Question 1

What is the Agentic Trust Framework (ATF)?

Accepted Answer

The Agentic Trust Framework is an open governance specification that applies Zero Trust principles to autonomous AI agents. It defines five core elements (Identity, Behavior, Data Governance, Segmentation, Incident Response) and a four-level maturity model (Intern, Junior, Senior, Principal) for progressively granting agents autonomy based on demonstrated trustworthiness.

Question 2

What are the five pillars of the Agentic Trust Framework?

Accepted Answer

ATF's five core elements are: (1) Identity: verifying who an agent is through cryptographic credentials; (2) Behavior: continuously monitoring agent actions via observability and anomaly detection; (3) Data Governance: controlling what data agents consume and produce; (4) Segmentation: defining where agents can go through least-privilege access controls; (5) Incident Response: defining what happens if an agent goes rogue, including kill switches and circuit breakers.

Question 3

How does ATF relate to Zero Trust architecture?

Accepted Answer

ATF applies NIST 800-207 Zero Trust principles (never trust, always verify) to autonomous AI agents. Traditional Zero Trust governs human users and static systems; ATF extends this to non-deterministic, autonomous agents that take real actions at machine speed.

Question 4

What are ATF's four maturity levels?

Accepted Answer

Level 1 (Intern): read-only, fully supervised. Level 2 (Junior): recommends actions for human approval. Level 3 (Senior): acts autonomously with post-action notification. Level 4 (Principal): fully autonomous within defined boundaries. Agents earn progression through demonstrated trustworthy behavior.

Question 5

Is the Agentic Trust Framework free to use?

Accepted Answer

Yes. ATF is published under Creative Commons Attribution 4.0 International (CC BY 4.0). You can freely use, adapt, and build upon the framework with appropriate attribution. The specification is maintained on GitHub.

Question 6

How does ATF compare to MAESTRO?

Accepted Answer

MAESTRO and ATF are complementary. MAESTRO is a 7-layer threat modeling framework identifying what to worry about. ATF tells you what to build by providing governance controls. Use MAESTRO to identify risks, use ATF to mitigate them.

Question 7

How does ATF compare to the OWASP Top 10 for Agentic Applications?

Accepted Answer

OWASP identifies the top 10 risks for agentic applications (ASI-01 through ASI-10). ATF provides governance controls to mitigate each risk. Every OWASP agentic risk maps to one or more ATF core elements.

Question 8

How does ATF compare to NIST for AI agent security?

Accepted Answer

ATF is complementary to NIST. NIST 800-207 defines Zero Trust architecture principles; ATF applies them specifically to AI agents. NIST AI RMF defines risk management functions; ATF implements those with agent-specific controls and maturity levels.

Question 9

Who is implementing ATF?

Accepted Answer

Microsoft's Agent Governance Toolkit (MIT-licensed Python middleware covering all 5 pillars) and Berlin AI Labs (12-service reference implementation) have independently implemented ATF. ATF also aligns with the AWS Agentic AI Security Scoping Matrix.

Question 10

How do I assess my organization's readiness?

Accepted Answer

ATF includes a 30-question self-assessment covering all five core elements. Each question scores 1-5, providing element-by-element maturity scores and an overall readiness level. Available at verifiedagents.ai/assess.

Question 11

How do ATF maturity levels align with AWS scopes?

Accepted Answer

ATF levels map 1:1 to AWS Agentic AI Security Scoping Matrix: Intern = Scope 1 (No Agency), Junior = Scope 2 (Prescribed Agency), Senior = Scope 3 (Supervised Agency), Principal = Scope 4 (Full Agency).

Question 12

Can agents be demoted in ATF?

Accepted Answer

Yes. Demotion is a key differentiator. A critical incident triggers immediate demotion to Intern, a security vulnerability triggers demotion pending remediation, and repeated minor incidents trigger a one-level demotion. This ensures continuous trust verification.

#	Library	Maturity	AI-Ready	Ease	Levels	Description
1	Authlib	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	🟢🟡🟠🔴	Full-featured OAuth2/OIDC framework. Python-native, excellent documentation.
2	PyJWT	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	⭐⭐⭐⭐⭐	🟢🟡🟠	Lightweight JWT handling. Perfect for token-based identity.
3	Casbin	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	🟡🟠🔴	RBAC/ABAC authorization. Wide language support.
4	Python-FIDO2	⭐⭐⭐⭐☆	⭐⭐⭐☆☆	⭐⭐⭐☆☆	🟠🔴	FIDO2/WebAuthn for hardware-backed authentication.
5	PyOTP	⭐⭐⭐⭐⭐	⭐⭐⭐☆☆	⭐⭐⭐⭐⭐	🟠🔴	Time-based OTP for additional verification flows.
6	FastAPI-Security	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	⭐⭐⭐⭐⭐	🟢🟡🟠	Built-in FastAPI auth utilities with rate limiting.

#	Library	Maturity	AI-Ready	Ease	Levels	Description
1	LangSmith	⭐⭐⭐⭐☆	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	🟢🟡🟠🔴	Purpose-built for LLM/agent observability. Prompt chains, telemetry, trace visualization.
2	OpenInference	⭐⭐⭐⭐☆	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	🟢🟡🟠🔴	Lightweight observability with OpenTelemetry support.
3	PyOD + structlog	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	🟡🟠🔴	30+ anomaly algorithms combined with structured logging.
4	scikit-learn	⭐⭐⭐⭐⭐	⭐⭐⭐☆☆	⭐⭐⭐⭐⭐	🟢🟡🟠	IsolationForest, OneClassSVM. Reliable anomaly detection starting point.
5	Prophet	⭐⭐⭐⭐⭐	⭐⭐⭐☆☆	⭐⭐⭐⭐☆	🟡🟠🔴	Meta's time series forecasting for pattern detection.
6	River	⭐⭐⭐☆☆	⭐⭐⭐⭐☆	⭐⭐⭐☆☆	🟠🔴	Online/streaming anomaly detection. Real-time, memory efficient.

#	Library	Maturity	AI-Ready	Ease	Levels	Description
1	Microsoft Presidio	⭐⭐⭐⭐⭐	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	🟡🟠🔴	Enterprise PII/PHI detection + anonymization. 30+ recognizers.
2	Great Expectations	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	⭐⭐⭐☆☆	🟠🔴	Best-in-class data validation, testing, and profiling.
3	Pydantic	⭐⭐⭐⭐⭐	⭐⭐⭐⭐⭐	⭐⭐⭐⭐⭐	🟢🟡🟠🔴	Data validation with type hints. Essential for agent I/O.
4	Guardrails AI	⭐⭐⭐⭐☆	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	🟡🟠🔴	Output validation for LLMs. Schema enforcement, content filtering.
5	spaCy + custom NER	⭐⭐⭐⭐⭐	⭐⭐⭐⭐⭐	⭐⭐⭐☆☆	🟠🔴	Train custom entity recognition for domain-specific data.
6	detect-secrets	⭐⭐⭐⭐☆	⭐⭐⭐☆☆	⭐⭐⭐⭐☆	🟢🟡🟠🔴	Prevents secrets in code/text. Essential layer.

#	Library	Maturity	AI-Ready	Ease	Levels	Description
1	Open Policy Agent (OPA)	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	⭐⭐⭐☆☆	🟠🔴	Industry standard policy-as-code. Declarative, testable, auditable.
2	Casbin	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	🟡🟠🔴	RBAC/ABAC enforcement. Simpler than OPA, multiple models.
3	Kong Gateway	⭐⭐⭐⭐⭐	⭐⭐⭐☆☆	⭐⭐⭐☆☆	🟠🔴	API gateway with plugin architecture for policy enforcement.
4	py-abac	⭐⭐⭐☆☆	⭐⭐⭐☆☆	⭐⭐⭐⭐☆	🟡🟠	Attribute-based policies. Fine-grained agent role control.
5	Traefik	⭐⭐⭐⭐☆	⭐⭐⭐☆☆	⭐⭐⭐⭐☆	🟡🟠	Simpler reverse proxy. Good for quick setups.
6	Flask-Limiter / slowapi	⭐⭐⭐⭐☆	⭐⭐⭐☆☆	⭐⭐⭐⭐⭐	🟢🟡	Rate limiting utility. Essential for resource usage control.

#	Library	Maturity	AI-Ready	Ease	Levels	Description
1	TheHive + Cortex	⭐⭐⭐⭐⭐	⭐⭐⭐☆☆	⭐⭐☆☆☆	🔴	Complete IR platform. Full incident management, SOC workflows.
2	py-breaker + Sentry	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	⭐⭐⭐⭐☆	🟡🟠🔴	Circuit breakers + error tracking. Production-proven.
3	tenacity	⭐⭐⭐⭐⭐	⭐⭐⭐☆☆	⭐⭐⭐⭐⭐	🟢🟡🟠	Retry with exponential backoff. Essential utility.
4	Prometheus + Alertmanager	⭐⭐⭐⭐⭐	⭐⭐⭐☆☆	⭐⭐⭐☆☆	🟠🔴	Time-series monitoring + alerting for baselines and agent alerts.
5	structlog / Loguru	⭐⭐⭐⭐⭐	⭐⭐⭐⭐☆	⭐⭐⭐⭐⭐	🟢🟡🟠🔴	Structured logging. Foundational for diagnostics and audit.
6	ntfy.sh / PagerDuty	⭐⭐⭐⭐☆	⭐⭐⭐☆☆	⭐⭐⭐⭐⭐	🟡🟠🔴	Notification/escalation systems for IR workflow integration.

Technical Component Catalog

Agent Level Legend

Identity

Behavior

Data Governance

Segmentation

Incident Response

Recommended Implementation Stacks

MVP Stack (Phase 1)

Production Stack (Phase 2)

Enterprise Stack (Phase 3)

Continue Exploring

Getting Started →

Specification →

Self-Assessment →

Identity	PyJWT + Authlib + Casbin
Behavior	LangSmith + PyOD (IsolationForest) + structlog
Data Governance	Microsoft Presidio + Pydantic + Guardrails AI
Segmentation	Casbin + rate limiting
Incident Response	py-breaker + Sentry + ntfy.sh

Identity	Authlib + PyOTP/FIDO2 + Casbin
Behavior	LangSmith + PyOD + River (streaming) + spaCy + structlog
Data Governance	Presidio + Great Expectations + custom NER + Guardrails AI
Segmentation	Open Policy Agent + Kong
Incident Response	py-breaker + Sentry + TheHive/Cortex + Prometheus