AgentSignaSecurity is part of the
operating model,
not a wrapper around it.
AgentSigna exists because high-risk machine actions need explicit authority. That philosophy carries through the platform itself: separated identity planes, cryptographic proof, and an immutable audit record built into the control flow from the start.
Four structural
security properties
Security decisions made at architecture time are harder to circumvent than runtime checks. These are constraints, not configurations.
Separated identity planes
The people who operate your procurement workflows and the people who administer the platform itself are authenticated through entirely separate surfaces. There is no privilege path between them: not a role, not a header, not a bypass. The separation is architectural.
Hard tenant isolation
Every organization's data (policies, agents, decisions, counterparties) is isolated at the data layer, not just the application layer. One tenant cannot observe or affect another. The boundary holds regardless of how a request is constructed.
Cryptographic proof, not log files
Approved actions are sealed with a cryptographic signature. The signature cannot be forged and the record cannot be selectively edited. Downstream systems can verify authenticity without calling back to the platform. The proof travels with the action.
Append-only ledger
Events are written once and never modified. Each entry is linked to the previous by a cryptographic digest. Any gap or alteration in the chain is immediately detectable. You can bring the ledger to an external auditor and they can verify its integrity without trusting us.
Every risk category
addressed by design
AgentSigna is assessed against the OWASP Application Security Top 10. How each category is addressed is summarised below, without disclosing implementation specifics.
Access Control
Every operation is gated by role. Tenant and platform surfaces are separated at authentication time. There is no in-session escalation path. Actions that cross organizational boundaries are structurally impossible, not just policy-restricted.
Cryptographic Failures
Sensitive data is never stored in plaintext. Signed artifacts use industry-standard asymmetric cryptography. Short-lived tokens with rotation are used throughout. Credentials are never committed to source or exposed in logs.
Injection
All data access uses parameterized queries. No dynamic SQL construction from user input. Request payloads are validated against strict allowlists with enforced depth limits. Unrecognized fields are rejected at the boundary.
Insecure Design
Zero trust is structural, not configurational. Every action request starts with no authority. Certain action categories always escalate regardless of actor trust. There is no configuration path to bypass this.
Security Misconfiguration
Security headers are applied at the framework level to every route. They cannot be omitted by a page-level mistake. Defaults are locked down; permissive settings require explicit opt-in with justification.
Vulnerable Components
Dependencies are pinned, audited, and updated on a defined cycle. Known vulnerabilities at critical or high severity block deployment. The dependency surface is kept narrow by design.
Authentication Failures
Authentication surfaces are separated by plane. Tokens are short-lived with enforced rotation. Multi-factor authentication is available for privileged access. Every authentication event is recorded in the tamper-evident audit trail.
Software & Data Integrity
Signed action records cannot be forged without the platform's private key. The hash-chain ledger makes post-hoc modification detectable. Action case records are append-only. No update path exists for committed entries.
Logging & Monitoring
Every authorization decision, authentication event, and policy evaluation is written to the immutable audit ledger. Platform operators have monitoring access to auth events and queue health. Nothing significant happens off the record.
Server-Side Request Forgery
The platform makes no server-side HTTP requests to URLs sourced from user input. All external service communication is to fixed, environment-configured endpoints. There are no redirect or proxy patterns in the API surface.
Two planes.
Zero crossover.
Tenant portal
Organization operators and approvers
Tenant users authenticate through the tenant surface. Their access is scoped entirely to their organization's data: policies, agents, decisions, counterparties. No tenant user can observe or affect another organization.
Platform administration
AgentSigna internal oversight
Platform administrators authenticate through a completely separate surface with optional multi-factor enforcement. They access monitoring and organizational health, not tenant business data. The two identities cannot be combined.
Machine actors
AI agents with registered identity
Every AI agent is registered with an explicit sponsor, risk tier, and identity credential. No anonymous agent execution is possible. Every action request is tied to a registered identity and its current trust posture.
Design principle
The product exists because high-risk machine actions need explicit authority. That same discipline applies to the platform itself. Security is not a feature. It is the operating model.
Questions for your security team?
We'll walk your security and compliance teams through the architecture and controls before you commit to a pilot.
Responds within one business day.