The issue it addresses is that conventional IAM instruments assume that functions are being accessed by human customers or machine identities, ruled by a one-time authentication course of. However brokers, which assume lengthy chains of actions carried out at unimaginable velocity, don’t work like this. As a substitute, entry turns into ephemeral, advanced, and non-deterministic, which is to say, massively unpredictable. Lock them down an excessive amount of and so they cease working; allow them to run free, and weak safety follows of their wake.
Runtime enforcement
Curity’s method is to deal with brokers as a particular sort of software. Like functions, brokers name APIs, MCP servers, and one another, and are credentialed utilizing OAuth tokens. By means of a function referred to as Token Intelligence, Curity extends the function of OAuth tokens to not merely allow entry, however to hold info on the agent’s goal and intent. In Curity’s scheme, an agent can solely entry assets based mostly on that goal.
As a substitute of utilizing static, pre-granted permissions, agent entry is granted at runtime, on-the-fly. Every requested motion generates a separate token that describes the entry it wants. When an agent begins a brand new process, it wants a brand new token specifying a brand new set of permissions. If needed, human authorization may be required when an agent is making an attempt to carry out a high-risk motion comparable to transferring funds.
