Semantic Quorum Assurance cuts unsafe AI approvals from 18.5% to 0.3%
Researchers Jun He and Deying Yu introduce Semantic Quorum Assurance (SQA), a control-plane primitive that routes LLM agent proposals through a diverse panel of sandboxed validator agents to block operationally unsafe cloud mutations that classical consensus protocols miss.
Score breakdown
SQA demonstrates that collective, diversity-enforced validator quorums can reduce unsafe LLM agent approvals in cloud infrastructure from 18.5% to 0.3%, addressing a safety gap that classical consensus protocols leave entirely unhandled.
- 01SQA is a control-plane primitive for governing non-deterministic LLM agents in autonomous cloud operations.
- 02Target threats include syntactically valid but operationally unsafe mutations: IAM policy changes, firewall security group openings, and data exports.
- 03Proposals are encoded as declarative execution contracts bound to cryptographic evidence chains.
Jun He and Deying Yu identify a semantic reliability gap in autonomous cloud operations: LLM agents can generate production mutations — such as modifying IAM policies, opening firewall security groups, or executing data exports — that are syntactically valid and statically authorized yet operationally unsafe. Classical distributed consensus protocols handle deterministic state replication but offer no mechanism for evaluating the safety of proposed intent, leaving this class of risk unaddressed.
To close this gap, the authors introduce Semantic Quorum Assurance (SQA), a control-plane primitive for governing non-deterministic agentic infrastructure.
To close this gap, the authors introduce Semantic Quorum Assurance (SQA), a control-plane primitive for governing non-deterministic agentic infrastructure. SQA encodes proposals as declarative execution contracts bound to cryptographic evidence chains and routes them to a diverse panel of read-only, sandboxed validator agents. Judgments are aggregated under a risk-adaptive quorum predicate that enforces model and archetype diversity, adjusts weights based on calibrated assurance scores, and respects archetype-specific vetoes. Only proposals that clear this quorum are admitted through a sovereign execution gate. The authors also formalize a correlated cognitive failure model for non-deterministic validators and instantiate SQA in a cloud-native control plane.
Evaluated on 500 infrastructure-inspired mutation scenarios — with safety results reported on held-out safe/unsafe trials excluding ambiguous scenarios — SQA reduced unsafe approval rates from 18.5% under single-agent validation to 0.3%, while adding a median validation latency of 1.45–4.12 seconds across the studied risk buckets.
Key facts
- 01SQA is a control-plane primitive for governing non-deterministic LLM agents in autonomous cloud operations.
- 02Target threats include syntactically valid but operationally unsafe mutations: IAM policy changes, firewall security group openings, and data exports.
- 03Proposals are encoded as declarative execution contracts bound to cryptographic evidence chains.
- 04A diverse panel of read-only, sandboxed validator agents evaluates each proposal.
- 05A risk-adaptive quorum predicate enforces model and archetype diversity, calibrated assurance score weighting, and archetype-specific vetoes.
- 06On 500 infrastructure-inspired mutation scenarios, SQA reduced unsafe approvals from 18.5% (single-agent) to 0.3%.
- 07Median validation latency added by SQA is 1.45–4.12 seconds across studied risk buckets.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 9, 2026 · 17:05 UTC. How this works →