AffixIOAFFIXIO
Contact

At a glance

Product
Know Your Agent gates before autonomous actions
Scope
Tool calls, payments, data export, clinical workflows
Outcome
Signed allow or deny per action context
Audit
Merkle proof on every boundary crossing
Integration
REST API, Node.js SDK, MCP connector
Retention
Zero PII at verifier by default

The gap

Agents are executing without a truth layer

Financial services, healthcare workflows, and enterprise automation now delegate actions to AI agents. Most stacks authenticate the API client but not the agent's eligibility for a specific action.

That leaves shadow AI, over-scoped tool calls, and audit gaps when regulators ask what authorised a payment, a data export, or a policy change.

Know Your Agent (KYA) closes that gap: one binary decision, cryptographically signed, before the action runs.

OWASP
Agentic AI listed in the OWASP Agentic Top 10. Authorisation at the action boundary is now a baseline control.
<50ms
Typical circuit verify latency on production-shaped endpoints. Fast enough for real-time agent tool gates.
0 PII
Verifier receives allow or deny by default. No standing profile at the gate.

Architecture

API keys vs agent authorisation

Client auth only
  • API key proves who called, not what they may do
  • Agent scope inferred from application config
  • Audit trail is application logs, not cryptographic proof
  • Shadow agents bypass central policy
  • Regulators see narratives, not verifiable decisions
AffixIO KYA gate
  • Signed allow or deny per action context
  • Noir circuits encode eligibility rules
  • Merkle audit on every boundary crossing
  • MCP connector for Claude and Cursor
  • ML-DSA-65 attestation on critical paths

Agent action gate flow

IntentAgent requests action
WitnessPolicy inputs prepared
ProveCircuit or attest path
VerifySigned YES / NO
ActOnly if admitted

Capabilities

What the gate enforces

Scope

Action binding

Proof tied to tool name, amount band, region, or programme ID at issue time.

Time

Expiry windows

Short-lived authorisation for high-risk agent actions. No stale permissions.

Replay

Spent proofs

One-time authorisation for payments and irreversible operations.

ZK

Eligibility circuits

Prove membership or tier without revealing underlying records.

PQC

ML-DSA signatures

Post-quantum attestation on manifests and critical decisions.

Audit

Merkle inclusion

Every gate crossing appendable to a tamper-evident tree.

Integration

Four steps to a live gate

01

Pick a circuit

Use the circuit picker or catalogue for your policy domain.

02

Prepare witness

Map agent context to circuit inputs via POST /v1/witness/prepare.

03

Prove and verify

Generate proof, verify at boundary, enforce spent rules on success.

04

Audit

Append digest to Merkle tree. Export inclusion for compliance.

Where it applies

Agent authorisation scenarios

Agentic payments

Authorise transfers and card actions before execution. See agentic payments.

Tool orchestration

Gate MCP tool calls in Claude, Cursor, and custom runtimes.

Data export

Prove policy allows export without logging raw record contents.

Clinical workflows

Binary eligibility before agent-assisted clinical decisions.

Government services

Programme-scoped agent access with audit evidence.

RAG citation gates

Verify source integrity before agents cite retrieved content.

Why Know Your Agent matters now

Enterprise automation no longer stops at scheduled batch jobs. Large language models now initiate tool calls, payment instructions, and data exports with minimal human oversight. Security teams inherited IAM designed for human users and service principals with fixed scopes. Agents break that model because the same API client can spawn dozens of ephemeral sub-agents, each with inferred permissions from prompt context.

Regulators and standards bodies have responded. OWASP lists agentic AI risks in the Agentic Top 10. Financial conduct supervisors ask what authorised a specific transfer. Healthcare programmes need evidence that an automated workflow was eligible before a clinical suggestion reached a chart. AffixIO addresses this at the only point that matters: the boundary between intent and execution.

What a KYA gate proves

A Know Your Agent gate does not replace identity providers or API gateways. It answers a narrower question: given this agent identity, this action context, and this policy witness, is the action allowed right now? The answer is a signed YES or NO with Merkle audit. Downstream systems enforce the outcome. Auditors replay the proof without reading conversation logs or raw PII.

Implementation patterns

Most pilots start with one high-risk action class: outbound payments, bulk export, or privileged MCP tool calls. Witness preparation maps agent metadata to circuit inputs. Prove and verify run on production-shaped endpoints in the sandbox. Spent-proof rules prevent replay if an agent retries the same action token. MCP clients connect via Proof by AffixIO with OAuth 2.0 PKCE.

Procurement questions to ask vendors

  • Does authorisation happen before or after the action executes?
  • Is audit evidence cryptographic or application-log based?
  • Can verifiers operate without standing PII?
  • Are proofs bound to action context, not just client identity?
  • Is post-quantum attestation available on long-lived manifests?

Last reviewed 12 July 2026. See also AI agents FAQ, shadow AI compliance guide, and compare: agent auth vs API keys.

Frequently asked questions

What is Know Your Agent (KYA)?

KYA verifies an agent's identity, scope, and policy eligibility before a sensitive action executes. AffixIO returns a signed yes or no at that boundary.

How is KYA different from API keys?

API keys authenticate a client. KYA proves the agent is authorised for a specific action context, with cryptographic audit evidence.

Does AffixIO store agent conversation data?

No. The verifier receives allow or deny plus a Merkle reference. Personal data stays at the issuer by default.

Can agents use the MCP connector?

Yes. Proof by AffixIO is at affix-io.com/mcp with OAuth 2.0 PKCE for Claude and Cursor.

Gate your first agent action

Run circuit prove and verify in the sandbox, then scope a KYA pilot with engineering. Integration guide: AI integration.