Publications

The Capability-Container Pattern: Infrastructure-Level Security for Autonomous AI Agents

Ricardo Ledan

Addresses security vulnerabilities at the agent-tool boundary where autonomous AI agents invoke external tools via protocols like MCP. Proposes an infrastructure-level approach where agents never directly access tools—all tool invocations flow through a mediation gateway into isolated containers with minimal provisioned capabilities. The reference implementation (Harombe) demonstrates six defense-in-depth layers including container isolation, network filtering, credential management, audit logging, secret detection, and approval gates, achieving 100% secret detection and an F1 score of 0.991 while maintaining minimal overhead (~0.025 ms).