Capability-Based Authorization for AI Agents: Warrants That Survive Prompt Injection

Name: Capability-Based Authorization for AI Agents: Warrants That Survive Prompt Injection
Duration: 20 min
Description: The authorization models enterprises built for microservices are fundamentally broken for AI agents. Niyikiza introduces the "Tenuo warrant" — a capability-based, cryptographically signed, task-scoped authorization primitive that freezes an agent's blast radius at delegation time, surviving prompt injection regardless of what the model does at runtime. ---

Niki Aimable Niyikiza

[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 2

The authorization models enterprises built for microservices are fundamentally broken for AI agents. Niyikiza introduces the "Tenuo warrant" — a capability-based, cryptographically signed, task-scoped authorization primitive that freezes an agent's blast radius at delegation time, surviving prompt injection regardless of what the model does at runtime. ---

AI review

Sixty years of capability theory, two DeepMind papers, one Rust implementation, and a live demo that killed a prompt injection dead at the execution layer without touching the model. The monotonic attenuation principle — blast radius frozen at delegation time regardless of runtime behavior — is the architectural primitive the entire agentic security space has been missing.

Watch on YouTube