Affirmed Identity Blog

Research, insights, and practical guidance on continuous authentication, Zero Trust, and the future of identity security.

Eleven Commandments of the Secure Agentic AI Framework
Agentic AI • Security Framework • Continuous Authentication

Eleven Commandments of the Secure Agentic AI Framework

Authentication establishes identity. The Eleven Commandments establish trust. As agentic AI introduces autonomous agents capable of acting, spawning sub-agents, and making decisions without human interaction, proving identity once is no longer enough. These eleven foundational principles define what any secure agentic AI architecture must satisfy — and give security architects a practical framework for evaluating whether a solution merely authenticates users or truly maintains trust across the entire session lifecycle.

Read More →
MCP Token Hijacking: The Plain Text Vulnerability at the Heart of Agentic AI
Agentic AI • MCP Security • Token Hijacking

MCP Token Hijacking: The Plain Text Vulnerability at the Heart of Agentic AI

Recent research on MCP token hijacking has focused on the npm supply chain as the attack's entry point. This framing is misleading as a basis for defense. The root vulnerability is the plain text storage of MCP endpoint addressing strings, a structural requirement of the specification itself. Once a token is captured, the attack is forensically invisible to every observer except one: the device. This paper describes how Pulse CA's Sentinel detects and prevents unauthorized token use with immediacy that no perimeter or provider-side control can match.

Read More →
Security Beyond MFA and Passkey illustration
Identity Security • Continuous Authentication & Identity Assurance

Security Beyond Passwordless Push, MFA, and Passkey (FIDO2)

Modern authentication mechanisms—passwordless push, MFA, and passkeys (FIDO2)—significantly improve initial access security, yet remain bounded to a moment in time and subject to bypass. This paper examines where authentication assurance fails, the risks of treating login as a completed event, and practical ways to extend identity assurance beyond authentication without replacing existing systems or rearchitecting applications.

Read More →
The Intersection of Continuous Authentication & Identity Assurance and Agentic AI
Agentic AI • Continuous Authentication & Identity Assurance

The Intersection of Continuous Authentication & Identity Assurance and Agentic AI

When an autonomous AI agent executes real-time decisions, point-in-time authorization completely shatters. If we rely on static, short-lived tokens, an agentic tree can quickly drift out of its intended scope. But pull the thread far enough, and the bloodline of every single agentic AI instance leads back to one thing: an authenticated, authorized human principal. That is the intersection where Continuous Authentication & Identity Assurance (CA) and Agentic AI meet.

Read More →

Pulse CA™ — AffirmedID at affirmedid.com — Copyright © June 2026