Security and Provenance for Self-Hosted Agentic Systems
Description
Self-hosted agentic systems shift the security boundary inward. The cloud's shared-responsibility model carries an implicit assumption that the substrate is secured by the provider; self-hosting moves that responsibility onto the operator. Simultaneously, provenance — where a model came from, how weights were obtained, what training data is encoded, what fine-tunes have been applied, what tool integrations are authorized — becomes a first-class concern not because of regulation alone but because confident misalignment can originate in opaque provenance. This paper argues that security and provenance for self-hosted agentic systems must be designed together, not separately. Security without provenance lets compromised models hide in plain sight; provenance without security lets attested chains be tampered with. The combined layer is what HGC³AE²'s C¹ (Cybersecurity) actually requires at runtime.
Files
security-provenance-v0.1-seed.pdf
Files
(437.8 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:6b4e6e7586c790a598b3ad866c4d1230
|
437.8 kB | Preview Download |
Additional details
Related works
- Is identical to
- Working paper: https://nonsequitur.tech/pubs/white-papers/security-provenance/ (URL)