AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI

TL;DR

AAGATE is a Kubernetes-based governance platform that operationalizes the NIST AI RMF to ensure secure, accountable deployment of autonomous AI agents through integrated security frameworks and continuous monitoring.

Contribution

It introduces a novel, comprehensive governance platform aligned with NIST AI RMF, tailored for agentic AI systems with integrated security and accountability features.

Findings

Effective continuous governance for agentic AI systems.

Integration of specialized security frameworks for AI risk management.

Enhanced safety and accountability in autonomous AI deployment.

Abstract

This paper introduces the Agentic AI Governance Assurance & Trust Engine (AAGATE), a Kubernetes-native control plane designed to address the unique security and governance challenges posed by autonomous, language-model-driven agents in production. Recognizing the limitations of traditional Application Security (AppSec) tooling for improvisational, machine-speed systems, AAGATE operationalizes the NIST AI Risk Management Framework (AI RMF). It integrates specialized security frameworks for each RMF function: the Agentic AI Threat Modeling MAESTRO framework for Map, a hybrid of OWASP's AIVSS and SEI's SSVC for Measure, and the Cloud Security Alliance's Agentic AI Red Teaming Guide for Manage. By incorporating a zero-trust service mesh, an explainable policy engine, behavioral analytics, and decentralized accountability hooks, AAGATE provides a continuous, verifiable governance solution for agentic AI, enabling safe, accountable, and scalable deployment. The framework is further extended with DIRF for digital identity rights, LPCI defenses for logic-layer injection, and QSAF monitors for cognitive degradation, ensuring governance spans systemic, adversarial, and ethical risks.