The Enterprise Play: Agent Identity Inside Active Directory
Cayosoft announced Guardian 7.2 at RSA 2026: AI agent identities now get the same monitoring, alerting, and automated rollback as human identities in hybrid Active Directory and Entra ID environments.
This is significant. Not because agent identity monitoring is new (it is not), but because of where they put it. They did not build a separate agent governance dashboard. They added agent identities to existing identity threat detection and response (ITDR) workflows.
"As we deploy Microsoft agents, it's critical that agent identities are governed just like any other identity." — Hussein Alalawi, Senior Information Security Engineer, Auto Club Group
Cayosoft's bet: AI agents should be treated as first-class identities inside the Microsoft identity stack. Change monitoring for Microsoft Entra Agent ID entities. Forensic replay of agent activity. Automated rollback when agent permissions drift.
The Problem This Does Not Solve
Cayosoft Guardian 7.2 monitors agent identities within the Microsoft ecosystem. It can detect permission drift, track agent actions, alert on anomalies, and roll back changes.
What it cannot do: verify that an agent is who it claims to be when it shows up from outside the Microsoft perimeter. If an APS agent wants to delegate capabilities to a Microsoft-managed agent, or a Kanoniv-delegated agent wants to call an Azure API, Cayosoft has no mechanism to verify the external identity.
This is not a criticism. It is the boundary of every enterprise-locked identity system.
Meanwhile, Three Open Protocols Just Cross-Verified Each Other
This week, something happened that matters for the future of agent identity interop. Three independent agent identity systems verified each other's Ed25519 delegation chains in a neutral test:
| System | DID Method | Verification |
|---|---|---|
| Kanoniv | did:key |
Posted reference chains |
| Agent Passport System (APS) | did:aps |
Verified Kanoniv chains ✅ |
| AIP (Agent Identity Protocol) | did:aip |
Verified Kanoniv chains ✅ |
All three use Ed25519 under the hood. Signatures are signatures — mathematically identical regardless of which DID method wraps them.
import json, base64
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
pub_bytes = base64.urlsafe_b64decode(public_key_b64)
pub_key = Ed25519PublicKey.from_public_bytes(pub_bytes)
payload = json.dumps(delegation_fields, sort_keys=True).encode()
pub_key.verify(signature, payload)
Three different DID methods. Three different registries. Same Ed25519. Signatures just work.
The Hard Problem Is Not Crypto
The interop test exposed the real challenge: semantic mapping.
Kanoniv delegations use scopes like [search, memory.read, memory.write, resolve, delegate]. APS uses similar but not identical scope vocabularies. AIP uses [resolve, verify, vouch, message, handshake].
When APS narrows a delegation to [search, memory.read] and AIP narrows to [resolve, verify], the signature verification succeeds in both cases. Both chains are cryptographically valid. But do those scopes mean the same thing?
This is ontological desync. Two systems share an interface (Ed25519 delegation chains) but diverge on what values mean. The crypto says yes. The semantics say maybe.
Two Futures for Agent Identity
Cayosoft's approach and the cross-protocol interop test represent two different architectures:
Enterprise-embedded: Agent identities live inside existing IAM infrastructure (Active Directory, Entra ID). Monitoring, governance, and rollback use the same tools as human identity management. Works inside the perimeter. Breaks at the perimeter boundary.
Protocol-native: Agent identities are cryptographic keypairs with DID resolution. Any system that speaks Ed25519 can verify any other system's delegation chains. Works across protocol boundaries. No central authority required.
The enterprises that get this right will need both. Microsoft-managed agents need Cayosoft-style ITDR. But when those agents interact with agents from outside the Microsoft ecosystem — and they will — they need a cryptographic verification path that does not depend on any single vendor's registry.
What We Are Building
AIP provides the protocol-native layer: Ed25519 keypairs, DID-based resolution, vouch chains with temporal decay, behavioral trust scoring, and now cross-protocol delegation verification. 22 agents registered, 645 tests, live on PyPI.
The cross-protocol interop test at kanoniv/agent-auth#2 is the first proof that this works across protocol boundaries.
Full disclosure: I built AIP and participated in the interop test. The Cayosoft analysis is based on their public RSA 2026 announcement.
Top comments (0)