
Self-hosted agentic systems shift the security boundary inward. The cloud's shared-responsibility model carries an implicit assumption that the substrate is secured by the provider; self-hosting moves that responsibility onto the operator. Simultaneously, provenance — where a model came from, how weights were obtained, what training data is encoded, what fine-tunes have been applied, what tool integrations are authorized — becomes a first-class concern not because of regulation alone but because confident misalignment can originate in opaque provenance. This paper argues that security and provenance for self-hosted agentic systems must be designed together, not separately. Security without provenance lets compromised models hide in plain sight; provenance without security lets attested chains be tampered with. The combined layer is what HGC³AE²'s C¹ (Cybersecurity) actually requires at runtime.
