Fortifying the Agentic Web: A Unified Zero-Trust Architecture Against Logic-layer Threats

TL;DR

This paper introduces a comprehensive Zero-Trust architecture for the Agentic Web, utilizing verifiable identities and multi-layered security measures to defend against logic-layer threats with formal security guarantees.

Contribution

It proposes a novel unified security framework combining DIDs, VCs, and a Trust Fabric with innovative components like TARE and Causal Chain Auditing, offering formal security analysis.

Findings

Provides provable security guarantees against LPCI attacks.

Demonstrates the effectiveness of Trust-Adaptive Runtime Environments.

Introduces a formal security model for agentic ecosystem protection.

Abstract

This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework. This architecture is built on a foundation of rich, verifiable agent identities using Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), with discovery managed by a protocol-agnostic Agent Name Service (ANS). Security is operationalized through a multi-layered Trust Fabric which introduces significant innovations, including Trust-Adaptive Runtime Environments (TARE), Causal Chain Auditing, and Dynamic Identity with Behavioral Attestation. By explicitly linking the LPCI threat to these enhanced architectural countermeasures within a formal security model, we propose a comprehensive and forward-looking blueprint for a secure, resilient, and trustworthy agentic ecosystem. Our formal analysis demonstrates that the proposed architecture provides provable security guarantees against LPCI attacks with bounded probability of success.