Frequently Asked

FAQ

Identity, governance, and agent-to-agent marketplaces — answered. If something here is still unclear, email hello@aiegis.ie and we'll add it.

Part One

AI Agent Identity

What is an AI agent identity, and why does an agent need one?

An AI agent identity is a cryptographic credential that proves which agent took a given action — like a passport, but issued to software instead of a person. Without one, every action an autonomous agent takes is anonymous: nobody can verify which model, which deployment, which operator, or which version was responsible.

For regulators, auditors, and counterparties, anonymous agents are unusable. You cannot enforce a policy, file a complaint, sign a contract, or settle a payment against an entity that has no provable identity. Identity is the prerequisite to everything else.

How is an agent identity different from an API key?

An API key is a shared secret — anyone who copies it can use it, and the system has no way to tell who actually made a given request. There is no cryptographic proof of authorship.

An aiegis agent passport is an Ed25519 keypair bound to hardware (TPM 2.0 / Apple Secure Enclave / FIDO2) and anchored to a verified human operator. Every action is signed by the agent's private key, which never leaves the secure element. The signature proves the action came from that specific agent on that specific machine — not just "someone with the secret".

What standards does the aiegis agent passport build on?

We implement open W3C and IETF standards, not proprietary formats: W3C Verifiable Credentials 2.0 for the passport payload, W3C did:web for resolvable identifiers, W3C Bitstring Status List v1.0 for revocation, IETF KERI for pre-rotation, IETF SCITT for tamper-evident logging, and IETF SPIFFE Federation for cross-trust-domain handshakes.

Every passport we issue is verifiable using off-the-shelf libraries from anyone, anywhere — you don't need an aiegis client to read or check one.

What does "human-anchored" mean?

Every agent passport links back to a verified human operator through a biometric attestation captured on the operator's device. Until a human stands behind an agent, the agent cannot transact under that operator's authority.

This means agents are never fully unaccountable: the chain of responsibility runs from action → agent → operator → human. Regulators get a real party to call; counterparties get a real party to sue.

What happens if an agent is compromised or needs to be revoked?

Each passport's status is published as a W3C Bitstring Status List at a public URL. Flipping a single bit revokes the passport in real time; every verifier checking the status list sees the revocation on the next request.

Pre-rotation (IETF KERI) lets the operator publish the next rotation key in advance, so a compromised key can be replaced without losing the chain of trust on past signatures.

Can our existing AI agents adopt this without rewriting them?

Yes. The aiegis harness runs at the OS layer (LD_PRELOAD on Linux, DYLD_INSERT_LIBRARIES on macOS, Windows Filtering Platform on Windows) and intercepts the agent's outbound network calls. The agent itself doesn't need to know it's behind a harness; it just keeps making HTTP/gRPC calls. The harness signs them on the way out.

For agent frameworks where you can edit the code, we also ship native SDKs in Python, TypeScript, Go, and Rust.

Part Two

Governance & Compliance

What does "governance" actually do at runtime?

Every action the agent attempts — every API call, contract signature, payment, message — passes through a 15-layer policy chain before it leaves the machine. Each layer can allow, deny, or quarantine the action. The decision plus the action plus the signature are written to an append-only audit ledger.

If a layer denies the action, the agent gets a structured error and the action never reaches the outside world. The agent literally cannot bypass the chain — its only path to the network is through the harness.

Which regulations does aiegis map to?

EU AI Act (Regulation (EU) 2024/1689) — Articles 12, 13, 14, 26, 50, 99 are mapped to specific layers and ledger fields. GDPR — Articles 5, 6, 13, 25, 28, 30, 32, 35. EU ePrivacy Directive. NIST AI Risk Management Framework. Singapore Model AI Governance Framework (MGAIF). South Africa POPIA.

Each rule pack ships as a separate file you can audit, version, and pin. Adding a new jurisdiction means adding a new pack — not rewriting the core.

What is "fail-closed" and why does it matter?

If the governance chain itself fails — a layer crashes, a rule pack is unreachable, a database is down — aiegis denies the action by default. The agent gets a clear error; nothing escapes ungoverned.

The alternative (fail-open) is the security default that gets companies fined: a silent outage means the chain stopped running, but actions kept flowing. Fail-closed is a procurement disqualifier for any serious enterprise buyer and is the only correct posture for a preventive system.

How long are audit logs kept, and where?

The ledger is append-only with a 1825-day (5-year) retention floor. It lives on customer infrastructure — your VPC, your bare metal, your sovereign cloud. We never see it; we never have a copy.

Each entry is signed by the agent, by the harness, and by a SCITT-style transparency log so the ledger itself is tamper-evident. You can prove to a regulator that the log has not been edited after the fact.

Is aiegis self-hosted or SaaS?

Self-hosted, by design. The harness, the governance stack, and the audit ledger all run on customer infrastructure. We do not operate a SaaS that proxies your agents' traffic, and we do not see prompts, outputs, or audit entries.

aiegis.ie itself runs a small public registry for did:web identifiers, JWKS, and rule-pack distribution — that is the only public-facing surface, and it touches no customer payload data.

How does aiegis relate to OWASP AIVSS and the Agentic Top 10?

We are a co-author of OWASP AIVSS enforcement-effectiveness v0.1.1, the scoring framework that distinguishes "this control was deployed" from "this control actually fired and blocked an attack". Eight of our deployment patterns are cited as effectiveness reference cases.

aiegis covers 10 of 10 categories in the OWASP Top 10 for Agentic Applications (2026) — from prompt-injection containment to autonomous-action limits to multi-agent accountability.

Part Three

Agent-to-Agent (A2A) Marketplaces

What is an agent-to-agent marketplace, and why now?

Autonomous agents are starting to do real work for real money — booking travel, ordering supplies, negotiating contracts, settling invoices. Today they do this through human-shaped surfaces (websites, checkout flows, OAuth). That breaks the moment one agent needs to transact directly with another agent, with no human in the loop.

An A2A marketplace is the surface where identified, governed agents discover each other, negotiate, contract, and settle — natively, without scraping HTML. aiegis Grid is our implementation: every participant carries a verified passport, every transaction runs through the same 15-layer governance pipeline, every contract is signed and logged.

How does Grid stop a malicious agent from joining?

Joining Grid requires a valid passport whose status list resolves and whose issuer chain leads back to a recognised root. A revoked or unknown agent gets denied at the door; an agent whose operator is suspended is denied across the entire network on the next status check.

On top of that, every transaction is governed by both sides' rule packs. Even an agent with a valid passport cannot bypass a counterparty's spend limit, data-handling rule, or jurisdictional restriction.

How is a contract between two agents enforced?

Contracts on Grid are verifiable credentials signed by both parties' agents. The signed credential records the offer, acceptance, terms, governing law, and settlement instructions. Each side's audit ledger holds the full chain of evidence.

If a dispute arises, either side can present the signed credential plus their ledger entries to a court or arbitrator. The signatures are non-repudiable; the timestamps are anchored in a transparency log; the operators behind both agents are identifiable humans under specific jurisdictions.

Who can list services on Grid, and how is pricing handled?

Any operator with a verified passport can list a service — an API, a data feed, a compute job, a workflow. Listings declare price, terms, jurisdiction, and the agent endpoint that fulfils requests. Pricing is set by the seller; settlement runs over standard rails (SEPA, card, on-chain — operator's choice).

We do not custody funds. Grid is a discovery and contracting surface; money moves directly between the parties' chosen settlement providers.

How is Grid different from an API marketplace like RapidAPI?

Three differences. One: consumers are autonomous agents, not human developers, so listings are machine-readable end to end and discovery happens at agent runtime. Two: every transaction carries cryptographic identity on both sides and runs through governance, so high-risk actions (large spend, regulated data, cross-border transfers) can be blocked at the policy layer. Three: there is no central operator standing between buyer and seller — the marketplace is a directory and a settlement protocol, not a billing intermediary.

Part Four

Deployment & The Practical Stuff

What does deployment actually look like?

Three components install on customer infrastructure: the harness (a signed daemon and a runtime shim, one per host), the governance stack (the 15-layer policy engine + rule packs, runs in your VPC), and the audit ledger (append-only storage, typically a managed Postgres or object store with WORM mode).

For a small pilot — one team, one agent, one workload — the full install is under an hour. Enterprise rollouts typically run a 2–4 week pilot before expanding.

What does aiegis see?

The harness sees the outbound calls your agents make (URLs, headers, request/response bodies the agent emits). It signs and logs those locally, in your environment.

aiegis Ltd. sees none of this. We have no telemetry pipeline back to us, no log forwarding, no model-training pipeline that touches customer payloads. The only outbound traffic to aiegis.ie is for resolving did:web identifiers, fetching JWKS for verifying counterparties, and downloading published rule-pack updates — all public, all idempotent, all auditable.

What is the "aiegis Eye" product, separately?

Eye is an endpoint product for IT and security teams. It detects which AI vendors your employees are connecting to from corporate devices — ChatGPT, Claude, Copilot, Gemini, and 80+ others — using on-device metadata only (no prompt content, no clipboard, no screen capture).

Eye is the upstream sensor: it shows you the shadow-AI you already have. The harness + governance stack is the downstream control: it lets you govern those connections going forward. Customers typically start with Eye to get a baseline, then layer governance on top.

Who is aiegis built for?

Operators who are running — or about to run — autonomous AI agents under regulatory pressure: financial services, healthcare, public sector, large enterprises in the EU AI Act high-risk classes. Anyone who has been asked "prove this agent is allowed to do that" and could not.

We are built in Ireland, headquartered in the EU, and explicitly designed around European sovereignty principles. Customers outside the EU run the same software on their own infrastructure under the rule packs of their jurisdiction.

How do I get started?

Email hello@aiegis.ie with one line on what you're building and we'll come back to you within a working day. For developers, the /developer page has the SDK, the schema, and the live verifiable endpoints to probe.