Hi — sharing empirical research that directly supports the motivation for this framework.
The gap your draft addresses quantified:
Our paper "[title]" (arXiv:2605.18414, May 2026) benchmarks prompt-based access control in MCP-based agentic deployments across adversarial scenarios. Key finding: prompt-based access control fails in 48.5–68.5% of adversarial test cases, meaning agents invoke unauthorized tools despite explicit restrictions in their system prompt.
This directly quantifies the risk described in your Section 1 problem statement — that implementations "develop solutions in isolation" without proper identity and authorization infrastructure. The failure rate is the empirical baseline for what the status quo looks like without a framework like AIMS.
Specific relevance:
- Your Authorization layer (Section X, OAuth 2.0 delegation) addresses exactly the enforcement gap we measured
- Our findings support the urgency of moving beyond prompt-based policy to cryptographic authorization
- The 48.5–68.5% failure range could serve as a concrete benchmark for evaluating whether implementations conforming to this framework reduce unauthorized tool invocation
Happy to share the full paper or specific benchmark methodology if useful for the references section or security considerations.
— Rohith Uppala | arXiv: https://arxiv.org/abs/2605.18414
Hi — sharing empirical research that directly supports the motivation for this framework.
The gap your draft addresses quantified:
Our paper "[title]" (arXiv:2605.18414, May 2026) benchmarks prompt-based access control in MCP-based agentic deployments across adversarial scenarios. Key finding: prompt-based access control fails in 48.5–68.5% of adversarial test cases, meaning agents invoke unauthorized tools despite explicit restrictions in their system prompt.
This directly quantifies the risk described in your Section 1 problem statement — that implementations "develop solutions in isolation" without proper identity and authorization infrastructure. The failure rate is the empirical baseline for what the status quo looks like without a framework like AIMS.
Specific relevance:
Happy to share the full paper or specific benchmark methodology if useful for the references section or security considerations.
— Rohith Uppala | arXiv: https://arxiv.org/abs/2605.18414