[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-a-new-system-blocks-unsafe-ai-agent-tool-chains-before-they-run":10,"sections":34},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":24,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},3835,"a-new-system-blocks-unsafe-ai-agent-tool-chains-before-they-run","A New System Blocks Unsafe AI Agent Tool Chains Before They Run","Researchers propose a two-phase security framework that catches policy violations created by combining AI tools, not just by individual ones.","Chaining AI tools together creates security gaps that no single tool's guardrails can close.\n\nA paper published this week introduces the Dynamic Security Control Compositor (DSCC), a two-phase framework designed to stop multi-tool AI agent chains from violating organizational policy. In the first phase, before any tool runs, a Most Restrictive Set algorithm combines per-tool security policies into one effective policy — and the math is designed so adding more tools to a chain can only make the combined policy stricter, never looser. In the second phase, as tools execute, the system tracks which sensitivity classifications the agent has touched in a running \"taint state\" and revokes the session if the next tool call would exceed the accumulated exposure limit. The researchers built a reference implementation covering 32 tools governed by 16 NIST SP 800-53 aligned policies.\n\nThe core insight is that tools which are individually permitted can still violate policy when composed — a problem that static, per-tool guardrails structurally cannot solve. That is a genuine gap in how most deployed agent systems are designed today, and as frontier coding agents and autonomous workflows grow more common, the attack surface grows with them.\n\nThe headline numbers are notable: in the stricter clearance mode, the system blocks 79.2% of two-tool policy pairs and 95.5% of three-tool combinations. A looser taint mode, which allows mixed-classification chains up to an exfiltration boundary, still blocks 42.5% and 60.5% respectively. Whether those thresholds land as \"good enough\" will depend heavily on what the blocked combinations actually are — numbers alone don't tell you whether the remaining 4.5% of triples are the dangerous ones.","[\"ai\",\"security\",\"agents\",\"research\"]","2026-07-07T04:00:00.000Z","2026-07-07T09:40:06.264Z","2026-07-07T09:40:09.242Z","published",null,[],"ai",[24,26,27,28],"security","agents","research",[30],{"name":31,"url":32},"arXiv cs.AI","https:\u002F\u002Farxiv.org\u002Fabs\u002F2607.03423",0,{"sections":35},[36,40,44,49,54,59,64,69,74,78,83,87,92,97],{"name":37,"slug":24,"count":38,"latest_published_at":39},"AI",2590,"2026-07-16T04:00:00.000Z",{"name":41,"slug":26,"count":42,"latest_published_at":43},"Security",294,"2026-07-15T19:59:48.000Z",{"name":45,"slug":46,"count":47,"latest_published_at":48},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":50,"slug":51,"count":52,"latest_published_at":53},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":55,"slug":56,"count":57,"latest_published_at":58},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":60,"slug":61,"count":62,"latest_published_at":63},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":65,"slug":66,"count":67,"latest_published_at":68},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":70,"slug":71,"count":72,"latest_published_at":73},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":75,"slug":76,"count":77,"latest_published_at":18},"Dev Tools","dev-tools",59,{"name":79,"slug":80,"count":81,"latest_published_at":82},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":84,"slug":85,"count":81,"latest_published_at":86},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":88,"slug":89,"count":90,"latest_published_at":91},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":93,"slug":94,"count":95,"latest_published_at":96},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":98,"slug":99,"count":100,"latest_published_at":101},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]