← Back to stories Two engineers working on a robotics project, showcasing teamwork and innovation.
Photo by Mikhail Nilov on Pexels
ArXiv 2026-03-17

ILION: pre-execution safety gates proposed to stop harmful agentic AI before it acts

What the paper proposes

Researchers have posted a new preprint on arXiv (arXiv:2603.13247) proposing "ILION", a framework of deterministic pre-execution safety gates for agentic AI systems. The paper argues that content-safety tools designed to screen text are no longer enough when AI systems can perform real-world actions — filesystem operations, API calls, database writes, or financial transactions. Instead of evaluating only linguistic output, ILION aims to inspect and validate planned actions before they are executed, enforcing explicit safety properties in a deterministic, auditable way.

Why this matters

Agentic AIs — systems that can plan and carry out sequences of actions autonomously — are spreading from research labs into products and tooling. That raises a new class of risks: accidental data breaches, automated fraud, or instruments of influence that bypass human review. Current moderation and safety infrastructures focus on classifying language for harmful content; they do not directly constrain side effects in the real world. The ILION paper therefore frames a practical question: how do you stop an agent from doing harm before it takes an action? The authors present pre-execution gating as a potential technical layer to sit between planning and effect, making intent and action verifiable.

Wider context and policy implications

This is not only a technical issue. Regulators in the US, EU and elsewhere are increasingly focused on liability, auditability and export controls for powerful AI systems. It has been reported that policymakers are debating whether new rules should require verifiable safety controls for systems that can act autonomously. Deterministic gates — if they work as described — could feed into compliance regimes, audit trails, and platform governance, but they also raise questions about who sets safety rules and how adversaries could try to evade them.

Next steps

ILION is a research proposal on a preprint server, not a deployed standard. The next steps will be empirical: benchmarks, red-team evaluations, integration with runtime sandboxes, and industry uptake. Will platforms and enterprises adopt deterministic pre-execution checks, or will adversaries find workarounds? The paper opens the debate; now the field needs tests, standards and a runway for responsible deployment.

AIResearch
View original source →