NCCoE Concept Paper Response · Submitted March 4, 2026
Accelerating the Adoption of Software and AI Agent Identity and Authorization
A 12-page technical response proposing Attested Governance Artifacts as the cryptographic enforcement layer for AI agent identity binding, continuous runtime authorization, and offline-verifiable audit evidence.
Download PDF· 12 pagesOverview
This submission responds to the NCCoE concept paper on AI Agent Identity and Authorization by mapping Attested Governance Artifacts across six technical categories. It demonstrates how sealed policy artifacts, signed enforcement receipts, and tamper-evident continuity chains address identity binding, runtime authorization, and non-repudiation for autonomous AI agent systems.
Topics Addressed
Use Cases & Scenarios
Threat landscape for autonomous AI agents including credential theft, phantom execution, and post-hoc fabrication attacks.
Identification & Binding
Cryptographic identity binding through sealed policy artifacts with Ed25519 signatures and SHA-256 continuity chains.
Authentication Mechanisms
Continuous runtime authentication via integrity measurements at every tool call, not just session initiation.
Authorization Frameworks
Portal-enforced authorization where policy artifacts define permitted operations before execution begins.
Auditing & Non-Repudiation
Tamper-evident continuity chains and offline-verifiable evidence bundles for air-gapped audit environments.
Prompt Injection Defenses
Behavioral drift detection through runtime measurement of tool-call patterns against sealed baseline profiles.
Proposed Lab Demonstration
A four-phase demonstration protocol for the NCCoE lab environment covering artifact creation and sealing, runtime enforcement with drift detection, evidence bundle generation, and offline third-party verification.