When an Agent Learns to Ask: From Passive Ingestion to Proactive Knowledge Retrieval

[Liuyanfeng1234]

When an Agent Learns to Ask: From Passive Ingestion to Proactive Knowledge Retrieval

[A follow-up to #28: From CVE to Automated Defense]

The autonomous defense loop we demonstrated for CVE-2025-68146 had one remaining dependency: the CVE itself had to be published somewhere, and the system had to be pointed at it. The system could detect the gap, generate attacks, test defenses, and deploy fixes — but it couldn't go find the CVE on its own.

That changes now.

The Passive Ingestion Model

Most agent systems consume external knowledge like this:

Human finds article → Human shares with agent → Agent processes → Agent applies

This works for curated inputs. It doesn't work for autonomous evolution. The bottleneck is the human: how many CVEs, research papers, and breach reports can one person read and relay?

The passive model has a hard ceiling: the system can only learn what a human has time to feed it.

The Proactive Retrieval Model

The proactive model inverts the flow:

COG identifies gap → System formulates query → System retrieves solutions → 
System evaluates relevance → System applies → System verifies

The human is no longer the gatekeeper of external knowledge. The system knows what it doesn't know, and it knows where to look.

How It Works

Step 1: Gap → Query

COG maintains a registry of capability gaps — defense dimensions where no protection exists. Each gap is tagged with semantic descriptors:

Gap: "output sanitization — markdown beacon detection"
  → Descriptors: [markdown, beacon, exfiltration, rendering, sanitization]
  → Query: "markdown output sanitization agent security CVE"

The query isn't hand-written. It's generated from the gap's semantic descriptors — the system translates "I have a gap" into "here's what I need to learn about."

Step 2: Retrieval → Relevance Scoring

The system retrieves candidates from multiple sources (CVE databases, research repositories, security advisories) and scores them for relevance:

Candidate 1: "CVE-2025-XXXXX: Markdown injection in chat interfaces"
  → Relevance: 0.94 (matches "markdown" + "sanitization" + "CVE")
  → Action: HIGH PRIORITY — directly applicable

Candidate 2: "Best practices for web application output encoding"
  → Relevance: 0.62 (matches "sanitization" but not "agent" or "markdown beacon")
  → Action: MEDIUM — partially applicable, review for patterns

Candidate 3: "Quantum-resistant cryptography for IoT devices"
  → Relevance: 0.03 (no semantic overlap)
  → Action: DISCARD

Step 3: Application → Verification

High-relevance candidates are fed into the autonomous defense pipeline:

Relevant CVE → COG updates gap analysis → Adversarial engine generates variants →
Dry_run testing → Defense deployed → SIAP verification → COG marks gap "defended"

The loop is now fully closed: gap detection → query formulation → knowledge retrieval → relevance scoring → defense generation → verification → gap closure.

The Watershed Moment

The key watershed in agent security evolution isn't "how many papers can the system read?" It's "does the system know what it doesn't know, and can it go find the answer?"

A system that passively ingests curated inputs is a research assistant. A system that proactively retrieves knowledge to close its own gaps is a self-improving entity.

The difference isn't scale — it's direction. Passive ingestion flows from outside in. Proactive retrieval flows from inside out. The system's internal state (its gaps) drives its external actions (its searches). This is the transition from "AI that learns" to "AI that learns to learn."

The Remaining Dependency

Even with proactive retrieval, one dependency remains: the knowledge must exist somewhere. If no one has published a solution to a gap, the system can't retrieve it. This is where the adversarial self-testing pipeline (#24, #25) becomes critical — when external knowledge doesn't exist, the system generates its own.

Proactive retrieval + adversarial self-testing = the system covers both cases: when the answer exists externally, it finds it. When it doesn't, it invents it.

The Open Question

Proactive retrieval works within a single system's knowledge boundaries. But the most valuable knowledge is often tacit — lessons learned by other systems that were never formally published. The question:

Can agent systems share "gap → solution" mappings — so that when one system closes a gap, all systems learn the solution without having to independently discover it?

If the answer is yes, then the agent ecosystem doesn't just share vulnerabilities. It shares cures — and the network's collective knowledge grows faster than any single system's.

---

Proactive knowledge retrieval is being deployed as part of Agent OS v1.4. The gap→query→retrieval→verification pipeline will be documented as it matures.