Strata Identity today added a simulation sandbox and gateway that enables organizations to model the behavior of artificial intelligence (AI) agents before development and then enforce governance policies after they are deployed.
Michael Wallen, technical product manager for Strata Identity, said Maverics Sandbox for Agentic Identity makes it possible for builders of AI agents to safely experiment with pre-integrated identity providers (IDPs), the model context protocol (MCPs), application programming interfaces (APIs) and policies that will be enforced by an AI Identity Gateway at runtime.
The AI Identity Gateway additionally provides the framework for authenticating, authorizing and observing every action an agent performs as it interacts with upstream services in real time, added Wallen.
The Maverics Sandbox is designed to spin up in less than five minutes, without exposing an AI agent to any production systems. IT teams can immediately see how policies, tokens and agent identity controls behave across real agent-to-API calls within a working demo of an application.
The AI Identity Gateway enforces least-privilege access via policy as code tools based on the Open Policy Agent (OPA), an open source project overseen by the Cloud Native Computing Foundation (CNCF). That capability prevents AI agents from becoming over-privileged by issuing short-lived credentials using tokens that are managed via an exchange that Strata Security has previously developed, said Wallen.
In effect, Strata Identity is now applying the same controls it developed for managing other forms of identity, including humans, to AI agents via a token exchange that validates proof of possession of a token and maintains comprehensive audit logs of all requests, responses and exchanges, he added.
The AI Identity Gateway also extends identity and access controls directly into MCP to ensure that every agent tool call carries a verified identity, has gone through a fine-grained authorization process and can be audited at every hop.
Designed to integrate with any IDP, the Strata Security platform also connects with agent-specific registries such as the one being advanced by the AGNTCY open source working group or a custom database.
Finally, the AI Identity Gateway can be deployed anywhere and is managed via a console deployed by Strata Security as a cloud service, which enables IT teams to meet most regulatory requirements, noted Wallen.
Ultimately, there will be multiple types of AI agents that organizations will need to secure. Many will simply inherit the permissions assigned to the humans that create them. However, other AI agents will be autonomously performing tasks that have been assigned to them on behalf of the organization. Both types are likely to become targets of cyberattacks because they would enable malicious actors to potentially commandeer an entire process.
It’s not clear who within organizations will take responsibility for assigning credentials and permissions to AI agents, but the one thing that is certain is that in the event of an inevitable security breach, everyone will want to know what a specific AI agent has been doing from the very second it was compromised.
