Session Risk Memory (SRM): Temporal Authorization for Deterministic Pre-Execution Safety Gates

Computer Science > Artificial Intelligence [Submitted on 22 Mar 2026] Session Risk Memory (SRM): Temporal Authorization for Deterministic Pre-Execution Safety Gates Florin Adrian Chitan Deterministic pre-execution safety gates evaluate whether individual agent actions are compatible with their assigned roles. While effective at per-action authorization, these systems are structurally blind to distributed attacks that decompose harmful intent across multiple individually-compliant steps. This paper introduces Session Risk Memory (SRM), a lightweight deterministic module that extends stateless execution gates with trajectory-level authorization. SRM maintains a compact semantic centroid representing the evolving behavioral profile of an agent session and accumulates a risk signal through exponential moving average over baseline-subtracted gate outputs. It operates on the same semantic vector representation as the underlying gate, requiring no additional model components, training, or probabilistic inference. We evaluate SRM on a multi-turn benchmark of 80 sessions containing slow-burn exfiltration, gradual privilege escalation, and compliance drift scenarios. Results show that ILION+SRM achieves F1 = 1.0000 with 0% false positive rate, compared to stateless ILION at F1 = 0.9756 with 5% FPR, while maintaining 100% detection rate for both systems. Critically, SRM eliminates all false positives with a per-turn overhead under 250 microseconds. The framework introduces a conceptual distinction between spatial authorization consistency (evaluated per action) and temporal authorization consistency (evaluated over trajectory), providing a principled basis for session-level safety in agentic systems. Comments: 12 pages, 3 figures. Companion paper to arXiv:2603.13247. Benchmark dataset and artifacts available on Zenodo: https://doi.org/10.5281/zenodo.15410944 Subjects: Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR) ACM classes: I.2.11; D.4.6; K.6.5 Cite as: arXiv:2603.22350 [cs.AI]   (or arXiv:2603.22350v1 [cs.AI] for this version)   https://doi.org/10.48550/arXiv.2603.22350 Focus to learn more Submission history From: Florin-Adrian Chitan [view email] [v1] Sun, 22 Mar 2026 08:30:28 UTC (548 KB) Access Paper: view license Current browse context: cs.AI < prev   |   next > new | recent | 2026-03 Change to browse by: cs cs.CR References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)