This work addresses the vulnerability of AI agents to malicious inputs or internal errors, which can lead to unauthorized actions and hallucination-induced errors that compromise system security. To mitigate these risks, the paper proposes AgentGuardian, a context-aware adaptive access control framework that monitors agent execution traces to learn legitimate behavioral and input patterns. By integrating real-time input context with control-flow dependencies across multi-step tool invocations, AgentGuardian dynamically constrains agent operations. This approach uniquely combines control-flow analysis with behavioral modeling to effectively defend against agent misuse. Experimental evaluation on two real-world AI agent applications demonstrates that AgentGuardian efficiently detects malicious or misleading inputs, significantly reducing orchestration errors caused by hallucinations while preserving normal functionality.

Artificial intelligence (AI) agents are increasingly used in a variety of domains to automate tasks, interact with users, and make decisions based on data inputs. Ensuring that AI agents perform only authorized actions and handle inputs appropriately is essential for maintaining system integrity and preventing misuse. In this study, we introduce the AgentGuardian, a novel security framework that governs and protects AI agent operations by enforcing context-aware access-control policies. During a controlled staging phase, the framework monitors execution traces to learn legitimate agent behaviors and input patterns. From this phase, it derives adaptive policies that regulate tool calls made by the agent, guided by both real-time input context and the control flow dependencies of multi-step agent actions. Evaluation across two real-world AI agent applications demonstrates that AgentGuardian effectively detects malicious or misleading inputs while preserving normal agent functionality. Moreover, its control-flow-based governance mechanism mitigates hallucination-driven errors and other orchestration-level malfunctions.