Search

US-12619741-B1 - Systems and methods for agentic policy enforcement

US12619741B1US 12619741 B1US12619741 B1US 12619741B1US-12619741-B1

Abstract

Systems and methods for policy enforcement within an artificial intelligence (AI) agentic workflow. Each action within the AI agentic workflow is intercepted by a run-time enforcement engine. Utilizing security labels for each component within the AI agentic workflow, the run-time enforcement engine cross-references the security labels against a policy to ensure an action taken by a component within the AI agentic workflow is authorized under the policy.

Inventors

  • Adam VINCENT

Assignees

  • Bricklayer AI Inc.

Dates

Publication Date
20260505
Application Date
20251212

Claims (20)

  1. 1 . A method for enforcing policy controls in an AI agent workflow, comprising: providing a computer processor including a memory; providing at least one security label for components of the AI agent workflow; wherein the components of the AI agent workflow include at least one AI agent, at least one tool, at least one data source, and at least one memory; intercepting via a run-time enforcement engine a request by a requesting component of the AI agent workflow to perform an action on a target component; retrieving a security label associated with the requesting component and a security label associated with the target component; matching the security label associated with the requesting component against a set of predefined policy rules, wherein each rule of the set of predefined policy rules specifies permitted or restricted actions based on security label attributes; evaluating a contextual condition associated with the requesting component; determining, based on the set of predefined policy rules and the evaluated contextual condition, whether to allow, deny, or conditionally permit the request; and executing, blocking, or auditing the action based on the determination.
  2. 2 . The method of claim 1 , wherein the at least one security label includes an identity field, a function role field, a data sensitivity classification, and an execution level designation.
  3. 3 . The method of claim 1 , wherein the action includes reading from a memory element, writing to the memory element, invoking a plugin and/or external service, delegating a task and/or sub-task from a first of the at least one AI agent to a second of the at least one AI agent, escalating the task and/or sub-task to a higher level AI agent, and/or executing a procedure.
  4. 4 . The method of claim 1 , further comprising generating an audit log for each intercepted request, wherein the audit log includes a subject label, an object label, an action attempted, a decision result, and a timestamp.
  5. 5 . The method of claim 1 , wherein the set of predefined policy rules includes wildcard or pattern-based matching for the at least one security label and wherein the contextual condition includes evaluating dynamic run-time attributes, including time of day, case assignment, agent team membership, and/or task lineage.
  6. 6 . The method of claim 1 , wherein the at least one AI agent includes a tier 1 alert triage agent, a threat intelligence enrichment agent, a vulnerability management agent, and/or an incident response reporting agent.
  7. 7 . The method of claim 1 , wherein the action includes execution of a predefined security operations center (SOC) procedure, wherein the SOC procedure includes a phishing alert triage, a ransomware incident response, executive summary reporting, and/or vulnerability remediation planning.
  8. 8 . A method for enforcing policy controls in an AI agent workflow, comprising: providing a computer processor including a memory; including a procedure within the AI agent workflow; providing a plurality of components within the AI agent workflow; assigning a procedure-level security label to a composite task within the AI agent workflow; wherein the plurality of components of the AI agent workflow includes at least one AI agent, at least one tool, at least one data source, and at least one memory; wherein the composite task includes at least one sub-task; propagating the procedure-level security label to the at least one sub-task within the procedure executed by one of the plurality of components within the AI agent workflow; enforcing at least one policy authorization by a run-time enforcement engine execution of the at least one sub-task under the propagated procedure-level security label; maintaining an association between each of the at least one sub-task and the one of the plurality of components calling the at least one sub-task; and auditing the at least one sub-task executed by the one of the plurality of components within the AI agent workflow under the propagated procedure-level security label.
  9. 9 . The method of claim 8 , further comprising limiting propagated actions within the composite task based on a native label of an executing AI agent to prevent unauthorized privilege escalation.
  10. 10 . The method of claim 8 , wherein the run-time enforcement engine includes predefined security operating center (SOC) rulesets for escalation of alerts based on label elevation logic, enforcement of sensitivity containment across reporting procedures, and/or dynamic enrichment permissions based on data sensitivity and source trust levels.
  11. 11 . The method of claim 8 , wherein the procedure includes a series of tasks and/or sub-tasks operable to be executed by any of the at least one AI agent within the AI agentic workflow.
  12. 12 . The method of claim 8 , wherein the procedure-level security label includes an identity, a function role, a data sensitivity classification, and an execution level.
  13. 13 . The method of claim 8 , further comprising a temporary override function such that the run-time enforcement engine allows the at least one sub-task until the temporary override is terminated.
  14. 14 . A system for enforcing policy controls in an AI agent workflow, comprising: at least one computer processor including a memory; a plurality of AI agents each configured to perform tasks and/or sub-tasks in a collaborative workflow; a security label registry associating security labels with components within the AI agent workflow; a policy engine operable to store and match policy rules based on the security labels; a run-time enforcement engine operable to intercept an attempted action, resolve security labels associated with requesting components and security labels associated with target components, evaluate the policy rules and contextual conditions, and return a decision to allow, deny, or audit allowed actions; wherein the components within the AI agent workflow include the plurality of AI agents, at least one tool, at least one memory, and at least one data source; and wherein the at least one memory is operable to store the tasks and/or sub-tasks, results for completed tasks and/or sub-tasks, and a shared memory state.
  15. 15 . The system of claim 14 , wherein the run-time enforcement engine is operable to support a break-glass override function, a policy versioning rollback, and a simulated policy enforcement for policy validation.
  16. 16 . The system of claim 14 , wherein the plurality of AI agents operate asynchronously and across different execution levels, and wherein the run-time enforcement engine ensures consistent policy enforcement across distributed execution contexts.
  17. 17 . The system of claim 14 , wherein the run-time enforcement engine is operable to log each of the intercepted attempted actions.
  18. 18 . The system of claim 14 , wherein the at least one memory includes saving a series of tasks and/or sub-tasks as a procedure.
  19. 19 . The system of claim 14 , wherein the security labels include an identity, a function role, a data sensitivity classification, and an execution level.
  20. 20 . The system of claim 14 , wherein resolving the security labels includes the run-time enforcement engine comparing a subject type, role match, sensitivity match, and level match to an object type, object role match, object sensitivity match, and an object level match.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to policy enforcement for artificial intelligence (AI) agent systems and, more specifically, label-based runtime policy enforcement for AI agentic systems. 2. Description of the Prior Art It is generally known in the prior art to utilize role-based access control (RBAC) or hardcoded permission checks. Prior art patent documents include the following: U.S. Pat. No. 12,316,655 for cyber resilience agentic mesh by inventors Jonathan J. Thompson et al., filed Jan. 30, 2025, and issued May 27, 2025, is directed to systems, methods, and computer-readable media for autonomous agents. The autonomous agent can include one or more processing circuits configured to receive or identify a dynamic data structure comprising one or more functions or one or more frameworks for performing a plurality of cyber resilience operations. The processing circuits can register the autonomous agent with a decentralized network, centralized network, or data source (DNCNDS). The processing circuits can receive or identify, from at least one computing system external or internal to the DNCNDS, cyber resilience data. The processing circuits can perform, in real-time, the at least one cyber resilience operation of the plurality of cyber resilience operations based at least on selecting at least one function of the one or more functions of the dynamic data structure based at least on the cyber resilience data. US Patent Pub. No. 2025/0225213 for a system and method for policy enhancement by inventors Tushar Dogra et al., filed Sep. 14, 2023, and published Jul. 10, 2025, is directed to determining whether candidate digital components violate a policy and using the determination to propagate policy labels. Candidate digital components may be filtered such that only a subset of the candidate digital components is provided to a machine learning model for further policy review. The machine learning model may provide a confidence score associated with the policy violation prediction. The policy violation prediction may be “violates policy” or “does not violate policy.” A label corresponding to the policy violation prediction may be associated with the digital component. The confidence score may be used when determining whether to use the policy violation prediction to propagate labels to other digital components. The labels may be propagated using a seed based enforcement system or a neighborhood based propagation system. U.S. Pat. No. 11,616,782 for context-aware content object security by inventors Alok Ojha et al., filed Oct. 1, 2020, and issued Mar. 28, 2023, is directed to a global permissions model. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification. U.S. Pat. No. 11,102,189 for techniques for delegation of access privileges by inventors Kevin Ross O'Neill et al., filed Jun. 26, 2014, and issued Aug. 24, 2021, is directed to systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information. U.S. Pat. No. 10,958,653 for dynamically adaptive computer security permissions by inventors Kevin Christopher Miller et al., filed Jun. 27, 2017, and issued Mar. 23, 2021, is directed to a computing resource service provider granting a first set of security permissions to a principal (e.g., a user) which may be used to access a plurality of computing resources. The permissions may be associated with a first security token. The principal may access resources using