The latest articles on DEV Community by FortSignal (@fortsignal). https://dev.to/fortsignal https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3896537%2Fc91b583b-8345-4df6-b82a-335d7ff4853c.png https://dev.to/fortsignal en FortSignal Fri, 24 Apr 2026 18:40:47 +0000 https://dev.to/fortsignal/why-login-isnt-enough-cryptographic-intent-verification-for-ai-agents-1if3 https://dev.to/fortsignal/why-login-isnt-enough-cryptographic-intent-verification-for-ai-agents-1if3 <p>Most authentication systems solve the wrong problem.<br><br> They verify identity at login — "are you who you say you are?" — then trust every action that follows. That worked fine when humans were the only ones taking actions. It breaks down fast when AI agents are involved. </p> <p><strong>The gap nobody talks about</strong> </p> <p>An agent logs in with valid credentials. It has a valid session. It makes a request to transfer $50,000 to an external account. Every auth check passes. The action executes. </p> <p>Was that supposed to happen? Nobody knows. There's no proof a human approved it. There's no record of what parameters were actually signed off on. There's no way to tell if the amount or recipient was<br><br> tampered with between when the action was initiated and when it executed.</p> <p>This is the intent gap — the space between "authenticated" and "authorized to do this specific thing right now." </p> <p><strong>Cryptographic intent verification</strong> </p> <p>FortSignal closes this gap. Before any sensitive action executes: </p> <ol> <li>Your backend calls /challenge/start with the exact action parameters — action, amount, recipient </li> <li>FortSignal hashes those exact values into a challenge</li> <li>The user's hardware signs that challenge via WebAuthn (Face ID, Touch ID, security key) </li> <li>/challenge/verify checks the signature and enforces your policy rules </li> <li>Returns decision: allow or deny with a signed receipt</li> </ol> <p>If anything changes between step 1 and step 4 — amount, recipient, anything — the hash won't match and it's a deny. Cryptographic proof, not just a checkbox. </p> <p><strong>For AI agents</strong> </p> <p>Agents don't use WebAuthn — there's no human present. Instead, agents sign with an Ed25519 private key on the server. A human pre-approves a delegation scope from the dashboard — allowed actions, max amount<br><br> per action, allowed recipients, expiry. The agent operates autonomously within those bounds.</p> <p>Every agent action is checked against: </p> <ol> <li>Valid Ed25519 signature</li> <li>Within delegation scope approved by a human </li> <li>Within policy constraints </li> </ol> <p>Revoke a delegation instantly. The agent's next action is denied — no waiting for a token to expire.</p> <p><strong>Two separate layers</strong></p> <p>Intent fields (action, amount, recipient) are per-request — what gets cryptographically signed. Policy is persistent rules you configure once in your dashboard. Both must pass for allow. A valid signature on a $1M transfer still gets denied if your policy caps actions at $5,000.</p> <p><strong>Why now</strong> </p> <p>AI agents are being dropped into production apps right now. Developers don't have a good answer for "how do I make sure my agent doesn't do something it shouldn't?" Existing auth systems weren't built for this. WebAuthn alone doesn't solve it — you need parameter binding, policy enforcement, and agent delegation on top.</p> <p>npm install <a class="mentioned-user" href="https://dev.to/fortsignal">@fortsignal</a>/sdk </p> <p>Full docs at fortsignal.com/docs. Patent pending on the parameter binding system. </p> <p>Would love to hear how others are solving this problem — or if you're building something where this fits. <br> <a href="https://dev.tourl">fortsignal.com </a></p> agents ai cybersecurity security