Documentation
Guides, reference materials, and integration resources for the Pulse CA framework.
Getting Started
New to Pulse CA? Start here for an overview of the framework and how it meshes with your cybersecurity infrastructure.
Eleven Commandments of the Secure Agentic AI Framework
Eleven foundational principles defining what any secure agentic AI architecture — and any secure online session architecture — must satisfy. Covers phishing resistance as a governing condition, human-rooted agent origin, cryptographic agent identity, authorization inheritance ceilings, bounded operational scope, governed propagation, inherited trust posture, session lifecycle linkage, continuous right-to-exist verification, supervision and auditability, and accountability as the emergent outcome of all prior commandments. Includes a ready-to-use AI prompt for scoring your identity provider against each principle.
Read the Framework →MCP Token Hijacking: The Plain Text Vulnerability at the Heart of Agentic AI
A white paper examining the structural vulnerability in the MCP specification that enables silent OAuth token interception across all MCP-enabled agent frameworks. Covers why the attack is invisible to conventional detection, how Pulse CA's Sentinel provides device-layer session continuity verification, the role of FIDO2-DA at refresh boundaries versus active proximity verification for immediate response, and recommendations for organizations deploying MCP-enabled AI agents.
Read the White Paper →Pulse CA: Executive Brief
A concise executive overview of the Pulse Continuous Authentication & Identity Assurance framework, what it is, how it works, and why it matters. Covers the post-login security gap, the four integrated components (Pulse, Auth, Connect, and the Agentic AI Extension), real-world threat scenarios, compliance and standards alignment (ZTA, NIST SP 800-207, CMMC, FIDO2, AuthZEN), phishing resistance beyond login, and deployment and commercial options.
Read the Executive Brief →Pulse CA and CAEP: Executive Brief
A concise executive overview of how Pulse CA (Continuous Authentication & Identity Assurance) and CAEP (Continuous Access Evaluation Protocol) serve complementary but distinct roles in modern session security. Covers key differences in purpose, information flow, technical architecture, use-case focus, and the path toward future integration, including five proposed CAEP event-type extensions contributed by Pulse CA.
Read the Executive Brief →Pulse CA: Zero Trust and CMMC L3 Alignment
A practitioner-level compliance brief mapping Pulse CA capabilities to all seven NIST SP 800-207 Zero Trust Architecture tenets and key CMMC Level 3 practice domains across Access Control, Identification and Authentication, Audit and Accountability, and Configuration Management. Covers dual-assertion authentication (FIDO2 + continuous behavioral identity), NIST AAL3 achievement, continuous session monitoring, and the operational advantages for MSPs supporting DIB and regulated-industry clients.
Read the Compliance Brief →AffirmedID Pulse Technical Brief
Looking for a concise, end-to-end overview of how Pulse combines Continuous Authentication & Identity Assurance and AuthZEN into a single authorization pipeline? The Technical Brief covers the dual-assertion identity model, the four trust metrics, AuthZEN evaluation, push notifications, key benefits, architecture overview, and a scenario comparison, all in one document.
Read the Technical Brief →AffirmedID Connect Technical Brief
A detailed look at the OIDC and SAML providers that power AffirmedID's identity federation layer. Covers the integrated Pulse PEP, RP-accessible CA metrics endpoints, the AuthZEN evaluator endpoint, Nexus dashboard integration, protocol-specific capabilities, and a scenario comparison showing how Connect responds to threats standard federation cannot address.
Read the Connect Brief →AffirmedID Auth Technical Brief
A detailed look at the Auth mobile authenticator, the FIDO2 authenticator and continuous authentication device at the heart of the AffirmedID platform. Covers enrollment and RP federation, the push-challenge authentication flow, the four continuous trust metrics, BLE Sentinel integration, account transfer, and a scenario comparison showing what Auth enables that conventional authenticators cannot.
Read the Auth Brief →AffirmedID Sentinel Technical Brief
A detailed look at Sentinel, the installable endpoint background service for Windows, macOS, and Linux that extends Pulse CA continuous authentication and identity assurance to the device layer. Covers persistent device identity, cryptographic session identity, FIDO2-DA (device assertion without user interaction), FCM push notification, active BLE proximity verification, Policy Enforcement Point enforcement, AuthZen evaluation, platform support, and a scenario comparison showing what Sentinel addresses that session-layer and cloud-side controls cannot.
Read the Sentinel Brief →Pulse Agentic AI Extension Technical Brief
A detailed look at how Pulse extends continuous human-anchored trust to autonomous AI agents. Covers the ClientMaster root-of-trust model, SHA-256/SHA-512 cryptographic AgenticID identity, OIDC PKCE and BFF session patterns, AuthZEN policy-governed agent authorization, clone vs. new incarnation spawning, three-condition session continuity, and Merkle Tree tamper-evident audit accountability.
Read the Agentic AI Brief →Pulse CA™ — AffirmedID at affirmedid.com — Copyright © June 2026