How it works

Your organization registers each agent with a defined capability scope, deployment environment, and trust baseline. The control plane signs a JWT-formatted AI Passport with your organization's ED25519 key.

• Capability scoping (permit / deny / human-approval)
• Per-jurisdiction policy attachment
• 365-day default validity, instant rotation

A single SDK call on agent initialization injects the signed passport into every outbound request. No proxies, no sidecars — the agent presents its passport like a browser presents a TLS certificate.

• Native bindings for Python, TypeScript, Go, Rust
• Zero-config rotation via the control plane
• Works with any LLM provider

Relying parties receive a sub-50ms trust decision over standard HTTPS. The verification node evaluates passport signature, trust score, capability scope, and risk context — then returns ALLOW / REVIEW / DENY with a capability token.

• P99 latency under 50ms globally
• Tamper-evident audit emitted server-side
• Capability tokens valid for 5 minutes