ALARA for Agents: Least-Privilege Context Engineering Through Portable Composable Multi-Agent Teams

Researchers Christopher Agostino and Nayan D'Souza have proposed a new framework, ALARA, to solve a critical security and management problem in multi-agent AI systems. Current systems define what agents can do through a messy combination of prose instructions, internal configurations, and separate mechanisms like MCP servers. This makes agent behavior specifications difficult to share, version, or maintain across teams. ALARA applies the 'As Low As Reasonably Achievable' principle from radiation safety to AI agents, creating a declarative data layer that strictly scopes each agent's access to tools and context to the bare minimum its role requires.

This framework introduces a context-agent-tool (CAT) data layer expressed through interrelated files and a command-line shell called `npcsh` for execution. Because the system parses and enforces these files structurally, modifying an agent's tool list produces a guaranteed, enforceable change in behavior, rather than a suggestion the AI model might ignore. To validate their approach, the authors conducted an extensive benchmark, evaluating 22 locally-hosted AI models (ranging from 0.6B to 35B parameters) across 115 practical tasks. These tasks spanned file operations, web search, scripting, tool chaining, and multi-agent delegation, totaling roughly 2500 executions to characterize which model families succeed at different task categories.

The work, submitted to HAXD 2026, positions ALARA as a foundational step toward portable, composable, and securely managed multi-agent teams. By moving from fragmented, informal specifications to a structured, declarative system, it aims to improve both the quality of human-agent interactions and the capacity for teams to coordinate through shared, reliable agent infrastructure. The framework and benchmark are open source, inviting further development from the community.