Deny-by-Default

Deny-by-default is a security architecture in which all actions are blocked unless an explicit policy rule grants permission, ensuring that no operation proceeds without prior authorization.

In Detail

Deny-by-default inverts the assumption that most systems make. In an allow-by-default system, everything is permitted unless a rule specifically prohibits it. The administrator must anticipate every dangerous action and write a rule to block it. Any action the administrator fails to foresee is allowed.

Deny-by-default reverses this. Nothing is permitted unless the administrator has written a rule that explicitly allows it. The administrator defines the set of safe actions, and everything outside that set is automatically blocked. The burden shifts from "imagine every possible threat" to "define what is known to be safe."

This distinction has significant consequences:

• Allow-by-default is permissive. It favors functionality over security. New and unforeseen action types are automatically allowed.
• Deny-by-default is restrictive. It favors security over convenience. New and unforeseen action types are automatically blocked.

Deny-by-default is the standard security posture in firewalls, operating system permissions, and access control lists. Its application to AI agent security follows the same logic: the attack surface of an autonomous system is too large to enumerate every threat, so the safe approach is to enumerate only what is permitted.

Examples

• A firewall configured with deny-by-default blocks all inbound traffic. The administrator then adds rules to allow traffic on ports 80 and 443. Any traffic on other ports is automatically dropped without needing an explicit block rule.

• An AI agent operating under deny-by-default attempts a file_write to /etc/passwd. No policy rule permits writes to system files. The action is denied without needing a specific rule for /etc/passwd — the absence of permission is sufficient.

• Under allow-by-default, an AI agent discovers it can execute curl to exfiltrate data to an external server. Because no rule explicitly blocks this, the action succeeds. Under deny-by-default, the same action fails because no rule permits outbound network requests to that domain.

• A developer adds a new action type, database_query, to an agent framework. Under deny-by-default, the new action type is automatically blocked until a policy rule is created. Under allow-by-default, the new action type is immediately available without any security review.

Related Concepts

• Action-Level Gating — The mechanism through which deny-by-default is enforced at each individual action.
• Policy Engine — The component that evaluates actions against the set of explicit permissions.
• First-Match-Wins — The evaluation strategy that determines which rule applies to an action.
• Simulation Mode — A mode for testing deny-by-default policies without blocking legitimate actions.
• Zero-Dependency Security — A complementary principle that reduces the trust surface of the security layer itself.

In SafeClaw

SafeClaw, by Authensor, implements deny-by-default as its foundational architecture. When SafeClaw is active, an AI agent cannot perform any action — file read, file write, shell execution, or network request — unless a policy rule explicitly permits it.

This means that configuring SafeClaw is an allowlisting process. Administrators define rules that describe the actions their agents are permitted to take, and all other actions are denied. There is no need to anticipate every dangerous command or risky file path; only the known-safe operations require rules.

SafeClaw's policy evaluation uses a first-match-wins model against an ordered rule set. If no rule matches an action, the default verdict is deny. This ensures that policy gaps result in blocked actions rather than unauthorized operations.

The deny-by-default posture is particularly important for SafeClaw's target environment: autonomous AI agents powered by Claude, OpenAI, or LangChain. These agents can generate arbitrary action sequences, and a single uncontrolled action can have irreversible consequences. SafeClaw's architecture ensures that agent autonomy operates within explicitly defined boundaries.

SafeClaw is 100% open source (MIT license), runs locally with sub-millisecond policy evaluation, and can be installed with npx @authensor/safeclaw. The free tier includes 7-day renewable keys with no credit card required.