Time

Agenda Item

Lead

Notes

5 mins

• Welcome & antitrust notice

• Introduction of new members

• Agenda review

• Recording with transcription is now automatic

Chairs

• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws.

• ToIP Policy: Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.

• ToIP AIMWG IPR Policy: see WG wiki

10 mins

• Introduction of new members

• Any general announcements news, that could be of interest to the TF

• To review of action items that are not in the agenda below

All

• Any new members to introduce

• Quick follow up of open action items

  • One action item below

• Events of interests

  • Virtual symposium, Nov 19-20 - Trust Over IP Virtual Symposium

  • LFDT Maintainer Days - Jan 26-27, Brooklyn, NY Maintainer Days

  • LFDT Member Summit Jersey City - Jan 28-29. Member Summit 2025/26

  • LFDT Seattle meetup (zoom): “Empowering AI Agent Protocols with TSP and First Person Credentials”

    • @Wenjing Chu and @Drummond Reed will jointly present to LFDT/hyperledger community

    • Empowering AI Agent protocols with TSP and First Person Credentials, Mon, Nov 10, 2025, 8:00 AM | Meetup

    • Monday, Nov 10th

• Any other news to share

30 mins

Beyond data management:

• observable behavior management

• goals management

All

• This continues the topic @Wenjing Chu brought to the WG’s attention to broad the scope of our work from protecting strictly “data” to also restricting behavior and other aspects of somewhat autonomous agents

• Last week’s notes:

  • PyTorch conference + Open Agent Summit

    • @Wenjing Chu attended in SF. RL is being researched for the next stage of LLM which has different “governance” approaches, from data management to behavior management, goals management

    • @Nicky Hickman ethical trust framework: roles and processes, ethical decision making framework/mechanism that support the principles. Reference this roles/process definition model: Parties, Actors and Actions | eSSIF-Lab and see if we could improve upon. Or inspiration here: A New Approach to Teaching Ethical Decision Making to Accounting Students - The CPA Journal

    • @Wenjing Chu introduced the difference between observable behavior of an LLM vs. internal processing structure of LLM. The latter is much more difficult to observe or govern than the tokens in and out or chain of thoughts outputs.

• Let’s continue this line of discussion …

  • Understanding the problems

    • @Wenjing Chu summarized last week’s discussion

    • @Neil Thomson specific to the services/role - what info not to disclosed at all per context. no caching. micro-sharing. in this case, we are advancing a better “best practice”, collaboratively. it’s also a good way to minimize exposure/risk for the service providers.

    • Moving as much personal info as possible to the endpoint/customer. including derivatives e.g. models.

    • @Wenjing Chu pointed out that the SP can still build a detailed model about a customer without strict PII

    • @Nicky Hickman : scope: constrains, consents, relationship management - managing outcome requires metrics. (a) goals, (b) behavior (c) outcome/impact.

    • @Wenjing Chu “relationship management” does require retaining information that may not be strictly limited to today’s goals but for potential tomorrow’s goals… for a “long term” relationships.

    • @Jim St.Clair policy control - but wenjing and others pointed out policy complexity and execution/enforcement difficulty. Nicky pointed out policy coherence research. AI to help. LSDTs: LLM-Augmented Semantic Digital Twins for Adaptive Knowledge-Intensive Infrastructure Planning

    • beyond AI assisted policy - maybe risk management.

    • This is a good example of “AI for trust” in our WG’s mission. @Nicky Hickman

    • @Drummond Reed pointed out “guardian agents” related work/startups. – Andor.

    • @Neil Thomson a “middle man” to neutral management.

  • Planning future work

  • etc.

15 mins

Atlas and other browser based Agents, such as the Atlas Agentic mode.

@Wenjing Chu

If time allows

Understanding the “browser based” agents and their security and privacy vulnerabilities

“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT - LayerX

• if the local execution is no longer safe, then all agent behavior is suspect.

• @Steven Milstein will user notice? @Wenjing Chu yes/maybe, but autonomous agents can do a lot of damage bc it’s autonomous for quite a while before the user notices.

0 mins

Action Items

All

1. List action items to follow up

   1. AIMWG in Google Drive is still under Tech Stack WFG - needed to elevate AIM to WG level

      1. There seems to be problems at the moment - so wait until it settles.