Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents

arXiv:2604.11839v1 Announce Type: cross Abstract: Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x overprovision ratio that we call the capability overprovisioning problem. Existing defenses, including the NemoClaw container sandbox and the Cisco DefenseCla