Product
The AGF Authorization Service
A fully managed service for AI agent governance. Delegation chains, trust scoring, risk evaluation, revocation, and audit — all included. Your agents call our API. We handle the rest.
20
Open specifications
< 500 ms
Revocation propagation
Capabilities
Agent Identity
Know exactly who — or what — is acting
Every agent gets a cryptographically verifiable identity based on the DID standard. Agent IDs are issued against human principals and carry ownership, scope, and credential metadata. Identity is the foundation every other governance layer is built on.
Trust Scoring
Quantify how much to trust each request
Trust Score combines three components: lineage score (delegation chain depth and quality), credential score (verification and attestation history), and anomaly score (behavioral deviation from baseline). Updated per session — not static.
Branch-Cut Revocation
Cut off access instantly — everywhere
Revoke one agent and the cut propagates to every downstream agent in the delegation tree in under 500 ms. Branch-cut semantics mean you never have a partial revocation state. Works across single agents and deep multi-agent chains.
Audit Artifacts
Signed, tamper-proof records of every decision
Every authorization decision produces a signed artifact: who asked, what was decided, why, what context was present, and the full delegation chain. Artifacts are replayable and suitable for regulatory compliance evidence.
Compliance Reporting
Meet NIST, ISO, and EU AI Act requirements
Pre-built compliance reports for NIST AI RMF, ISO 42001, and the EU AI Act. Policy drift detection alerts you when your governance posture changes. Enterprise tier includes dedicated audit assistance and incident runbooks.
How it works
One API call.
Full governance.
Your agent sends a single authorization request. The AGF Authorization Service verifies identity, computes trust score, evaluates policy, and signs an audit record — all before returning the decision.
You integrate once. We handle availability, policy updates, and compliance. No infrastructure to provision or maintain.
API request lifecycle
Ready to deploy?
Choose a plan and get your governance layer running today.

