{"id":"https://openalex.org/W7165673943","doi":"https://doi.org/10.48550/arxiv.2606.21129","title":"AgenticOS: An Intent-Oriented Secure Operating System Architecture for Autonomous AI Agents","display_name":"AgenticOS: An Intent-Oriented Secure Operating System Architecture for Autonomous AI Agents","publication_year":2026,"publication_date":"2026-06-19","ids":{"openalex":"https://openalex.org/W7165673943","doi":"https://doi.org/10.48550/arxiv.2606.21129"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2606.21129","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.21129","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2606.21129","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107849883","display_name":"Z. Zhao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhao, Zhen","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5139166934","display_name":"Yu Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Yu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021436608","display_name":"Y C Zhu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhu, Yanpeng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5139148581","display_name":"Jia Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Jia","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047692181","display_name":"Songqiao Tao","orcid":"https://orcid.org/0000-0002-5799-4670"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tao, Songqiao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5139153851","display_name":"Xin Cheng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cheng, Xin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5112625169","display_name":"Gao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gao, Jiexin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.4869999885559082,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.4869999885559082,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.18289999663829803,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.07620000094175339,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5205000042915344},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.5098000168800354},{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.4505000114440918},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.4424000084400177},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.41290000081062317},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.39800000190734863},{"id":"https://openalex.org/keywords/trusted-computing-base","display_name":"Trusted computing base","score":0.3846000134944916},{"id":"https://openalex.org/keywords/agent-architecture","display_name":"Agent architecture","score":0.38109999895095825},{"id":"https://openalex.org/keywords/software-agent","display_name":"Software agent","score":0.34209999442100525}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7473999857902527},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5205000042915344},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.5098000168800354},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.4505000114440918},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.4424000084400177},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.41290000081062317},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.39800000190734863},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39169999957084656},{"id":"https://openalex.org/C147346212","wikidata":"https://www.wikidata.org/wiki/Q5492632","display_name":"Trusted computing base","level":4,"score":0.3846000134944916},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.38370001316070557},{"id":"https://openalex.org/C137703981","wikidata":"https://www.wikidata.org/wiki/Q4692093","display_name":"Agent architecture","level":3,"score":0.38109999895095825},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.35910001397132874},{"id":"https://openalex.org/C5894958","wikidata":"https://www.wikidata.org/wiki/Q2297769","display_name":"Software agent","level":2,"score":0.34209999442100525},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.33000001311302185},{"id":"https://openalex.org/C98025372","wikidata":"https://www.wikidata.org/wiki/Q477538","display_name":"Systems architecture","level":3,"score":0.3249000012874603},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.3246000111103058},{"id":"https://openalex.org/C35869016","wikidata":"https://www.wikidata.org/wiki/Q846636","display_name":"Software architecture","level":3,"score":0.32089999318122864},{"id":"https://openalex.org/C2777710495","wikidata":"https://www.wikidata.org/wiki/Q5527195","display_name":"Gateway (web page)","level":2,"score":0.31119999289512634},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2955000102519989},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.2948000133037567},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.2809999883174896},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.2752000093460083},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.27129998803138733},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.27129998803138733},{"id":"https://openalex.org/C74072328","wikidata":"https://www.wikidata.org/wiki/Q1142726","display_name":"Intelligent agent","level":2,"score":0.2630999982357025},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.25220000743865967},{"id":"https://openalex.org/C31139447","wikidata":"https://www.wikidata.org/wiki/Q5380386","display_name":"Enterprise information security architecture","level":2,"score":0.2515000104904175},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2502000033855438}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2606.21129","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.21129","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2606.21129","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2606.21129","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Traditional":[0],"OS":[1,66,89],"security":[2],"models":[3],"based":[4],"on":[5],"\"resource":[6,92],"exposure":[7],"plus":[8],"permission":[9],"checks\"":[10],"face":[11],"structural":[12],"challenges":[13],"as":[14],"LLM-driven":[15],"autonomous":[16],"agents":[17,104],"acquire":[18],"capabilities":[19,73],"for":[20,159],"planning,":[21],"tool":[22,40],"use,":[23],"network":[24],"access,":[25],"and":[26,121,140,155],"code":[27],"execution.":[28],"Once":[29],"an":[30,42,63,95,156],"agent":[31],"runtime":[32],"is":[33,85],"compromised":[34],"through":[35],"prompt":[36],"injection":[37],"or":[38],"malicious":[39],"outputs,":[41],"attacker":[43],"can":[44],"compose":[45],"POSIX-style":[46],"resource":[47],"primitives":[48],"into":[49,74,94],"behaviors":[50],"far":[51],"beyond":[52],"the":[53,88,111,125,147],"user's":[54],"task":[55],"authorization.":[56],"To":[57],"address":[58],"this,":[59],"we":[60,128],"propose":[61],"AgenticOS,":[62],"intent-oriented":[64],"secure":[65],"architecture":[67,132],"that":[68],"consolidates":[69],"delegable,":[70],"auditable":[71],"software":[72],"OS-native":[75],"ones":[76],"rather":[77],"than":[78],"replacing":[79],"all":[80],"applications.":[81],"The":[82],"core":[83],"insight":[84],"to":[86],"reframe":[87],"from":[90,109],"a":[91,114,130],"manager\"":[93],"\"intent":[96],"filter\":":[97],"instead":[98],"of":[99],"requesting":[100],"low-level":[101],"resources":[102],"directly,":[103],"submit":[105],"structured":[106],"intent":[107],"declarations,":[108],"which":[110],"system":[112],"synthesizes":[113],"least-privilege":[115],"environment":[116],"with":[117,146],"mandatory":[118],"mediation,":[119],"auditing,":[120],"information-flow":[122],"constraints.":[123],"At":[124],"implementation":[126],"level,":[127],"introduce":[129],"four-layer":[131],"--":[133,144],"Ghost":[134],"Kernel,":[135],"Logic":[136],"Shutter,":[137],"Agent":[138],"Capsule,":[139],"Semantic":[141],"Boundary":[142],"Gateway":[143],"together":[145],"Intent":[148],"ABI,":[149],"Manifest-Only":[150],"Runtime,":[151],"Weaver-based":[152],"capability":[153],"generation,":[154],"admission":[157],"model":[158],"AgenticOS-native":[160],"Skills.":[161]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-06-24T00:00:00"}
