Deep dives on AI agent identity, authorization, audit trails, and compliance — written for security architects and engineering leaders building on generative AI.
125 days until the EU AI Act applies to production AI systems — and most teams deploying agents haven't done the one thing they need to do first: check if they're classified as high-risk under Annex III.
Autonomous agents can read files, call APIs, and modify databases — all without a human in the loop. Without a stable, verifiable identity attached to each agent, your audit trail is fiction and your blast radius is unlimited.
SOC 2 auditors are increasingly asking about AI agent activity — and most companies are not ready. Here is a precise breakdown of what the Trust Services Criteria demand from your AI audit infrastructure.
Zero trust is well-understood for human users and network perimeters. Applying it to AI agents — entities that act autonomously, spawn sub-agents, and operate across trust boundaries — requires a more precise framework.
