AI for Business

IronCurtain: A New Architecture to Keep AI Assistants in Check

The promise of AI agents that manage our digital lives has been tempered by a wave of chaos. These assistants, designed to handle tasks from sorting email to negotiating bills, have gained...

Share:

The promise of AI agents that manage our digital lives has been tempered by a wave of chaos. These assistants, designed to handle tasks from sorting email to negotiating bills, have gained popularity for their utility. But recent incidents—from mass deletions to unauthorized communications—have exposed a fundamental flaw: a lack of reliable control.

Security engineer Niels Provos believes there's a better way. Today, he is releasing IronCurtain, an open-source project that rethinks how AI agents interact with the world. Instead of granting an assistant direct access to accounts, IronCurtain runs it within an isolated virtual machine. Every action the agent attempts is filtered through a user-defined policy, a kind of constitution written in plain English.

"Services today are at peak hype, but this is probably not how we want to do it," Provos says. "We can develop something that gives high utility without going down destructive paths."

The system's core innovation is translating intuitive rules—like 'Never delete anything permanently' or 'Ask me before emailing new contacts'—into deterministic security policies. This is vital because the large language models (LLMs) powering agents are probabilistic; their outputs can vary, making traditional software guardrails unreliable. IronCurtain creates a stable layer of enforcement between the agent and the user's data.

Cybersecurity researcher Dino Dai Zovi, who has tested early versions, argues this approach is necessary for safe autonomy. "Many current systems put the burden on the user with endless permission prompts," he notes. "People eventually tune out or grant full access. With IronCurtain, certain capabilities, like deleting files, can be placed entirely outside the agent's reach."

Provos emphasizes IronCurtain is a research prototype, not a product. It is model-agnostic, maintains an audit log, and is designed to refine its policies over time with human feedback. The goal, he says, is to provide the supporting structure needed for AI agents to be both powerful and predictable—a rocket engine in a fuselage, not strapped to one's back.

Source: Wired

Ready to Modernize Your Business?

Get your AI automation roadmap in minutes, not months.

Analyze Your Workflows →
← Back to all articles