Identity and Control for the Agentic Economy.
Securing the Agentic Economy
[KYDE]
AI agents are calling APIs, moving money, making decisions - with no identity, no scope, no audit trail. When something goes wrong, no one knows who acted, why, or under what limits.
KYDE is the gateway between agents and the world. Agents will rewrite what they can access. KYDE sits where they can't.
Every action is logged and checked against policy before it reaches critical systems - blocked when out of scope. Deployed via a single environment variable. No code changes required.
$ export OPENAI_BASE_URL=https://kyde.intranet/v1
$ kyde fleet init
✓ Fleet proxy started on :8080
✓ Agent identities provisioned
✓ Role boundaries enforced
✓ Tamper-evident ledger initialized
$ kyde fleet status
✓ 12 agents active — all scoped, signed, accountable
↳ The operational gap
Four questions most enterprises can't answer.
Who acted?
Agents share service accounts with broad permissions. No traceable identity. No role boundaries. A support agent scoped for €500 refunds issues €5,000 because nobody scoped its authority.
Why did it decide that?
An HR agent retrieves a policy document from 2022 and uses it to guide a termination. The current policy says something different. Nobody logged which source it relied on.
What are the boundaries?
Token budgets don't exist. API access is unrestricted. An intern's research agent burns through your entire monthly token allocation while your production agents queue.
What happened?
A procurement agent posts confidential contract terms in Slack. Leadership needs the full evidence trail. The logs are vendor-provided, self-reported, software-only. A compromised host can rewrite them silently.
Resilient organizations don't just detect these failures.
They architect systems that prevent them.
Governance cannot live
inside the AI.
The Status Quo
Control is applied at the endpoint — System Prompts, SDKs, application logic.
Safeguards live inside the agent's own code.
Security is treated as a feature, not a foundation.
The Structural Flaw
Capable agents can bypass their own rules and rewrite their own logs.
Human oversight does not scale to machine speed.
The Necessity
Governance must sit outside. Security inside the agent is suggestion, not enforcement.
If the agent can touch the lock, it can pick it.
The only governance that holds is the kind the agent cannot touch.
THE ZERO-TRUST
AI STACK.
Kyde is the zero-trust governance proxy that sits between your agents and any LLM provider. It intercepts every call, enforces every policy, and signs every entry — before anything reaches the model.
One environment variable. No code changes. Any agent, any provider, under control from day one.
01 — Intercept
Every request from every agent routes through the KYDE Proxy. No code changes required — one environment variable or Group Policy push.
02 — Sign & Chain
Each event is Ed25519-signed and SHA-256 chained to the previous entry. Alter any record — every subsequent link breaks.
03 — Forward
The original request is forwarded to the LLM provider with <100ms overhead. Governance is invisible to agent code and end users.
Three guarantees. One stack.
Not a roadmap. A complete infrastructure layer — deployed in minutes, covering every agent from day one.
SCOPE
No agent acts without ID & clearance.
Every action is checked against policy before execution. Scope enforced at the proxy — not by trust.
-
Agent Identity & Behavioral Scope
Every agent gets a cryptographic identity and a defined role. No shared service accounts. No anonymous calls.
-
Token & Cost Budgets
Hard limits per agent, per role, per day. Enforced before the call is made — not flagged after the bill arrives.
-
API Allowlists & Circuit Breakers
Define which endpoints each role can reach. Hard blocks before actions reach external systems.
-
Violation Alerts & Human-in-the-Loop
When an agent exceeds its scope — blocked instantly at the proxy. Alerts fire to your team via Slack or Teams. Supervisors review, override, or terminate. No silent failures.
-
Zero-Friction Deployment
One environment variable or Group Policy push. No code changes. No SDK. Under 100ms latency.
TRACE
No incident without accountability.
Every incident traced to a single agent identity. Full chain reconstruction: source, path, destination.
-
Traceable Identity
Every action traced to a specific agent — not a shared service account. Who acted is always answerable.
-
Causal Context
Not just what happened, but why — capturing the last 5 messages before every tool call. Full decision chain reconstruction.
-
Anomaly Detection
Behavioral baselines per agent role. Real-time alerts when an agent deviates from expected patterns.
SEAL
Cryptographic audit trail. Court-ready.
Every entry signed. Tamper with any record — every subsequent link breaks. Independent of your LLM provider.
-
Ed25519-Signed Append-Only Ledger
Every entry cryptographically signed at the point of capture. Not a log. A tamper-evident chain of evidence.
-
Provider-Independent Record
Your audit trail lives outside Anthropic's, OpenAI's, or any vendor's infrastructure. Yours to export, verify, and submit.
-
Hardware Isolation — TPM/HSM
For maximum integrity: signing keys isolated in hardware, never exposed to the host OS. Military-grade for environments where software-only isn't enough.
Your agents act on your behalf.
Courts agree.
They negotiate, transact, and make commitments in your name. Regulators, auditors, and courts will hold you accountable for what they do.
Moffatt v. Air Canada
"Air Canada cannot avoid responsibility for information provided by its agent."
The question isn't whether you need an evidence trail. It's whether yours can withstand scrutiny.
EU AI Act
UrgentHigh-risk AI system logging
Enforcement: Aug 2027
NIS-2
Essential entities security
In force
DORA
Financial entity resilience
In force: Jan 2025
GDPR 35
Automated processing DPIA
In force
↳ Get started