Sphereon
insight
Runtime trust for AI agents
AI agents act on behalf of people and organisations. They access systems, request data, make decisions, and trigger workflows, often without a human approving each step. The trust question is not whether they are allowed to act. It is whether their identity, authority, and scope can be verified at the moment they act, and whether every action can be proven later.
Traditional access control assumes a human authenticates once and then operates within a session.
Agents do not work that way. They act continuously, at scale, across systems, sometimes on behalf of multiple principals simultaneously. A session-based trust model does not transfer.
Runtime trust means every action an agent takes is evaluated against the same primitives that govern human interactions: who is this agent, what authority does it hold, under which delegation, within which policy, and with what audit obligation.
Agents act. They do not ask.
When a person accesses a system, there is a recognisable moment of authentication: a login, a credential presentation, a challenge. That moment is the trust checkpoint.
With agents there is no such moment. They are provisioned with authority and then act on it, repeatedly, across systems, without pausing for human confirmation.
That changes the trust requirement fundamentally. It is not enough to verify the agent at provisioning time and assume everything that follows is authorised. Authority can change. Delegation can be revoked. Policy can be updated. Scope can be exceeded. Trust must be evaluated continuously, at the point of each action, not once at the start of a session.
Four trust questions, evaluated at runtime.
Identity
Who is this agent? What credential establishes its identity, who issued it, and is that issuer currently trusted and is the credential not revoked?
Authority
What is this agent authorised to do? Under which policy does that authorisation apply, and does the requested action fall within its defined scope? Still?
Delegation
On whose behalf does it act? Is that delegation current, within its permitted scope, and has the delegating principal the authority to delegate it?
Audit
What evidence of this action must be retained? Can the organisation prove what the agent did, when, under which policy version, and with what result?
The same infrastructure, applied to machines.
The four questions above are not new. They are the same questions that govern human interactions with credentials, policies, and audit trails. What changes with agents is the frequency, the scale, and the absence of a human in the loop to catch what the infrastructure misses.
An agent presenting a credential is evaluated against the same attribute definitions, the same issuer trust requirements, the same policy thresholds, and the same audit obligations as a human presenting the same credential. The semantic model does not distinguish between a person and a machine. It distinguishes between a governed interaction and an ungoverned one.
This means the investment in semantic attribute modeling, runtime policy enforcement, and structured audit does not need to be rebuilt for agents. It needs to be extended to them. Organisations that build the governance infrastructure for human interactions first are also building it for agent interactions. Those that defer the infrastructure question will face it again, at greater scale, with less time.
Where Sphereon fits.
Sphereon’s infrastructure evaluates trust at runtime for both human and machine interactions. Identity, authority, delegation, and audit are handled by the same policy engine, the same trust registry, and the same evidence layer, regardless of whether the principal is a person, a system, or an agent acting on behalf of either.
EDK provides the runtime enforcement layer. VDX provides the operational governance layer across parties, workflows, and agents. IDK provides the open-source building blocks for teams implementing agent identity and credential flows from the ground up.
Govern what your agents do.
Talk to Sphereon about extending your verifiable trust infrastructure to cover agent identity, authority, delegation, and audit at runtime.