Verifiable Agentic Infrastructure: Proof-Derived Authorization for Sovereign AI Systems
Quick Answer
The paper introduces a Distributed Trust Framework (DTF) for sovereign AI systems, shifting authorization from identity to proof-derived authority.
Quick Take
The paper introduces a Distributed Trust Framework (DTF) for sovereign AI systems, shifting authorization from identity to proof-derived authority. DTF enhances security by ensuring no high-stakes execution occurs without a verifiable proof, consensus, and evidence, thus making autonomous agent actions governable and auditable in cloud environments.
Key Points
- DTF computes execution authority from structured, verifiable artifacts.
- Introduces Justification Proof to encode action admissibility.
- Consensus model allows independent evaluation of intents.
- Ephemeral Execution Identity is derived from approved proofs.
- Evidence Chain preserves the lifecycle of authorization.
Paper Resources
📖 Reader Mode
~2 min readAbstract:Modern cloud and enterprise systems rely on identity-centric authorization, assuming that callers possessing valid credentials are safe to execute commands. The emergence of autonomous AI agents invalidates this assumption: agents can generate syntactically valid but semantically unsafe actions, making standing privileges a significant operational risk. This risk becomes especially acute in sovereign AI systems, where autonomous agents may interact with cloud infrastructure, regulated data, financial workflows, and national-scale digital services. Governed mutation substrates reduce this risk by interposing on agent actions: agents submit intents, infrastructure evaluates context and policy, and execution is mediated. However, this shifts the trust boundary: how can the decision to authorize an intent be made verifiable, distributed, and replayable?
We introduce a Distributed Trust Framework (DTF), a verification framework for governed mutation systems that computes execution authority from structured, verifiable artifacts. DTF introduces a Justification Proof to encode the admissibility basis of an action, a consensus model for independent evaluation, an ephemeral Execution Identity derived from the approved proof, and an append-only Evidence Chain that preserves the authorization lifecycle. Under stated substrate assumptions, this architecture enforces a compact authorization invariant: no high-stakes execution without a proof object, no derived authority without consensus, and no valid mutation detached from evidence.
We define the model, instantiate it over an OpenKedge-based governed mutation substrate, and show how it maps onto cloud-native environments. By shifting authorization from standing identity to proof-derived authority, DTF provides an infrastructure foundation for making agentic execution governable, auditable, and bounded in sovereign AI deployments.
| Comments: | 19 pager, 2 figures, 4 tables |
| Subjects: | Artificial Intelligence (cs.AI); Machine Learning (cs.LG) |
| Cite as: | arXiv:2605.15228 [cs.AI] |
| (or arXiv:2605.15228v1 [cs.AI] for this version) | |
| https://doi.org/10.48550/arXiv.2605.15228 arXiv-issued DOI via DataCite |
Submission history
From: Jun He [view email]
[v1]
Wed, 13 May 2026 17:58:52 UTC (28 KB)
— Originally published at arxiv.org
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from arXiv cs.AI
See more →Procedural Memory Distillation: Online Reflection for Self-Improving Language Models
Procedural Memory Distillation (PMD) enhances reinforcement learning by converting cross-episode signals into reusable memory, improving Qwen3-8B and OLMo3-Instruct-7B models by 3.8-5.5% on SCIKNOWEVAL and 7.9-13.6% on . The co-evolution of policy and memory allows for more effective self-supervision, demonstrating significant performance gains when both components are active.