Published May 13, 2026 | Version 0.1-seed

Security and Provenance for Self-Hosted Agentic Systems

Authors/Creators

  • 1. Non Sequitur Publishing

Description

Self-hosted agentic systems shift the security boundary inward. The cloud's shared-responsibility model carries an implicit assumption that the substrate is secured by the provider; self-hosting moves that responsibility onto the operator. Simultaneously, provenance — where a model came from, how weights were obtained, what training data is encoded, what fine-tunes have been applied, what tool integrations are authorized — becomes a first-class concern not because of regulation alone but because confident misalignment can originate in opaque provenance. This paper argues that security and provenance for self-hosted agentic systems must be designed together, not separately. Security without provenance lets compromised models hide in plain sight; provenance without security lets attested chains be tampered with. The combined layer is what HGC³AE²'s C¹ (Cybersecurity) actually requires at runtime.

Files

security-provenance-v0.1-seed.pdf

Files (437.8 kB)

Name Size Download all
md5:6b4e6e7586c790a598b3ad866c4d1230
437.8 kB Preview Download

Additional details

Related works