---- Tue, 29 Oct 2024 18:51:57 -0700 Cindy Mason wrote ---

Thank you Vandana for bringing up this important perspective and
suggestion!!

I've just been hammering out an architecture that encapsulates security functionality in customizable personal software agents...

IMHO, We already need a layer for agents. It could be part of the application services layer, or even application layer. But agents need to be registered and accountable. Perhaps even licensed?
These agents can interface between you and your internal systems (which may also have an agent) and between you and external systems/agents.
It is identified on the net similar to a software identification registration system.

In chapter 14 of Designing Artificial Compassion Technology, I suggest that each user have a customizable software agent that interfaces between them and the net, as well as apps, forms, etc. I created an architecture that is a spin off of the one used for interfacing between classified and unclassified documents at LLNL, although they do not use the idea of a software agent. (my background is in software agents, so it readily comes to mind)  

The agent's job is to be a guard rail for you, and relates to security and data privacy, as well as interacting with other agents, and can filter text, mail, search results, media and so on for emotional and mental factors, and preferences

I haven't worked out all the details, but each agent is part of an ecosystem, it could register with DOI, or an ODI, https://www.atera.com/glossary/object-identifier-oid/ and so on.

If it seems too risky to latch on to "agents" then just software guardrails might do. The concept applies to individuals, groups, institutions, etc.

Admittedly, this will create a silo, but we almost have that now, but without any real care about or protection for individual users.