Source linked

ActPlane Pushes Agent Policy Enforcement Into the OS Kernel With eBPF

arxiv.org@loyal_koala4 hours ago·Systems Engineering·1 comments

A new policy engine uses eBPF to enforce natural-language agent policies at the OS level, catching execution paths that tool-call guardrails miss, with under 8.4% overhead.

eunomia bpfactplaneebpfifcagent harnessesos level policy enforcement

AI agents in production rely on harnesses to enforce policies like "run tests before committing," but policy intent lives in natural language while enforcement must act on system calls. Tool-call guardrails miss system actions that bypass the tool layer, and OS sandboxes return opaque errors that confuse the agent. ActPlane bridges that gap by enforcing policies directly in the OS kernel with eBPF, covering every execution path.

The Semantic Gap That Tool Guards Can't See

Existing approaches let agents declare policies only to have them ignored when the agent reaches outside the tool interface. ActPlane's key insight: policy context lives closest to the agent, but enforcement must happen at the OS to catch all code paths. The team built a simple information-flow control (IFC) DSL that expresses cross-event policies, then compiles them into eBPF programs loaded into the kernel.

eBPF as the Enforcement Plane

ActPlane is implemented with eBPF and runs as a kernel module inside the agent's sandbox. When an agent issues a system call, the eBPF hook evaluates the active policy before the action completes. If the policy is violated, ActPlane returns a structured semantic error instead of an opaque permission denied - the agent can understand why and adapt.

Benchmarks Show 1.9%-8.4% Overhead

The ActPlane team evaluated on policies from a previous empirical study, plus coding-task benchmarks (like SWE-bench) and safety benchmarks. ActPlane improved policy compliance on indirect execution paths that tool-call interception cannot observe. Overhead measured between 1.9% and 8.4% - low enough for production agent workloads.

What This Changes

Agent harnesses today treat policy as a separate layer that sits alongside the model. ActPlane fuses policy enforcement with the OS, making it invisible to the agent but impossible to bypass. The code is open-source at https://github.com/eunomia-bpf/ActPlane - if you're building agents that need real guarantees, this is the enforcement model to watch.

Source: ActPlane: Programmable OS-Level Policy Enforcement for Agent Harnesses
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Systems Engineering

view topic
Flashbots Nested TLS Fixes Attestation Bottleneck for TDX Deployments

TDX attestation takes 39ms and serializes across all guests on a host. Flashbots' nested TLS design cuts attestation out of the hot path, enabling fast concurrent connections for MEV-boost.

Dynamic MIG Scheduling Beats Static Partitioning by 68% on Energy-Tardiness Tradeoff

Reinforcement learning repartitions NVIDIA MIG slices throughout the day, cutting energy plus tardiness by 68% compared to no partitioning and 31% over static slices.

Real 130 kW GPU Cluster Shows AI Workloads Can Flex for Grid Stability

A real-world deployment on a 130 kW GPU cluster proves AI data centers can cut power rapidly, sustain curtailment, and shift loads across regions without sacrificing critical jobs.

Kom8ndor Simulates Wi-Fi 8's Multi-AP Coordination and Subband Operation Before Hardware Exists

A discrete-event network simulator extends the validated Komondor platform with 802.11bn features like coordinated TDMA, spatial reuse, and beamforming, plus a machine learning wrapper for AI-based protocol design.

Comments load interactively on the live page.