Search papers, labs, and topics across Lattice.
This paper introduces a Semantic Gateway architecture governed by the Model Context Protocol (MCP) to address security vulnerabilities arising from the shift towards AI-native enterprise systems using LLMs as cognitive orchestrators. The gateway employs a three-layer Zero-Trust security model, including a Semantic Firewall, Tool-Level RBAC, and Cryptographic Human-in-the-Loop approval, to dynamically authorize and execute tools based on intent and policy. By adapting Enabledness-Preserving Abstractions (EPAs) and greybox semantic fuzzing, the authors demonstrate a 100% discovery rate of unauthorized state transitions in multi-turn fuzzing sequences, highlighting the necessity of dynamic formal verification for secure agentic deployment.
Securing AI-native enterprise systems demands a shift from traditional software validation to dynamic formal verification of stochastic agent behavior, as demonstrated by a Semantic Gateway that uncovers 100% of unauthorized state transitions.
Enterprise software engineering is shifting away from deterministic CRUD/REST architectures toward AI-native systems where large language models act as cognitive orchestrators. This transition introduces a critical security tension: probabilistic LLMs weaken classical mechanisms for validation, access control, and formal testing. This paper proposes the design, formal validation, and empirical evaluation of a Semantic Gateway governed by the Model Context Protocol (MCP). The gateway reframes the enterprise API as a semantic surface where tools are dynamically discovered, authorized, and executed based on intent and policy enforcement. The central contribution rests on a paradigm shift: autonomous agents must not be validated as traditional software nor as simple API consumers, but as stochastic state-transition systems whose behavior must be abstracted, fuzzed, and audited through enabled-tool graphs. The architecture introduces a three-layer Zero-Trust security model comprising a pre-inference Semantic Firewall, deterministic Tool-Level RBAC, and out-of-band Cryptographic Human-in-the-Loop approval. Enabledness-Preserving Abstractions (EPAs) and greybox semantic fuzzing--originally developed for blockchain smart contract verification--are adapted to audit agent behavior in enterprise environments. Results demonstrate an 84.2% reduction in incidental code. Across 500,000 multi-turn fuzzing sequences, the methodology achieved a 100% discovery rate of hidden unauthorized state transitions, proving that dynamic formal verification is strictly necessary for secure agentic deployment.
