AI Governance
Frameworks, policies, and oversight for responsible AI deployment
Hero Post
By Adesh Gairola
Agent identity isn't solved. Here's the model I use anyway.
Agent identity makes more sense as four stacked layers: a tamper-proof token format, cryptographic proof of which workload is running, a delegation chain that keeps the human as the subject, and a way to onboard to a service an agent has never met. Climb all four and you've proven who the agent is. You still haven't proven that what it did was okay.
Featured Posts
By Adesh Gairola
BodySnatcher and the Missing Identity Layer
BodySnatcher (CVE-2025-12420) showed how AI agents with aggregated permissions can compromise entire platforms in seconds. Traditional security controls designed for humans don't work at machine speed. Organizations need threat modeling and runtime controls for all three layers: API auth, identity binding, and agent execution.
By Adesh Gairola
Three Regulatory Philosophies, One Global AI Market
The EU (9/10 risk), US (5/10), and Australia (6/10) take vastly different approaches to AI regulation. Build for EU standards globally—the Brussels Effect means you'll need them anyway.
By Adesh Gairola
Identity Crisis in AI Agents: Why Traditional IAM Is Breaking Down
AI agents are breaking traditional identity and access management systems. From impersonation risks to cross-domain delegation chains, enterprises need new frameworks that balance autonomous operation with accountability and security.
