Insights
The insights drive the design.
Every layer in the framework exists because something fails in a specific, repeatable way. These are those failures, and the MASO control each one forces into being.
The core arguments
Six failures, six controls.
Read these six and you have the case for runtime security in full. Each one points to the MASO control it produces.
AI is non-deterministic, so pre-deployment testing cannot prove future safety. Security has to run continuously.
Drives: PACE resilience →Fixed rules block known-bad patterns. Novel injection and semantic violations walk straight past them.
Drives: Prompt & Epistemic Integrity →An evaluator surfaces unknown-bad against declared intent. It informs humans, it does not replace them.
Drives: Objective Intent →Telling an agent what not to do fails. Make the violation technically impossible, outside the agent.
Drives: Environment Containment →AI assists decisions; humans own outcomes. Oversight scales with consequence, it does not disappear.
Drives: Privileged Agent Governance →Four loops at different speeds turn guardrails, judges, humans, and outcomes into a self-improving system.
Drives: Observability & the Flight Recorder →Where the threats live
Each attack surface has an answer in MASO.
The threat insights are not abstract. Every one maps to a concrete control domain in the multi-agent framework.
Retrieval pipelines bypass your existing access controls and carry poisoned content into reasoning.
Drives: Data Protection →The protocol everyone is adopting hands agents universal tool access with no auth or monitoring.
Drives: Supply Chain →Multi-agent systems open accountability gaps and let one agent's output become another's instruction.
Drives: Identity & Access →The most powerful agents in the system, the ones that create and direct others, have the fewest controls.
Drives: Privileged Agent Governance →Objectives, context, and tools drift away from declared intent over a long task horizon.
Drives: Agentic Task Mandate →Long context and persistent memory let poisoned data survive across sessions as a quiet backdoor.
Drives: Data Protection →The whole library
Insights are the why. Controls are the how.
Forty-plus short reads, grouped by theme, with a curated reading order that walks from problem to control.