OpenA2A/AIM Docs

Security Model

AIM implements defense-in-depth security with multiple layers of protection, from cryptographic verification to behavioral analysis, ensuring enterprise-grade security for AI agent operations.

Core Security Principles

Zero Trust Architecture

Every request is verified, authenticated, and authorized. No implicit trust based on network location.

Least Privilege Access

Agents and users receive minimum permissions required for their tasks.

Defense in Depth

Multiple security layers ensure that if one fails, others maintain protection.

Continuous Monitoring

Real-time analysis of all activities with ML-powered anomaly detection.

Security Layers

Layer 1: Authentication & Identity

Ed25519 Cryptographic Signatures: Military-grade public key cryptography for agent verification
JWT with Rotation: Short-lived access tokens with automatic refresh token rotation
API Key Management: SHA-256 hashed keys with expiration and usage tracking
Multi-Factor Authentication: Optional 2FA for human users via TOTP

Layer 2: Authorization & Access Control

Role-Based Access Control (RBAC): Fine-grained permissions with Admin, Manager, Member roles
Resource-Level Permissions: Control access to specific resources and operations
Dynamic Policy Engine: Runtime evaluation of security policies based on context
Capability-Based Security: Explicit capability grants for agent operations

Layer 3: Encryption & Data Protection

TLS 1.3 in Transit: All API communications encrypted with modern TLS
AES-256 at Rest: Database and file storage encryption using AES-256-GCM
Key Management: Automated key rotation with secure key vault storage
Secret Handling: Environment-based secrets with no hardcoded credentials

Layer 4: Monitoring & Threat Detection

Real-Time Anomaly Detection: ML models identify unusual patterns instantly
Comprehensive Audit Logging: Every action logged with full context for compliance
Security Event Correlation: Cross-reference events to detect complex attack patterns
Automated Alert System: Instant notifications for security events via email/webhook

Threat Model & Mitigations

ThreatMitigation
Unauthorized Agent AccessEd25519 signatures, API key validation, trust scoring
Data ExfiltrationRate limiting, anomaly detection, audit logging
Privilege EscalationRBAC, least privilege, capability boundaries
MCP Server CompromisePublic key verification, capability restrictions
Replay AttacksNonce validation, timestamp checks, token rotation
Insider ThreatsAudit trails, approval workflows, separation of duties
Supply Chain AttacksDependency scanning, container signing, SBOM tracking

MCP Server Attestation

AIM cryptographically verifies every MCP (Model Context Protocol) server your agents connect to using Ed25519 digital signatures. This ensures that only trusted, verified servers can interact with your agents.

What Gets Verified

  • MCP Server Identity: Ed25519 public key verification
  • Declared Capabilities: read_files, execute_code, database_access, etc.
  • Capability Drift Detection: Alerts when capabilities change unexpectedly
  • Connection Patterns: Frequency and usage analysis

Automatic Discovery

  • Claude Desktop Config: Scans automatically for MCP servers
  • Common MCPs: Detects filesystem-mcp, postgres-mcp, github-mcp, etc.
  • Confidence Scoring: Multi-agent attestations build trust scores
  • Real-Time Alerts: Notifications on unexpected capability changes

🔐 How It Works: Each MCP server generates an Ed25519 key pair. The public key is registered with AIM, and all capabilities are cryptographically signed. When an agent connects to the MCP, AIM verifies the signature and tracks capability usage to detect anomalies.

Compliance & Certifications (2026 Roadmap)

⚠️ Roadmap Item: The following compliance certifications are planned for 2026. AIM's architecture is designed to support these standards, but formal certifications are not yet complete.

🔮 SOC 2 Type II (2026)

  • • Security controls
  • • Availability monitoring
  • • Processing integrity
  • • Confidentiality measures
  • • Privacy protection

🔮 HIPAA (2026)

  • • PHI encryption
  • • Access controls
  • • Audit logging
  • • BAA support
  • • Incident response

🔮 GDPR (2026)

  • • Data minimization
  • • Right to deletion
  • • Data portability
  • • Consent management
  • • DPA available

Security Best Practices

For Administrators

  • • Enable 2FA for all admin accounts
  • • Regularly review audit logs
  • • Implement approval workflows
  • • Monitor trust score trends
  • • Keep AIM updated

For Developers

  • • Never hardcode credentials
  • • Use environment variables
  • • Implement proper error handling
  • • Follow least privilege principle
  • • Regularly rotate API keys

📚 Learn More

Authentication Guide →Compliance Details →Trust Scoring →Security APIs →