Saved in:
Bibliographic Details
Main Authors: Li, Yang, Liu, Yule, He, Xinlei, Zhao, Youjian, Li, Qi, Xu, Ke
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2603.22869
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911564177604608
author Li, Yang
Liu, Yule
He, Xinlei
Zhao, Youjian
Li, Qi
Xu, Ke
author_facet Li, Yang
Liu, Yule
He, Xinlei
Zhao, Youjian
Li, Qi
Xu, Ke
contents Although Large Language Models (LLMs) have evolved from text generators into the cognitive core of modern AI systems, their inherent lack of authorization awareness exposes these systems to catastrophic risks, ranging from unintentional data leakage to unauthorized command execution. Existing defense mechanisms are fundamentally decoupled from internal reasoning, rendering them insufficient for the complex security demands of dynamic AI systems. Here, we propose the Chain-of-Authorization (CoA) framework, a paradigm that internalizes access control as a foundational cognitive capability. By systematically redesigning the input-output format and fine-tuning the model on synthesized data with complex permission topologies, CoA forces the model to generate a structured authorization trajectory as a causal prerequisite for any substantive response or action, thereby enabling LLMs to internalize access boundaries within dynamic reasoning environments. CoA maintains high utility in authorized scenarios while achieving high rejection rates of unauthorized prompts and robust defense against diverse adversarial attacks. By embedding authorization directly into the reasoning process, CoA provides a principled architectural blueprint for deploying secure LLMs as the cognitive cores of modern AI systems.
format Preprint
id arxiv_https___arxiv_org_abs_2603_22869
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Chain-of-Authorization: Embedding authorization into large language models
Li, Yang
Liu, Yule
He, Xinlei
Zhao, Youjian
Li, Qi
Xu, Ke
Artificial Intelligence
Although Large Language Models (LLMs) have evolved from text generators into the cognitive core of modern AI systems, their inherent lack of authorization awareness exposes these systems to catastrophic risks, ranging from unintentional data leakage to unauthorized command execution. Existing defense mechanisms are fundamentally decoupled from internal reasoning, rendering them insufficient for the complex security demands of dynamic AI systems. Here, we propose the Chain-of-Authorization (CoA) framework, a paradigm that internalizes access control as a foundational cognitive capability. By systematically redesigning the input-output format and fine-tuning the model on synthesized data with complex permission topologies, CoA forces the model to generate a structured authorization trajectory as a causal prerequisite for any substantive response or action, thereby enabling LLMs to internalize access boundaries within dynamic reasoning environments. CoA maintains high utility in authorized scenarios while achieving high rejection rates of unauthorized prompts and robust defense against diverse adversarial attacks. By embedding authorization directly into the reasoning process, CoA provides a principled architectural blueprint for deploying secure LLMs as the cognitive cores of modern AI systems.
title Chain-of-Authorization: Embedding authorization into large language models
topic Artificial Intelligence
url https://arxiv.org/abs/2603.22869