arXiv 2606.12320 (socialScore 0.95): a five-plane reference architecture for runtime governance of production AI agents — identity, execution isolation, observability, policy enforcement, audit.
Prompt injection is the wrong threat model. Runtime governance is what's missing.
Enterprise security was built to govern data boundaries: the protected surface was data at rest and in transit, and the controls -- access control, data-loss prevention, perimeter inspection -- governed crossings of that boundary. Production AI agents dissolve this assumption. An agent reads context
