Security
Agent security starts before the action runs.
One practical control point: should this agent, owned by this operator, take this specific action right now?
The model
Four layers, one enforceable answer.
Agent identity, not human identity
A passport describes the agent — owner, runtime, purpose, expiry, status. It never pretends an AI agent is a person.
Scoped action checks
The verifier evaluates the exact action requested: checkout submit, booking change, account update, API write.
Approval before blast radius
Low-risk actions pass automatically. High-risk actions wait for a human before money, data, or production changes.
Revocation-first trust
Trust must be easy to stop. Revoked agents stop receiving trusted decisions before the next sensitive action.
Verifier inputs
A useful checkpoint checks context, not vibes.
- Passport ID and current status
- Agent owner and runtime context
- Requested action and protected surface
- Origin, timestamp, nonce, replay risk
- Policy match and approval requirement
- Expiry, pause, and revocation state
Decision outcomes
Easy for a system to enforce.
Honest boundaries
What Gardien is not.
Not a fraud guarantee
Gardien decides whether a known agent may take a scoped action — it doesn't promise the action is harmless.
Not a legal identity system
A passport identifies an agent for workflow trust. It's not KYC or government ID.
Not a replacement for auth
Keep your existing auth, fraud checks, rate limits, and human review.
Not a reason to log everything
Verifier logs support audit without storing raw records, passwords, or keys.
Security reports go to security@gardien.io with impact, affected route, reproduction steps, and timestamps. Never email live secrets, passwords, or customer records.
Next step