{"id":"https://openalex.org/W7138843467","doi":"https://doi.org/10.1609/aaai.v40i47.41468","title":"InfrastructureSentinel: Policy Enforced Guardrails for Secure MCP-driven Infrastructure Agents","display_name":"InfrastructureSentinel: Policy Enforced Guardrails for Secure MCP-driven Infrastructure Agents","publication_year":2026,"publication_date":"2026-03-14","ids":{"openalex":"https://openalex.org/W7138843467","doi":"https://doi.org/10.1609/aaai.v40i47.41468"},"language":"en","primary_location":{"id":"doi:10.1609/aaai.v40i47.41468","is_oa":true,"landing_page_url":"https://doi.org/10.1609/aaai.v40i47.41468","pdf_url":"https://ojs.aaai.org/index.php/AAAI/article/download/41468/45429","source":{"id":"https://openalex.org/S4210191458","display_name":"Proceedings of the AAAI Conference on Artificial Intelligence","issn_l":"2159-5399","issn":["2159-5399","2374-3468"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310320058","host_organization_name":"Association for the Advancement of Artificial Intelligence","host_organization_lineage":["https://openalex.org/P4310320058"],"host_organization_lineage_names":["Association for the Advancement of Artificial Intelligence"],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the AAAI Conference on Artificial Intelligence","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://ojs.aaai.org/index.php/AAAI/article/download/41468/45429","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061190677","display_name":"Tarun Kumar","orcid":"https://orcid.org/0000-0001-6265-629X"},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tarun Kumar","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044171088","display_name":"Aalap Tripathy","orcid":"https://orcid.org/0000-0002-9046-6298"},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aalap Tripathy","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093240718","display_name":"Gayathri Saranathan","orcid":"https://orcid.org/0009-0009-9991-004X"},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gayathri Saranathan","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129936448","display_name":"Martin Foltin","orcid":null},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Martin Foltin","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5105513963","display_name":"Suparna Bhattacharya","orcid":"https://orcid.org/0000-0001-9541-4027"},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Suparna Bhattacharya","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129973522","display_name":"Scott Hinchley","orcid":null},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Scott Hinchley","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130180508","display_name":"Donald M Bahls","orcid":null},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Donald M Bahls","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130185583","display_name":"David Brookshire","orcid":null},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Brookshire","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013389843","display_name":"Larry Kaplan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Larry Kaplan","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026582805","display_name":"Robert W. Wisniewski","orcid":"https://orcid.org/0000-0001-7393-0813"},"institutions":[{"id":"https://openalex.org/I4210122178","display_name":"Hewlett Packard Enterprise (United States)","ror":"https://ror.org/020x0c621","country_code":"US","type":"company","lineage":["https://openalex.org/I4210122178"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robert W. Wisniewski","raw_affiliation_strings":["Hewlett Packard Enterprise"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hewlett Packard Enterprise","institution_ids":["https://openalex.org/I4210122178"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":10,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.60683761,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"40","issue":"47","first_page":"40295","last_page":"40301"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.4781000018119812,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.4781000018119812,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.2029000073671341,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.061500001698732376,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.5292999744415283},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.5059000253677368},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.503600001335144},{"id":"https://openalex.org/keywords/critical-infrastructure-protection","display_name":"Critical infrastructure protection","score":0.42750000953674316},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.41029998660087585},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.39989998936653137},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.399399995803833},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.3939000070095062},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.36469998955726624},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.36320000886917114}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7818999886512756},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.5292999744415283},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5063999891281128},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.5059000253677368},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.503600001335144},{"id":"https://openalex.org/C2779033394","wikidata":"https://www.wikidata.org/wiki/Q5186733","display_name":"Critical infrastructure protection","level":3,"score":0.42750000953674316},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.41029998660087585},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.39989998936653137},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.399399995803833},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.3939000070095062},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.36469998955726624},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.36320000886917114},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.34929999709129333},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3452000021934509},{"id":"https://openalex.org/C2780952636","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident management","level":2,"score":0.3425000011920929},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.3312000036239624},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.32019999623298645},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3172999918460846},{"id":"https://openalex.org/C69360830","wikidata":"https://www.wikidata.org/wiki/Q1172237","display_name":"Data Protection Act 1998","level":2,"score":0.31209999322891235},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.3118000030517578},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3066999912261963},{"id":"https://openalex.org/C72648740","wikidata":"https://www.wikidata.org/wiki/Q658476","display_name":"Public key infrastructure","level":4,"score":0.30070000886917114},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3000999987125397},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.2928999960422516},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.290800005197525},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.28299999237060547},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.28279998898506165},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.272599995136261},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.27090001106262207},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2705000042915344},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.26829999685287476},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.2612000107765198},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.2533000111579895}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1609/aaai.v40i47.41468","is_oa":true,"landing_page_url":"https://doi.org/10.1609/aaai.v40i47.41468","pdf_url":"https://ojs.aaai.org/index.php/AAAI/article/download/41468/45429","source":{"id":"https://openalex.org/S4210191458","display_name":"Proceedings of the AAAI Conference on Artificial Intelligence","issn_l":"2159-5399","issn":["2159-5399","2374-3468"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310320058","host_organization_name":"Association for the Advancement of Artificial Intelligence","host_organization_lineage":["https://openalex.org/P4310320058"],"host_organization_lineage_names":["Association for the Advancement of Artificial Intelligence"],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the AAAI Conference on Artificial Intelligence","raw_type":"journal-article"},{"id":"pmh:oai:ojs.aaai.org:article/41468","is_oa":false,"landing_page_url":"https://ojs.aaai.org/index.php/AAAI/article/view/41468","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"2159-5399","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1609/aaai.v40i47.41468","is_oa":true,"landing_page_url":"https://doi.org/10.1609/aaai.v40i47.41468","pdf_url":"https://ojs.aaai.org/index.php/AAAI/article/download/41468/45429","source":{"id":"https://openalex.org/S4210191458","display_name":"Proceedings of the AAAI Conference on Artificial Intelligence","issn_l":"2159-5399","issn":["2159-5399","2374-3468"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310320058","host_organization_name":"Association for the Advancement of Artificial Intelligence","host_organization_lineage":["https://openalex.org/P4310320058"],"host_organization_lineage_names":["Association for the Advancement of Artificial Intelligence"],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the AAAI Conference on Artificial Intelligence","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.5237005352973938,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7138843467.pdf","grobid_xml":"https://content.openalex.org/works/W7138843467.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0,112],"proliferation":[1],"of":[2,43],"Model":[3],"Context":[4],"Protocol":[5],"(MCP)":[6],"servers":[7],"in":[8,117,148],"enterprise":[9,160],"infrastructure":[10,45,71,161],"management":[11,46],"has":[12],"revolutionized":[13],"AI-driven":[14],"automation":[15],"while":[16,163],"introducing":[17],"critical":[18,115],"multi-layered":[19],"security":[20,41,90,119],"vulnerabilities":[21],"that":[22,37,60,77],"traditional":[23],"cybersecurity":[24],"frameworks":[25],"cannot":[26],"adequately":[27],"address.":[28],"This":[29],"paper":[30],"presents":[31],"a":[32,48,56],"comprehensive":[33,130],"intelligent":[34],"guardrail":[35],"system":[36,85,113],"addresses":[38,114],"the":[39,145],"unique":[40],"challenges":[42],"MCP-driven":[44],"through":[47,136],"novel":[49],"four-layer":[50],"defense":[51],"architecture.":[52],"Our":[53,142],"solution":[54],"employs":[55],"dedicated":[57],"guardian":[58],"LLM":[59],"interprets":[61],"natural":[62],"language":[63],"policies":[64],"and":[65,84,109,129,139,154],"applies":[66],"contextual":[67],"reasoning":[68],"to":[69,79],"complex":[70],"scenarios,":[72],"providing":[73,122],"dynamic":[74],"policy":[75,127],"enforcement":[76],"adapts":[78],"user":[80],"roles,":[81],"operational":[82,165],"timing,":[83],"context.":[86],"Unlike":[87],"existing":[88,118],"rule-based":[89],"systems,":[91],"our":[92],"approach":[93],"implements":[94],"guardrails":[95],"at":[96],"four":[97],"distinct":[98],"control":[99],"points:":[100],"input":[101],"message":[102],"filtering,":[103],"tool":[104,155],"selection":[105],"validation,":[106],"execution-time":[107],"verification,":[108],"post-action":[110],"auditing.":[111],"gaps":[116],"solutions":[120],"by":[121],"infrastructure-specific":[123],"threat":[124],"modeling,":[125],"real-time":[126],"adaptation,":[128],"audit":[131],"trails":[132],"with":[133],"explainable":[134],"decision-making":[135],"confidence":[137],"scores":[138],"detailed":[140],"reasoning.":[141],"evaluation":[143],"demonstrates":[144],"system's":[146],"effectiveness":[147],"preventing":[149],"command":[150],"injection,":[151],"privilege":[152],"escalation,":[153],"poisoning":[156],"attacks":[157],"across":[158],"various":[159],"scenarios":[162],"maintaining":[164],"agility":[166],"essential":[167],"for":[168],"modern":[169],"data":[170],"center":[171],"management.":[172]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-03-20T00:00:00"}