Confidential — This document is provided for evaluation purposes only and remains the property of AffirmedID.
Executive Brief

Pulse Continuous Authentication

Securing Every Moment of Every Session — For Users and AI Agents Alike

The Problem with Today's Security

Every organization that provides access to digital services faces the same hidden vulnerability: authentication happens once, at the point of login, and then stops. From that moment on — whether the session lasts 10 minutes or 10 hours — the system has no reliable way of knowing whether the person who logged in is still the person in control.

This gap is where modern attacks occur. Stolen credentials used mid-session. Devices handed to an unauthorized person. Employees moving to unexpected locations. Compromised phones continue to hold active access tokens. Traditional security tools have no answer to any of these scenarios once the login ceremony is complete.

As AI-powered automation becomes central to enterprise operations, the stakes increase further. AI agents frequently run for hours without direct human interaction, making decisions and accessing sensitive data on the user's behalf. A compromised session that feeds an autonomous agent can cause far greater harm than a compromised human session alone.

The Pulse Proposition

Pulse is a Continuous Authentication (CA) framework developed by AffirmedID. Unlike conventional security products assembled from separate tools bolted together, Pulse was designed from the ground up as a single, integrated system. It closes the post-login security gap entirely, providing real-time, ongoing verification that the right person stays in control — from login to logout.

The framework comprises four tightly integrated components, each serving a distinct role:

Pulse
Orchestration Hub
Co-ordinates all components end-to-end across the full session lifecycle
Auth
Continuous Monitoring
Streams 4 live trust signals from the user's phone throughout every session
Connect
Session & Policy Enforcement
Enforces policy via OIDC/SAML protocols — no custom development required
Agentic AI
Agentic Trust Chain
Anchors AI agent sessions to the originating human identity

How the Components Work Together

01 — Pulse: The Orchestration Engine

Pulse is the central orchestrator that manages the full session lifecycle. At login, Pulse assigns a unique Correlation ID to the session — a persistent reference that links every subsequent event, from trust score changes and policy decisions to enforcement actions and audit log entries. Security teams have a complete, unbroken record of what happened, when, and why.

02 — Auth: The Continuous Monitoring Layer

The Auth component transforms the user's mobile phone into a continuous security sensor, streaming five live trust signals throughout the entire session:

  • Identity Trust Score — behavioral biometrics confirm the same person remains in control, based on interaction patterns learned during initial bonding.
  • Passive Proximity Trust Score — Bluetooth verification confirms the authenticated phone remains physically near the device being used. If the user steps away, proximity degrades.
  • Active Proximity Trust Score (optional — available with the Sentinel service) — goes beyond passive Bluetooth detection by actively verifying proximity through direct engagement between the user's phone and the access device, providing a higher-assurance proximity signal where required.
  • 3D Location Trust Score — GPS and barometric altitude monitoring provides floor-level precision, detecting movement that standard 2D tools miss entirely.
  • Device Health Trust Score — real-time integrity monitoring catches jailbreaks, malware indicators, hijack attempts, and other device compromise events as they happen.

03 — Connect: Session Management and Policy Enforcement

Connect is the policy enforcement point, embedded within the OIDC and SAML identity providers most enterprise environments already use. When trust is sufficient, sessions continue normally. At medium trust, a step-up authentication challenge is issued automatically. At low trust, the session is terminated — push notifications propagate enforcement decisions to all registered systems within milliseconds.

Connect also exposes AuthZEN evaluator endpoints implementing the OpenID Foundation's emerging standard for authorization queries, allowing existing applications to query current trust state inline without architectural redesign.

04 — Agentic AI Extension: Continuous Trust for Autonomous Workflows

Pulse addresses the emerging risk of AI agents acting on users' behalf through a chain of custody principle: every AI agent, however autonomous, was initiated by a human, and that human origin is the immutable anchor of the agent's authority.

  • Every agent session carries the Correlation ID of the originating human session, providing complete traceability.
  • If the human's trust score degrades, that signal propagates immediately through the entire agent chain.
  • Sub-agents inherit scoped authorization linked to the same human origin and are subject to the same trust evaluation.
  • High-privilege agent actions can require real-time re-evaluation or explicit human confirmation before proceeding.

Real-World Threat Scenarios

Threat Scenario Without Pulse With Pulse
Mid-session credential theft Attackers reuse stolen login — system unaware until next login check Behavioral anomaly detected immediately; session terminated before damage occurs
Unexpected location change User in London at 9am, accessed from abroad 20 mins later — traditional auth sees no issue 3D location monitoring flags impossible travel; step-up or termination triggered instantly
Device compromise mid-session Phone jailbroken while session active — access continues unchecked Device health score detects compromise in real time; access revoked automatically
AI agent over-running authority Credentials stolen 20 mins into a 2-hour autonomous agent workflow Continuous trust monitoring detects anomaly; AuthZEN blocks further agent actions; full audit trail preserved

Compliance and Standards Alignment

  • Zero Trust Architecture (NIST SP 800-207)
  • CMMC Level 2 & 3
  • FIDO2 / Passkey
  • AuthZEN (OpenID Foundation)

Pulse embodies the 'never trust, always verify' mandate throughout the full session — not merely at the perimeter — satisfying continuous diagnostics and audit requirements across all four frameworks.

Deployment and Commercial Flexibility

Subscription

Cloud-hosted, per-user/per-month pricing up to 1,000 users per client. Zero on-premises infrastructure required.

Licensed

On-premises deployment of the complete framework for larger deployments or data-sovereignty requirements.

Integrator Licensing

Embed the full Pulse framework within your own platform on a white-label basis, with complete integration support.

Typical integration timelines run from contract to production in eight to ten weeks, subject to deployment complexity.

Pulse represents a fundamental shift in how digital security is delivered — from a checkpoint at login to a continuous, intelligent assurance that persists for the duration of every session, whether driven by a human or an autonomous AI agent. It addresses the security gaps that conventional tools leave open, satisfies the compliance requirements of regulated enterprise customers, and provides the audit-ready architecture that AI-enabled services increasingly demand.

Confidential — AffirmedID — affirmedid.com — Copyright © 2026 AffirmedID. All rights reserved. This document may not be reproduced, forwarded, or distributed without prior written consent.
Request a Conversation See a Live Demo