Published, not granted — the distinction is the whole job here. US20260189557A1, "Machine Learning Agent with Semantic Entitlement," appeared in the USPTO publication drop dated July 2, 2026 as a pending US application assigned to Microsoft Technology Licensing, LLC. A published application is a disclosure the public can read and a claim set the examiner has not yet ruled on; it confers no enforceable rights today. What it does give us is a precise statement of what the applicant is seeking to cover, and for an IP reader the right first move is to read the independent claim rather than the abstract.
A computing system comprising: one or more processing devices configured to: receive a semantic entitlement that semantically specifies an access permission scope of a machine learning (ML) agent included in an ML system, wherein the semantic entitlement has a natural language format; at least in part by processing the semantic entitlement at a generative language model included in the ML system, identify one or more resources that are included in the access permission scope indicated in the semantic entitlement; grant an ML agent of the plurality of ML agents access to the one or more identified resources; at the ML agent, compute an agent output based at least in part on the one or more identified resources; and output the agent output to an additional computing process.— Machine Learning Agent with Semantic Entitlement, claim 1, US20260189557A1
What claim 1 is directed to
Strip claim 1 to its verbs and it recites a computing system whose processing devices perform an ordered set of steps: receive a semantic entitlement in a natural-language format that specifies an agent's access-permission scope; process that entitlement at a generative language model to identify the resources within the scope; grant the ML agent access to those identified resources; compute an agent output from them; and output that result to a further process. Two limitations do the load-bearing work. The entitlement must be in a natural-language format — a plain-language permission, not an enumerated list — and the identification of covered resources must be performed at least in part by a generative language model. A system that resolved permissions by conventional string-matching against fixed paths, without a generative model interpreting a natural-language scope, would fall outside this independent claim as written.
The dependent claims are where the disclosed scope narrows and sharpens. Claim 2 defines the resources as a file in a filesystem, a network location, an input data stream, or an output interface. Claim 3 adds the retrieval mechanism: a vector database of the files, with the covered files identified by vector-similarity matching between those records and the model's output. Claims 4 through 6 layer on confidence values from that matching and predefined confidence thresholds — potentially different thresholds per action or per file — that trigger a user approval request when the match is weak, and claim 7 adds an explicit human-approval gate before access is granted. Claims 8 and 9 are directed to natural-language refusal descriptions, generated by the model, for out-of-scope requests, and a follow-on flow where a narrowed request is then granted. Claim 12 recites computing conventional access control lists from the entitlement. Each dependent claim is a fallback position: narrower ground the applicant can retreat to if the broad independent claim meets prior art during prosecution.
Independent claims, classification, and landscape
The application carries three independent claims. Claim 1 is the system claim quoted above; claim 13 recites the corresponding method; and claim 20 is a second system claim that is expressly tied to a filesystem and adds a distinct element — identifying not only the files that match the semantic entitlement but also "one or more available actions performable" on them, then granting the agent access to perform those actions. That action-level granularity in claim 20 is worth noting: it is directed not merely to which resources an agent may see but to what it may do with them, which is a finer-grained grant than claim 1 requires.
On classification, the record sits under H04L 63/10 and G06F 16/2237 — an access-control class paired with a data-structures class — rather than the G06N buckets where most of this week's machine-learning applications land. That placement is itself informative: the filing is positioned as a security-and-permissions invention that happens to use a generative model, not as a model-architecture invention. Its nearest neighbor in the same drop is US20260189558A1, "Machine Learning System with Entitlement Domains," also assigned to Microsoft and also under H04L 63/10, which is directed to delegation of resource access between agents via entitlement metadata. Related scaffolding applications in the cluster — US20260187522A1 on persisting ML system state, US20260187355A1 on guided conversation definitions, and US20260186615A1 on a generative-model whiteboard — describe adjacent machinery but claim different subject matter.
None of this speaks to whether the claims will issue as filed, and it should not be read to. Prosecution routinely narrows independent claims, and the generative-model and natural-language limitations in claim 1 are exactly the sort of language an examiner will test against prior art in access control and in language-model tooling. The disciplined summary is factual and bounded: US20260189557A1 is a pending application whose independent claims are directed to resolving an AI agent's natural-language permission scope through a generative model and granting resource — and, in claim 20, action — access accordingly, classified as network access control, with a companion delegation application filed alongside it. What it covers is defined by that claim language today, and by whatever survives examination tomorrow.
Comments
Loading comments…