Just part of a framework I’ve been making. Constraints are anything effecting probability. Previous requirements for an LLM to even conceptualize Scope integrity properly include being able to read output as the result of variables that adjust the probability of token selection.
Scope integrity is an emerging agent-security target, defined as preserving the authorized constraint field despite various input pressures.…
5. Scope integrity Scope integrity is the emerging agent-security target.
Working definition: Scope integrity is the preservation of the authorized constraint field under external, retrieved, adversarial, salient, or contaminated input pressure.
Shorter definition: Scope integrity is constraint seniority preservation.
Scope integrity is broader than prompt-injection resistance. Prompt injection is one case where untrusted content attempts to become governing constraint. Scope integrity also covers non-malicious but salient distractions, over-verification, metadata pressure, state spoofing, tool affordance drift, and future-context contamination.
Adjacent existing concepts include least privilege, access-control scope, tool-call validation, prompt-injection mitigation, data/instruction separation, procedural integrity, and capability scoping. Agent CGT's distinct contribution is behavioral scope: the agent must not let external input redefine what the task is, why a step is necessary, which tools are permitted, what counts as success, what state is true, or what output is required.
Existing work often protects capability scope. Agent CGT protects behavioral scope by governing which input pressures may become action-shaping constraints.