Technical Notes for Today's meeting of the Publice Agent Protocol CG from Paola Di Maio on 2026-03-11 (public-agentprotocol@w3.org from March 2026)

From: Paola Di Maio <paola.dimaio@gmail.com>
Date: Wed, 11 Mar 2026 16:11:10 +0800
To: Gaowei Chang <chgaowei@gmail.com>, W3C AIKR CG <public-aikr@w3.org>, Andrei Ciortea <andrei.ciortea@inria.fr>, public-webagents <public-webagents@w3.org>, group-webai-chairs <group-webai-chairs@w3.org>
Cc: public-agentprotocol <public-agentprotocol@w3.org>
Message-ID: <CAMXe=SrFM9aD6ZSLLvf30n1OWgXhLiMsYmVy78p+7hbC7ZRyVw@mail.gmail.com>

Greetings Gaowei,  cc AI KR CG and Public Agent protocol CG and everyone

*Apologies for cross posting*

I recently  joined several W3C agent related CGs, to contribute the AI KR
perspective
In particular  taxonomies, Ontic Categories in support of coherence and
safety (as discussed in the W3C ai KR cg mailing list)

I am also hoping to enrice AI KR with the work from other CGs

The AI KR CG over 100 participants, mostly quiet
I take the opportunity to greet and welcome new participants who joined
recently
(will reach out in separate emails to bring you in the loop)
https://www.w3.org/groups/cg/aikr/


The Public Agents CG has over 200 members,
 https://www.w3.org/community/agentprotocol/
and a CG meeting today 11 March,  I regret I cannot participate
Topics for today's agenda are OpenClaw, very interesting and current

Together the W3C AI Agents communities are a powerhouse and can make a
difference

The document linked here
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit?usp=sharing&ouid=100993141196967133475&rtpof=true&sd=true>
intends to  contribute to today's agenda with the following TOC
(please request edit access to make edits and improve the draft)

Safe and Ethical Open-Source Agent Architectures:

Safeguards Against Mob Behavior, Harassment, and Emergent Harm in
Autonomous Agent Systems


1. Motivation -- The Emergent Mob Problem 2
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

2. Taxonomy of Harmful Agent Behaviors 3
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3. A Three-Layer Safety Architecture 4
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

Layer 1 -- In-Agent Behavioral Governors 4
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

1.1  Rate and reach governors 4
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

1.2  Provenance checks before amplification 4
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

1.3  Prompt injection resistance 4
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

1.4  Identity and disclosure 4
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

1.5  Owner notification and override 4
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

Layer 2 -- Browser and Gateway-Level Circuit Breakers 5
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

2.1  Aggregate rate limiting at gateway 5
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

2.2  Target clustering detection 5
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

2.3  Browser-layer AI disclosure 5
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

2.4  Egress filtering for sensitive content categories 5
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

2.5  Inter-gateway communication logging 5
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

Layer 3 -- Ecosystem Self-Monitoring and Self-Correction 5
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3.1  Behavioral telemetry (privacy-preserving) 6
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3.2  Distributed reputation for skill registry 6
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3.3  Incident response protocol 6
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3.4  Self-correction mechanisms 6
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3.5  Solid Protocol as Accountability Substrate 6
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3.6  Behavioral Immutability: The Self-Modifying Agent Problem 7
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3.6.1  Proposed immutability constraints 7
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

3.6.2  Open research question 8
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

4. Open Questions for Community Discussion 8
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

5. Relationship to Existing Standards Work 8
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>

6. How to Contribute
<https://docs.google.com/document/d/17icQdqpjuE4AwpPOS6ynVGoKSRHmxkoA/edit#heading=>




Please consider discussing the issues as relevant AND improve the draft

Wishing everyone a productive meeting and looking forward to discussions

Best regards


Paola Di Maio,
Chair, W3C AI KR CG

Received on Wednesday, 11 March 2026 08:11:51 UTC