cd /news/ai-safety/actplane-programmable-os-level-polic… · home topics ai-safety article
[ARTICLE · art-41114] src=arxiv.org ↗ pub= topic=ai-safety verified=true sentiment=· neutral

ActPlane: Programmable OS-Level Policy Enforcement for Agent Harnesses

Researchers introduced ActPlane, a programmable OS-level policy enforcement engine for AI agent harnesses that enforces safety and effectiveness policies in the OS kernel using eBPF. ActPlane improves policy compliance on indirect execution paths with 1.9%-8.4% overhead, addressing the semantic gap between natural language policy intent and concrete system actions.

read2 min views1 publishedJun 26, 2026
ActPlane: Programmable OS-Level Policy Enforcement for Agent Harnesses
Image: source
[Submitted on 23 Jun 2026]


[View PDF](/pdf/2606.25189)

[HTML (experimental)](https://arxiv.org/html/2606.25189v1)

Abstract:AI agents increasingly run in production through harnesses, the software around the LLM, including an engine that enforces safety and effectiveness policies, e.g., 'run tests before committing.' Enforcing these policies requires bridging a semantic gap: policy intent is expressed in underspecified natural language, while enforcement must act on concrete system actions, e.g., which test to run. Many policies also define event ordering or data flow actions. Yet existing approaches fall short. Tool-call guardrails miss system actions that bypass the tool layer, while OS sandboxes control resource access instead of actions, returning opaque errors that confuse the agent. Our key insight is that policy context lives within the agent closest to the task, while enforcement must happen at the OS to cover all execution paths. We introduce ActPlane, a policy engine that lets agents declare policies and enforces them in the OS kernel with semantic feedback and isolation. ActPlane uses a simple information-flow control (IFC) DSL to support cross-event policies. We implement ActPlane with eBPF and evaluate it on policies from the empirical study, coding-task benchmarks, and safety benchmarks. ActPlane improves policy compliance, including on indirect execution paths that tool-call interception cannot observe, with 1.9%-8.4% overhead. ActPlane is at[this https URL]

References & Citations

...

Bibliographic Explorer

(What is the Explorer?) Connected Papers

(What is Connected Papers?) Litmaps

(What is Litmaps?) scite Smart Citations

(What are Smart Citations?)# Code, Data and Media Associated with this Article alphaXiv

(What is alphaXiv?) CatalyzeX Code Finder for Papers

(What is CatalyzeX?) DagsHub

(What is DagsHub?) Gotit.pub

(What is GotitPub?) Hugging Face

(What is Huggingface?) ScienceCast

(What is ScienceCast?)# Demos Influence Flower

(What are Influence Flowers?) CORE Recommender

(What is CORE?)# arXivLabs: experimental projects with community collaborators arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.

source & further reading
arxiv.org — original article
── more in #ai-safety 4 stories · sorted by recency
── more on @actplane 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/actplane-programmabl…] indexed:0 read:2min 2026-06-26 ·