AFFIXIO
Authorise agents before they act
Autonomous systems need a gate, not a log. AffixIO sits between intent and execution and returns a signed allow or deny with Merkle audit. Test agent prove and verify flows in the sandbox or connect via MCP.
At a glance
- Product
- Know Your Agent gates before autonomous actions
- Scope
- Tool calls, payments, data export, clinical workflows
- Outcome
- Signed allow or deny per action context
- Audit
- Merkle proof on every boundary crossing
- Integration
- REST API, Node.js SDK, MCP connector
- Retention
- Zero PII at verifier by default
The gap
Agents are executing without a truth layer
Financial services, healthcare workflows, and enterprise automation now delegate actions to AI agents. Most stacks authenticate the API client but not the agent's eligibility for a specific action.
That leaves shadow AI, over-scoped tool calls, and audit gaps when regulators ask what authorised a payment, a data export, or a policy change.
Know Your Agent (KYA) closes that gap: one binary decision, cryptographically signed, before the action runs.
Architecture
API keys vs agent authorisation
- ✕ API key proves who called, not what they may do
- ✕ Agent scope inferred from application config
- ✕ Audit trail is application logs, not cryptographic proof
- ✕ Shadow agents bypass central policy
- ✕ Regulators see narratives, not verifiable decisions
- ✓ Signed allow or deny per action context
- ✓ Noir circuits encode eligibility rules
- ✓ Merkle audit on every boundary crossing
- ✓ MCP connector for Claude and Cursor
- ✓ ML-DSA-65 attestation on critical paths
Agent action gate flow
Capabilities
What the gate enforces
Action binding
Proof tied to tool name, amount band, region, or programme ID at issue time.
Expiry windows
Short-lived authorisation for high-risk agent actions. No stale permissions.
Spent proofs
One-time authorisation for payments and irreversible operations.
Eligibility circuits
Prove membership or tier without revealing underlying records.
ML-DSA signatures
Post-quantum attestation on manifests and critical decisions.
Merkle inclusion
Every gate crossing appendable to a tamper-evident tree.
Integration
Four steps to a live gate
Prepare witness
Map agent context to circuit inputs via POST /v1/witness/prepare.
Prove and verify
Generate proof, verify at boundary, enforce spent rules on success.
Audit
Append digest to Merkle tree. Export inclusion for compliance.
Where it applies
Agent authorisation scenarios
Agentic payments
Authorise transfers and card actions before execution. See agentic payments.
Tool orchestration
Gate MCP tool calls in Claude, Cursor, and custom runtimes.
Data export
Prove policy allows export without logging raw record contents.
Clinical workflows
Binary eligibility before agent-assisted clinical decisions.
Government services
Programme-scoped agent access with audit evidence.
RAG citation gates
Verify source integrity before agents cite retrieved content.
Why Know Your Agent matters now
Enterprise automation no longer stops at scheduled batch jobs. Large language models now initiate tool calls, payment instructions, and data exports with minimal human oversight. Security teams inherited IAM designed for human users and service principals with fixed scopes. Agents break that model because the same API client can spawn dozens of ephemeral sub-agents, each with inferred permissions from prompt context.
Regulators and standards bodies have responded. OWASP lists agentic AI risks in the Agentic Top 10. Financial conduct supervisors ask what authorised a specific transfer. Healthcare programmes need evidence that an automated workflow was eligible before a clinical suggestion reached a chart. AffixIO addresses this at the only point that matters: the boundary between intent and execution.
What a KYA gate proves
A Know Your Agent gate does not replace identity providers or API gateways. It answers a narrower question: given this agent identity, this action context, and this policy witness, is the action allowed right now? The answer is a signed YES or NO with Merkle audit. Downstream systems enforce the outcome. Auditors replay the proof without reading conversation logs or raw PII.
Implementation patterns
Most pilots start with one high-risk action class: outbound payments, bulk export, or privileged MCP tool calls. Witness preparation maps agent metadata to circuit inputs. Prove and verify run on production-shaped endpoints in the sandbox. Spent-proof rules prevent replay if an agent retries the same action token. MCP clients connect via Proof by AffixIO with OAuth 2.0 PKCE.
Procurement questions to ask vendors
- Does authorisation happen before or after the action executes?
- Is audit evidence cryptographic or application-log based?
- Can verifiers operate without standing PII?
- Are proofs bound to action context, not just client identity?
- Is post-quantum attestation available on long-lived manifests?
Last reviewed 12 July 2026. See also AI agents FAQ, shadow AI compliance guide, and compare: agent auth vs API keys.
Frequently asked questions
What is Know Your Agent (KYA)?
KYA verifies an agent's identity, scope, and policy eligibility before a sensitive action executes. AffixIO returns a signed yes or no at that boundary.
How is KYA different from API keys?
API keys authenticate a client. KYA proves the agent is authorised for a specific action context, with cryptographic audit evidence.
Does AffixIO store agent conversation data?
No. The verifier receives allow or deny plus a Merkle reference. Personal data stays at the issuer by default.
Can agents use the MCP connector?
Yes. Proof by AffixIO is at affix-io.com/mcp with OAuth 2.0 PKCE for Claude and Cursor.
Gate your first agent action
Run circuit prove and verify in the sandbox, then scope a KYA pilot with engineering. Integration guide: AI integration.