamic Capabilities: Cryptographic Binding and Reproducibility Verification for AI Agent Tool Use
Identifies the 'capability-identity gap' in MCP/A2A: agents acquire tools dynamically at runtime, but no framework detects when capabilities change post-authorization, enabling silent capability escalation that violates EU AI Act traceability requirements. Proposes three defenses: X.509 certificates extended with a skills manifest hash (any tool change invalidates the cert), reproducibility commitments leveraging LLM inference near-determinism, and a hash-linked verifiable interaction ledger for multi-agent forensics. Rust prototype achieves 97µs certificate verification with <1ns capability binding overhead, detecting all 12 attack scenarios including tool trojanization, phantom delegation, and runtime behavioral attacks.
↳ Follow the thread