KAIJU: An Executive Kernel for Intent-Gated Execution of LLM Agents

Researchers Cormac and Frank Guerin have published a paper on KAIJU, an 'Executive Kernel' designed to solve core limitations in today's LLM-based autonomous agents. Current systems using the popular ReAct pattern suffer from serial latency (tools run one after another), quadratic context growth, and vulnerability to prompt injection and hallucinations. KAIJU addresses this by introducing a fundamental architectural shift, completely decoupling the LLM's planning and reasoning layer from the mechanics of executing workflows.

At its core, KAIJU introduces two first-class abstractions. First is Intent-Gated Execution (IGX), a security paradigm that authorizes every tool call based on four independent variables: scope, intent, impact, and external clearance. Second is the Executive Kernel itself, which manages scheduling, parallel tool dispatch, dependency resolution, and failure handling. The LLM plans upfront, optimistically scheduling tools in parallel, while the kernel handles execution with built-in safety. The system offers three adaptive execution modes (Reflect, nReflect, Orchestrator) for different task complexities.

Empirical evaluation shows that while KAIJU has a planning overhead penalty on very simple queries, it converges with ReAct on moderate tasks and gains a significant structural advantage on complex computational queries that benefit from parallel data gathering. Beyond raw speed, the key benefit is enforceable behavioral guarantees and security that ReAct-style prompting alone cannot achieve. The code is publicly available, positioning KAIJU as a potential foundational layer for building more reliable and secure agentic systems.