{"slug": "unexpressible-not-filtered-a-structural-approach-to-ai-agent-safety", "title": "Unexpressible, Not Filtered — a structural approach to AI-agent safety", "summary": "The Network Intent Layer (NIL) prevents prompt injection in AI agents by making undeclared actions structurally unexpressible, rather than relying on probabilistic filters. In tests against 4,216 injection cases, NIL achieved 0% unauthorized writes and 100% benign task success, with guarantees that hold across model changes. The open standard and reference implementation are available on GitHub and Zenodo.", "body_md": "Most defenses against prompt injection are probabilistic: a filter tries to catch the bad action after the agent authors it. A probabilistic check over a probabilistic policy always leaks.\n\nThe Network Intent Layer (NIL) takes a structural route instead: the agent never issues an action — it can only *propose* intent against operations a backend has explicitly declared. An undeclared action isn’t blocked; it’s *unexpressible*. The security perimeter collapses from every reasoning step O(n) to one intent-to-effect boundary O(1), independent of the model.\n\nOn InjecAgent (4,216 indirect prompt-injection cases, two models): unauthorized writes through NIL = **0.00%**, benign task-success **100%** — and because the guarantee is architectural, the number doesn’t move when the model changes.\n\nOpen standard + reference implementation, with a formal soundness model and honest limitations in the paper.\n\nPaper (DOI): [Unexpressible, Not Filtered: A Structural Framework for Governing AI-Agent Actions — the Network Intent Layer | Zenodo](https://doi.org/10.5281/zenodo.20774131)\n\nCode: [GitHub - nilscript-org/NILScript: The neutral standard for connecting systems to agents — Network Intent Layer (NIL) + the nilscript DSL. USB for software. · GitHub](https://github.com/nilscript-org/nilscript)", "url": "https://wpnews.pro/news/unexpressible-not-filtered-a-structural-approach-to-ai-agent-safety", "canonical_source": "https://discuss.huggingface.co/t/unexpressible-not-filtered-a-structural-approach-to-ai-agent-safety/177006#post_1", "published_at": "2026-06-20 14:03:51+00:00", "updated_at": "2026-06-20 14:13:28.260795+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "large-language-models", "ai-research"], "entities": ["Network Intent Layer", "NIL", "InjecAgent", "Zenodo", "GitHub", "NILScript"], "alternates": {"html": "https://wpnews.pro/news/unexpressible-not-filtered-a-structural-approach-to-ai-agent-safety", "markdown": "https://wpnews.pro/news/unexpressible-not-filtered-a-structural-approach-to-ai-agent-safety.md", "text": "https://wpnews.pro/news/unexpressible-not-filtered-a-structural-approach-to-ai-agent-safety.txt", "jsonld": "https://wpnews.pro/news/unexpressible-not-filtered-a-structural-approach-to-ai-agent-safety.jsonld"}}