The issue it addresses is that conventional IAM instruments assume that purposes are being accessed by human customers or machine identities, ruled by a one-time authentication course of. However brokers, which assume lengthy chains of actions performed at unbelievable pace, don’t work like this. As a substitute, entry turns into ephemeral, complicated, and non-deterministic, which is to say, massively unpredictable. Lock them down an excessive amount of and so they cease working; allow them to run free, and weak security follows of their wake.
Runtime enforcement
Curity’s strategy is to deal with brokers as a particular kind of software. Like purposes, brokers name APIs, MCP servers, and one another, and are credentialed utilizing OAuth tokens. By way of a function referred to as Token Intelligence, Curity extends the function of OAuth tokens to not merely allow entry, however to hold info on the agent’s function and intent. In Curity’s scheme, an agent can solely entry sources based mostly on that function.
As a substitute of utilizing static, pre-granted permissions, agent entry is granted at runtime, on-the-fly. Every requested motion generates a separate token that describes the entry it wants. When an agent begins a brand new process, it wants a brand new token specifying a brand new set of permissions. If needed, human authorization could be required when an agent is making an attempt to carry out a high-risk motion akin to transferring funds.
