The issue it addresses is that conventional IAM instruments assume that functions are being accessed by human customers or machine identities, ruled by a one-time authentication course of. However brokers, which assume lengthy chains of actions performed at unimaginable pace, don’t work like this. As an alternative, entry turns into ephemeral, complicated, and non-deterministic, which is to say, vastly unpredictable. Lock them down an excessive amount of and so they cease working; allow them to run free, and weak safety follows of their wake.
Runtime enforcement
Curity’s strategy is to deal with brokers as a particular kind of software. Like functions, brokers name APIs, MCP servers, and one another, and are credentialed utilizing OAuth tokens. By way of a characteristic known as Token Intelligence, Curity extends the function of OAuth tokens to not merely allow entry, however to hold info on the agent’s objective and intent. In Curity’s scheme, an agent can solely entry assets based mostly on that objective.
As an alternative of utilizing static, pre-granted permissions, agent entry is granted at runtime, on-the-fly. Every requested motion generates a separate token that describes the entry it wants. When an agent begins a brand new process, it wants a brand new token specifying a brand new set of permissions. If crucial, human authorization will be required when an agent is making an attempt to carry out a high-risk motion equivalent to transferring funds.
