Two independent research papers published on arXiv in June 2026 challenge foundational assumptions of distributed computing, arguing that the rise of autonomous AI agents in cloud infrastructure, financial systems, and security operations demands entirely new architectural frameworks — both for coordination and for threat detection.
For decades, distributed systems have operated on a deceptively simple assumption: that every participant follows a fixed, deterministic set of rules. A new paper by Jun He and Deying Yu argues this assumption is no longer tenable in an era where AI agents, stochastic models, and autonomous decision-makers are being embedded into the same infrastructure that once ran purely on deterministic code.
The researchers introduce the concept of Post-Deterministic Distributed Systems (PDDS), a theoretical and engineering framework designed to coordinate environments where traditional software, probabilistic models, and autonomous agents coexist. Under classical distributed computing theory, correctness is verified by checking that participants follow a specified protocol precisely. But AI agents can reach the same valid outcome through entirely different reasoning paths — producing divergent internal traces while still being technically correct.
"Deterministic execution can no longer serve as the universal participant assumption for autonomous infrastructure," the authors write. Rather than displacing deterministic systems, the PDDS model treats them as a special, zero-ambiguity case within a broader participant-general framework.
The paper outlines five architectural pillars for post-deterministic infrastructure, including Verifiable Agentic Infrastructure, which would allow external parties to audit the outputs of AI agents even without access to their internal reasoning, and Epistemic State Replication, which extends traditional data consistency models to also encompass knowledge consistency — ensuring that AI participants share not just data, but coherent understanding of that data.
A separate paper by researcher Eric Liang addresses a related but distinct problem: how to detect security threats in the complex, asynchronous event streams that underpin modern cloud-native services, IoT networks, and security operations pipelines. Liang proposes SECUREVENT, a hybrid security monitoring architecture that combines conventional controls — encrypted transport, topic-level access authorisation, and signed events — with machine learning-based anomaly detection and graph-aware behavioural analysis.
The architecture incorporates federated learning, which allows security models to be trained across distributed nodes without centralising sensitive event data. A key argument in the paper is that static security rules are insufficient when event flows, identities, and timing relationships change dynamically — a scenario increasingly common in large-scale cloud deployments.
"The central claim is not that machine learning replaces cryptographic and access-control mechanisms," Liang notes, "but that model-based security monitoring is necessary when event flows are too dynamic for static controls alone."
Taken together, the two papers reflect a growing recognition in distributed systems research that the proliferation of AI agents in critical infrastructure — from cloud control planes to incident response systems — introduces failure modes and attack surfaces that existing theory was not designed to handle. Neither paper claims to offer a finished solution; both are positioned as research frameworks intended to stimulate further work in what remains an open and rapidly evolving area.
Analysis
Why This Matters
- As organisations deploy AI agents to autonomously manage cloud infrastructure, financial platforms, and security systems, the theoretical models underpinning those systems' safety and correctness have not kept pace — these papers represent early attempts to close that gap.
- A failure in a post-deterministic system — where an AI agent reaches a wrong conclusion through a plausible reasoning path — may be far harder to detect and diagnose than a traditional software bug, raising the stakes for critical infrastructure operators.
- The introduction of frameworks like Epistemic State Replication and Verifiable Agentic Infrastructure could shape how regulators and auditors approach accountability for AI-driven systems in finance, healthcare, and public services.
Background
Distributed systems theory matured largely in the 1970s through 1990s, producing foundational results such as the CAP theorem, Byzantine fault tolerance models, and the Paxos and Raft consensus protocols. These frameworks assumed participants were deterministic processes whose behaviour could be fully specified in advance. The arrival of machine learning models as operational components — rather than just analytical tools — began complicating this picture in the late 2010s and accelerated sharply in the early 2020s with the deployment of large language models and autonomous agents in production environments.
By the mid-2020s, major cloud providers had begun experimenting with AI-driven control planes that could automatically reroute traffic, scale resources, and respond to incidents without human intervention. Security operations centres similarly began adopting AI-assisted triage tools. These deployments exposed gaps in existing theory: how do you verify correctness when the agent's reasoning is probabilistic? How do you detect an attack when the system's normal behaviour is itself non-deterministic?
The two papers published in June 2026 are part of a broader wave of academic work attempting to formalise these questions, alongside related efforts in areas such as AI safety, formal verification of neural networks, and trustworthy machine learning.
Key Perspectives
Distributed systems researchers: He and Yu's PDDS framework is likely to be welcomed as a useful conceptualisation of a real problem, though the research community will scrutinise whether its five architectural pillars are sufficiently concrete to yield testable implementations or formal proofs.
Security practitioners: Liang's SECUREVENT proposal addresses a pain point that security operations teams already feel acutely — existing SIEM and monitoring tools struggle with the volume and dynamism of modern event streams. The federated learning component is particularly notable as it addresses data-sovereignty concerns that have hampered centralised security analytics.
Critics/Skeptics: Both papers are theoretical and preliminary; neither presents large-scale empirical validation. Critics may argue that introducing ML-based components into security monitoring creates new attack surfaces — adversarial inputs could manipulate anomaly detectors — a concern Liang acknowledges but does not fully resolve. Similarly, the PDDS framework's practical implementability in real infrastructure remains to be demonstrated.
What to Watch
- Whether major cloud providers or standards bodies (such as CNCF or IETF) engage with the PDDS or SECUREVENT frameworks in upcoming working groups or RFCs.
- Regulatory developments in the EU AI Act implementation and US NIST AI Risk Management Framework updates, both of which may incorporate or cite academic work on verifiable agentic infrastructure.
- Follow-on empirical studies testing SECUREVENT against real-world event-stream attack data, which would substantially strengthen or challenge Liang's claims about false-positive rates.