State-Driven Access Control for Emergent Behavior in Agentic Systems

Agentic systems exhibit emergent behavior arising from interactions among multiple agents operating over shared and evolving state. While individual actions may be authorized according to policy, their composition—under non-deterministic execution, partial failures, and concurrency—can lead to unsafe or inconsistent system states. This paper introduces a state-driven access control model that treats system state as a first-class security object and enforces workflow integrity as a core security objective. The proposed model extends traditional authorization semantics to an outcome-complete form, requiring that all possible execution outcomes, including both successful and failure-induced transitions, satisfy validity, safety, and consistency constraints. We formalize safety and liveness properties and show that all reachable states remain invariant-preserving across both successful and failure-induced execution paths, even under concurrent interactions. By integrating transition validation, failure-aware recovery, and commit-time consistency into the authorization process, the model prevents policy-compliant actions from inducing emergent unsafe behavior. This establishes control of emergent behavior under non-deterministic execution as a fundamental requirement for access control in agentic systems.