Skip to content

dazistgut/agentic-trust-framework

 
 

Repository files navigation

Agentic Trust Framework (ATF)

Zero Trust Governance for Autonomous AI Agents

Specification Version License: CC BY 4.0 License: Apache 2.0 CSA Published

Overview

The Agentic Trust Framework (ATF) is an open governance specification for autonomous AI agents, applying Zero Trust principles across five core security elements. Published through the Cloud Security Alliance and licensed under CC BY 4.0.

ATF answers the question every organization deploying AI agents must face: How do we maintain control?

This is a specification, not a code library. ATF defines governance principles and requirements. Implementations demonstrate them in practice.

The Five Core Elements

Every AI agent must be governed across five dimensions:

# Element Question What It Governs
1 Identity "Who are you?" Agent credentials, authentication, ownership
2 Behavior "What are you doing?" Monitoring, anomaly detection, intent alignment
3 Data Governance "What are you eating? What are you serving?" Input validation, PII protection, output filtering
4 Segmentation "Where can you go?" Access boundaries, least privilege, blast radius
5 Incident Response "What if you go rogue?" Kill switches, circuit breakers, containment

Agent Maturity Model

Agents earn autonomy through demonstrated trustworthiness. They do not receive it by default.

Level Name Autonomy Human Involvement AWS Scope
1 Intern Observe + Report Continuous oversight Scope 1
2 Junior Recommend + Approve Human approves all actions Scope 2
3 Senior Act + Notify Post-action notification Scope 3
4 Principal Autonomous Strategic oversight only Scope 4

Agents can be demoted at any time if they fail to maintain standards. A critical incident triggers immediate demotion to Intern.

See MATURITY_MODEL.md for promotion gates, demotion criteria, operating model, and deployment checklists.

Status

Specification: v0.9.1 (Public Review Draft, April 2026)

The specification has been published through the Cloud Security Alliance, independently implemented by multiple organizations, and is approaching v1.0.

Ecosystem Adoption

Organizations are building against the ATF specification independently. See ECOSYSTEM.md for detailed entries.

Project Organization Relationship ATF Coverage Repository
Agent Governance Toolkit Microsoft Independent convergence All 5 elements GitHub
VERA Berlin AI Labs Built on ATF principles All 5 elements + maturity model GitHub

Community Engagement

  • Issue #4: Temporal drift detection for behavioral monitoring
  • Issue #3: Agent Passport System for cryptographic identity
  • Issue #2: DID/VC-based agent identity (MolTrust)

Framework Relationships

ATF is complementary, not competing. It is the governance operating model that other frameworks' threat models and risk assessments lead you to.

Framework Relationship One-Liner
CSA AICM Parent umbrella AICM defines 243 controls for AI broadly. ATF operationalizes the agent-specific subset.
MAESTRO Complementary MAESTRO identifies what could go wrong. ATF defines how to maintain control.
OWASP Agentic Top 10 Complementary OWASP tells you what the threats are. ATF provides the governance to mitigate them.
NIST 800-207 Foundational NIST provides the Zero Trust principles. ATF applies them to AI agents.
AWS Scoping Matrix Directly aligned ATF maturity levels map 1:1 to AWS Scopes 1-4.
ISO/IEC 42001 Directly aligned ISO 42001 asks if you have an AI management system. ATF helps you build the agent governance component.

See CROSSWALKS.md for detailed framework alignment mappings.

Specification Documents

Document Description
SPECIFICATION.md Core specification with requirements (RFC 2119)
MATURITY_MODEL.md Four-level maturity model with promotion/demotion criteria
CONFORMANCE.md Conformance tiers, 25 core requirements, maturity level matrix
IMPLEMENTATION_PATTERNS.md Technology-agnostic implementation patterns
CROSSWALKS.md Framework alignment mappings (AICM, OWASP, NIST, ISO)
SECURITY.md Security principles and threat model

Getting Started

  1. Assess your readiness: Take the free ATF Self-Assessment (30 questions, 15 minutes, PDF report)
  2. Read the specification: Start with SPECIFICATION.md for requirements, then MATURITY_MODEL.md for the operating model
  3. Understand the patterns: Review IMPLEMENTATION_PATTERNS.md for technology-agnostic guidance
  4. Map to your compliance: See CROSSWALKS.md for alignment to AICM, ISO 42001, ISO 27001, NIST, and more

Background

ATF builds on concepts from Agentic AI + Zero Trust: A Guide for Business Leaders (September 2025), featuring a foreword by John Kindervag, creator of Zero Trust.

Published on the Cloud Security Alliance blog in February 2026 via a joint Zero Trust Working Group and AI Safety Working Group collaboration.

Contributing

ATF welcomes specification feedback, implementation experience reports, and crosswalk contributions. See CONTRIBUTIONS.md for details.

License

Links

About

Security-first AI agents implement Zero Trust principles. This code embodies the Agentic Trust Framework as described in the book "Agentic AI + Zero Trust: A Guide for Business Leaders".

Resources

License

Security policy

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors