SentinelAgent: Intent-Verified Delegation Chains for Securing Federal Multi-Agent AI Systems

Researcher KrishnaSaiReddy Patil has published SentinelAgent, a groundbreaking framework designed to solve the critical security gap in multi-agent AI systems where delegation chains become opaque and unverifiable. The system introduces a Delegation Chain Calculus (DCC) that defines seven core security properties—six deterministic and one probabilistic—for tracking authorization from User X through Agent A to Tool C. Crucially, the framework's non-LLM Delegation Authority Service enforces these properties at runtime, achieving perfect 100% true positive detection with zero false positives on the comprehensive DelegationBench v4 benchmark, which includes 516 scenarios across 10 attack categories and 13 federal domains.

In rigorous testing, SentinelAgent's deterministic security properties proved unbreakable under adversarial stress, with the system successfully blocking all 30 black-box attacks. While intent verification against sophisticated paraphrasing initially degraded to 13%, fine-tuning on 190 government delegation examples dramatically improved performance to 88.3% true positive rate. The six deterministic properties (including authority narrowing and forensic reconstructibility) were mechanically verified via TLA+ model checking across 2.7 million states with zero violations, ensuring that even if intent verification is bypassed, adversaries remain constrained to permitted API calls and traceable actions. The framework already integrates with LangChain agents, providing immediate practical application for securing complex AI workflows in sensitive environments.