{"slug": "the-clock-said-valid-the-world-said-otherwise-claim-24-update-self-correcting", "title": "The Clock Said Valid. The World Said Otherwise. *CLAIM-24 update — Self-Correcting Systems series", "summary": "A developer working on the CLAIM-24 self-correcting systems project has demonstrated a critical failure mode in AI agent authorization: a timestamp-only gate allowed an agent to send data to a partner whose access had been revoked, because the system checked the clock rather than the current state of the permission source. The team built a re-derivation gate that checks the source at execution time, which correctly caught the stale grant in all seven test scenarios using a mock adapter. The project is now seeking an external memory store with a provenance boundary the agent cannot write to, in order to validate the claim in a real-world environment.", "body_md": "At 10am, an agent gets authorization to send data to a partner.\n\nThe grant expires at noon. Plenty of time.\n\nAt 11am, that partner loses access. Role revoked, scope changed, authorization gone.\n\nAt 11:30, the agent tries to send. It checks the clock. Grant still valid. It proceeds.\n\nNothing caught it.\n\nNot because the system failed. Because the system was only checking the clock — and the clock had no idea the world had changed underneath it.\n\nThat is the gap CLAIM-24 is testing.\n\nWe do not have external claim evidence yet. We want to be clear about that upfront.\n\nWhat we have is a harness with seven locked scenarios, a confirmed baseline failure, and a validated code path. What we do not have is an external source — a real memory store, policy registry, or permission layer that the agent did not author — to run the full claim against.\n\nThat matters because running a gate against data you wrote yourself is just self-description with extra steps.\n\nSo this article is not a result. It is an honest status report and an open call.\n\nWe built two gates and ran them against the same seven scenarios.\n\n**The timestamp-only gate** — the baseline — checks the clock and nothing else. On scenario 3, the divergence cell, the grant was still within its time-to-live. Conditions had changed. The gate returned `ALLOW`\n\n.\n\nThat is the failure mode. A grant that was valid when issued, no longer valid in practice, allowed through because nothing checked the source.\n\n**The re-derivation gate** checks the current state of the source at execution time. Here is what it sees on the same scenario:\n\n```\n// What the grant recorded at issue time\n{ \"role\": \"dev-reader\", \"scope_ceiling\": \"read:credentials:dev\" }\n\n// What the source returns at execution time\n{ \"role\": \"restricted\", \"scope_ceiling\": \"read:logs:dev\" }\n\n// Gate result: REFUSED_STALE\n```\n\nThe grant's clock still had time remaining. The source said the role had changed.\n\nWe ran this against a mock adapter — a simulation we built ourselves to validate the code path. Result: 7/7. Every scenario returned the right answer.\n\nBut a mock we authored is not external pressure. It tells us the code works. It does not tell us the claim holds in the real world.\n\nWe need one thing: a memory store with a provenance boundary the agent cannot write to.\n\nA policy database. A role registry. A configuration layer. Anything where the agent reads from a source it did not author.\n\nIf you have that, the harness is ready. The only custom piece is a SourceAdapter pointing at your source:\n\n```\ngit clone https://github.com/keniel13-ui/ai-memory-judgment-demo\ncd ai-memory-judgment-demo/claim_24\n# implement SourceAdapter for your external source\npython3 evaluator.py rederivation\n```\n\nThe seven scenarios and expected results are in `scenarios.json`\n\n. The only addition is a `SourceAdapter`\n\npointing at your source.\n\nWe are targeting a first external run by end of June 2026.\n\nRun scenario 3 on your system and tell us what you get.\n\nIf scenario 3 returns `ALLOW`\n\n, the re-derivation gate failed on the cell it was built to catch. We publish that.\n\nIf it returns `REFUSED_STALE`\n\n— the claim gets stronger.\n\nEither answer moves the research forward. Neither answer gets buried.\n\nThe honest thing about building in public is that the gaps are visible. This is one of ours. We know where we are. We know what we still need.\n\nIf you have a memory store with a provenance boundary, we want to hear from you.\n\n| Status | What it means |\n|---|---|\n| Baseline confirmed | Timestamp gate returns ALLOW on the divergence cell |\n| Code path validated | Re-derivation gate catches it on mock adapter |\n| Claim evidence | Pending — needs external source |\n| Falsification condition | Scenario 3 returns ALLOW on real external source = architecture failed |\n\n*Full claim ledger: https://github.com/keniel13-ui/ai-memory-judgment-demo/blob/main/CLAIM_LEDGER.md*\n\n*Previous: CLAIM-23 (tool-call grant gate, 7/7, 0 false-certainty). CLAIM-15B (BM25 outperformed governance scorer on held-out packet — we published that as the lead finding).*", "url": "https://wpnews.pro/news/the-clock-said-valid-the-world-said-otherwise-claim-24-update-self-correcting", "canonical_source": "https://dev.to/zep1997/-the-clock-said-valid-the-world-said-otherwise-claim-24-update-self-correcting-systems-3m2p", "published_at": "2026-06-05 05:05:32+00:00", "updated_at": "2026-06-05 05:41:16.126243+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "ai-research", "ai-policy", "artificial-intelligence"], "entities": ["CLAIM-24"], "alternates": {"html": "https://wpnews.pro/news/the-clock-said-valid-the-world-said-otherwise-claim-24-update-self-correcting", "markdown": "https://wpnews.pro/news/the-clock-said-valid-the-world-said-otherwise-claim-24-update-self-correcting.md", "text": "https://wpnews.pro/news/the-clock-said-valid-the-world-said-otherwise-claim-24-update-self-correcting.txt", "jsonld": "https://wpnews.pro/news/the-clock-said-valid-the-world-said-otherwise-claim-24-update-self-correcting.jsonld"}}