Skip to content

RFC-010 Extension: Multi-Agent Governance — Reference Register

RFC-010 Extension: Multi-Agent Governance — Reference Register

© 2024-2026 Kanjani AI Research & Causum. All rights reserved.


Multi-Agent Delegation and Authorization

# Reference Relevance to RFC
1 Bichsel, B. et al. “A Compositional Authorization Framework for Delegation and Scope in Agentic AI.” arXiv:2606.03518, 2026. Defines compositional governance primitives for delegation and scope attenuation — directly validates AIGP’s scope envelope and scope narrowing invariant design.
2 Hossain, T. et al. “Authorization Propagation in Multi-Agent AI Systems.” arXiv:2605.05440, 2025. Addresses maintaining authorization invariants as non-human principals delegate tasks — validates AIGP’s delegation token and budget propagation design.
3 Fang, X. et al. “Authenticated Delegation and Authorized AI Agents.” arXiv:2501.09674, 2025. Proposes authenticated, authorized, and auditable delegation of authority to AI agents — aligns with AIGP’s HMAC-signed delegation tokens and audit trail.
4 Debenedetti, E. et al. “Intelligent AI Delegation.” arXiv:2602.11865, 2026. Examines how agents decompose problems and safely delegate to sub-agents — validates the need for bounded delegation depth and scope restrictions.
5 Lipton, Z. et al. “Bridging the Gap Between AI Agent Governance and Robot Ethics.” arXiv:2605.16300, 2025. Explores how consent propagates and degrades across chains of delegation between autonomous agents — validates AIGP’s delegation chain tracking and consent tier enforcement.

Circuit Breaker and Cascading Failure Prevention

# Reference Relevance to RFC
6 Nygard, M. Release It! 2nd ed. Pragmatic Programmers, 2018. Chapter 4: Stability Patterns. Foundational work on the circuit breaker pattern for distributed systems — the original formulation of CLOSED/OPEN/HALF-OPEN state machine that AIGP extends to multi-agent governance.
7 Microsoft Azure Architecture Center. “Circuit Breaker Pattern.” 2024. Production reference architecture for circuit breaker implementation — AIGP extends this with cascading halt propagation across delegation chains.
8 Agentic Patterns. “Agent Circuit Breaker.” 2025. https://agentic-patterns.com/patterns/agent-circuit-breaker Describes failure modes specific to AI agents using external tools — validates AIGP’s circuit breaker design for agentic workloads with token/cost/time dimensions.

Zero Trust and Default-Deny for AI Agents

# Reference Relevance to RFC
9 Cloud Security Alliance. “Agentic Trust Framework: Zero Trust for AI Agents.” 2025. Applies Zero Trust principles to AI agents — validates AIGP’s default-deny agency where agents possess zero capabilities until explicitly granted via scope envelope.
10 Anthropic. “Securing AI Agents: A Zero Trust Guide.” 2025. Reports 80% of organizations have experienced AI agents acting beyond intended scope — validates the need for AIGP’s tool allowlist and mandatory pre-invocation authorization.
11 Tianpan.co. “The Authorization Debt Nobody Audits.” 2026. Reports 4.5x higher security incident rate for over-privileged AI agents vs. least-privilege enforcement — empirical evidence for AIGP’s default-deny design.
12 Non-Human Identity Management Group. “Deny by Default.” 2025. Defines deny-by-default authorization posture for non-human identities including AI agents — directly aligns with AIGP’s core design principle.

Multi-Agent Risk Analysis

# Reference Relevance to RFC
13 Charisi, V. et al. “Risk Analysis Techniques for Governed LLM-based Multi-Agent Systems.” arXiv:2508.05687, 2025. Demonstrates that multi-agent systems transform the risk landscape rather than simply adding to single-agent risks — validates the need for agent-to-agent governance at the protocol level.
14 Hoffmann, J. et al. “Toward Adaptive Categories.” arXiv:2505.11579, 2025. Argues fixed governance categories are insufficient for dynamic AI agents — supports AIGP’s per-invocation evaluation model over static classification.

Distributed Observability and Tracing

# Reference Relevance to RFC
15 OpenTelemetry Project. “OpenTelemetry Specification.” CNCF, 2024. https://opentelemetry.io/docs/specs/otel/ Industry standard for distributed tracing with parent-child span relationships — AIGP’s trace chaining (parent_trace_id) follows established OTEL patterns.
16 Sigelman, B. et al. “Dapper, a Large-Scale Distributed Systems Tracing Infrastructure.” Google, 2010. Foundational work on distributed tracing — AIGP’s multi-agent trace visualization follows Dapper’s causal relationship model extended to agent delegation chains.

Last updated: June 2026