Glossary

Agent IAM

Identity and access management that treats each AI agent as a governed enterprise identity.

category ▸ Agents & Identity

audit/verify
#101hash ✓#102hash ✓#103hash ✓#104hash ✓#105hash ✓
head 0x9f3a…c1ok: true
verifyChain ▸ chained SHA-256 · signed receipts
What it means

Agent IAM, in plain language.

Agent IAM extends the discipline of human identity and access management to autonomous software. Each agent is given a real identity — an owner, a business purpose, a risk tier, an expiry, and a scoped set of what it is allowed to use — instead of running as an anonymous code path with ambient credentials.

This matters because agents are the new privileged actors in an enterprise: they read data, call tools, and take actions at machine speed. Without governed identity, you cannot answer who is accountable for an agent, what it is entitled to, or whether its access is still warranted.

In Cortex

How Cortex implements it.

This term isn't abstract here — it maps to a real capability in the runtime. Here is exactly how Cortex enforces or relates to it.

Agents & Identity

In Cortex, every agent identity carries an owner, department, business purpose, risk tier, expiry, allow-lists for models / actions / environments, and a recertification cycle. These are enforced both at credential issuance and at runtime.

At runtime, an expired or suspended identity cannot act (403 AGENT_IDENTITY_EXPIRED), and a model outside the identity's allow-list is rejected (403 MODEL_NOT_ALLOWED). A recertification cadence keeps identities current, surfacing those overdue for review.

See Agent IAM enforced, not just defined.

Book a walkthrough and watch the controls in this glossary return real verdicts, seal real evidence, and trace every fact back to its source.