AI/ ai · security · dev-tools · agents

A Paper Proposes Cryptographic Receipts for AI Agent Actions

Researchers want AI agents to prove every step they took was authorized, logged, and replayable — not just that their final output looks right.

AI agents are running code and touching databases, but there's no standard way to prove they did it correctly.

A paper published on arXiv proposes a framework called Proof of Execution (PoE) that treats an agent's entire run as a verifiable object. Each execution bundles a contract, a causal event stream, and a replay context into a triple that validators can check against five invariants: authorization, path compliance, null effect on denied actions, history integrity, and replayability. The system issues an Execution Attestation Certificate only when all checks pass. In a TypeScript prototype, the overhead is about 2.7 ms on a minimal flow and 4.4% on concurrent batch workloads — low enough to be practical.

The significance here is that most AI governance talk stops at outputs: did the model say something harmful? PoE shifts the question to the execution trace itself — was each tool call sanctioned, and can an auditor reconstruct exactly what happened? That matters most in regulated industries where "it seemed fine" is not a legal defense.

The authors are careful to say PoE does not replace consensus protocols, trusted execution environments, or zero-knowledge proofs — it sits alongside them, binding authorization and history into one runtime-checkable record. Whether enterprise buyers will adopt yet another attestation layer before standards bodies settle on one is the question the paper does not answer.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →