Back to Glossary
PROTO

Zero-Trust Agent Model

never trust always verifyagentic security posturecontinuous verification

The zero-trust agent model applies the zero-trust security philosophy to autonomous AI systems, rejecting the assumption that trust persists across actions.

WHY SESSION TRUST IS INSUFFICIENT

Traditional session-based security assumes a principal remains legitimate. AI agents invalidate this: a Prompt Injection attack mid-session can redirect an agent toward unauthorized actions. Per-action verification is required.

PROTOCOL CONTEXT (VEX PROTOCOL / MCPVANGUARD)

VEX implements zero-trust agent verification through per-action Evidence Capsule validation. Each tool call is treated as an independent authorization event: identity, authority, and boundary are all verified.

ProvnAI Mitigation

McpVanguard enforces zero-trust per-action verification at sub-millisecond latency. Verification state is stateless by design — each tool call carries its own complete context, making it robust against hijack.