Great piece. I especially agree with the distinction between hard boundaries and soft guardrails. My only addition: for agents, hard boundaries need to start before the API/tool/action layer. Many controls govern what an agent does after reachability already exists. The missing foundation is identity-bound reachability: can this agent, model, tool, or service create a private path to this resource, for this session, under this policy, at all? That is where Zero Trust has to evolve from access control to connectivity control. This surmises a talk I gave recently at the CSA/DoW Zero Trust Symposium.
Great piece. I especially agree with the distinction between hard boundaries and soft guardrails. My only addition: for agents, hard boundaries need to start before the API/tool/action layer. Many controls govern what an agent does after reachability already exists. The missing foundation is identity-bound reachability: can this agent, model, tool, or service create a private path to this resource, for this session, under this policy, at all? That is where Zero Trust has to evolve from access control to connectivity control. This surmises a talk I gave recently at the CSA/DoW Zero Trust Symposium.
Great call out, was the talk recorded by chance?
Indeed it was - https://media.waru.edu/playlist/dedicated/62925431/1_khqyas09/1_62f0mczh.... the first slide was one I came across while reading one of your other blogs :D
Happy to share some open source tools/references too, helping to implement, which we are considering alluding to in a CSA paper on the topic.
Interesting article.
Zero Trust was built to solve an access problem: who gets in, what they can access, and under what conditions.
Ransomware and data theft expose a different problem.
Once access is granted, who determines whether a destructive action should execute?
An attacker with valid credentials, MFA, and authorized access can still encrypt data or exfiltrate sensitive information.
Identity control answers who. Execution control answers whether.
The next evolution of cybersecurity isn’t more verification. It’s authorization at the moment of execution.
Detection explains what happened.
Execution control determines whether it can happen at all.
Jack Fitzpatrick
Vice President - Data Protection
DataFenz
DataFenz
jack@DataFenz.com
770-289-6945
The link in the article was dead, I assume that this is the one? https://claude.com/blog/zero-trust-for-ai-agents