The AI agent wave is here. Autonomous systems are booking travel, executing trades, processing claims, and managing procurement all without a human clicking a button. And the security industry s response so far has been to ask one question: who is this agent?
That s the wrong question.
Knowing the identity of an agent doesn t tell you what it was authorized to do. A verified agent identity can still transfer money to the wrong account, approve a claim it shouldn t, or execute an action that was never sanctioned
by a human. Identity proves presence. It doesn t prove intent.

This is the gap we built FortSignal to close.
The Problem With Who

Every major identity platform today passkeys, OAuth, FIDO2, hardware tokens is built around proving who is acting. That made sense in a world where humans clicked buttons. If a human authenticated and took an action, you could reasonably assume they meant to.
Agents break that assumption entirely.
An agent operates autonomously, often across multiple systems, often without a human watching. A prompt injection attack doesn t need to steal credentials it just needs to convince the agent to do something the human never authorized. A compromised session doesn t need to impersonate the user it just needs to ride existing authentication to execute.
The attack surface isn t identity anymore. It s authorization.

Proving What Was Approved
FortSignal is built around a different question: what exactly did a human authorize, and can you prove it cryptographically?
Here s how it works. When an action is initiated a transfer, an approval, a delegation the exact parameters of that action are locked into a cryptographic hash: the action type, the amount, the recipient, the sender, any metadata. That hash is then bound to a WebAuthn challenge.
When the human approves with Face ID or Touch ID, their device s hardware security chip signs that challenge. The signature is cryptographically bound to those exact parameters. Change anything the amount, the recipient, anything and verification fails.
Every allow response returns a signalId a cryptographic receipt proving exactly what was approved, by whom, under what policy, at what moment. Not just that someone was authenticated. What they authorized.
This is what we call parameter binding, and it s the core of what makes FortSignal enforcement rather than evaluation.
The Same Engine, For Humans and Agents
The enforcement layer doesn t care whether the actor is a human or an agent. It cares about the signature and the policy.
For humans: biometric approval via WebAuthn, hardware-backed signing, policy enforcement.
For agents: Ed25519 keypair authentication, delegation scope enforced on every request, instant revocation, full audit trail.
Both run through the same challenge/verify pipeline. Both produce the same cryptographic receipt. One unified enforcement layer for your entire stack.
An agent operates within a delegation a human already signed. That delegation is bound to a policy allowed action types, value caps, recipient restrictions, expiry. FortSignal checks it on every single request. Revoke the delegation and the agent s next action is denied, immediately, with no waiting for anything to expire.
This is the architecture that makes safe autonomous operation possible. Not monitoring after the fact. Not ML-based anomaly detection. Deterministic enforcement before execution.
What s Coming: Agent Passports
Today, FortSignal s agent delegation layer is built for developers and platform administrators. You register agents, assign policies, approve delegations all through the dashboard. The cryptographic infrastructure is there. The enforcement engine is live.
What we re building next is Agent Passports: a dedicated, user-friendly interface that brings this same capability to every end user.
Not just administrators. Not just developers. Any human who has an agent acting on their behalf.
The flow will be simple:
Review exactly what an agent is allowed to do
Approve the delegation with a single Face ID prompt
Manage and revoke permissions instantly, at any time
The enforcement engine doesn t change. The same parameter binding, the same policy constraints, the same cryptographic receipts. Agent Passports is the human layer on top of infrastructure that already works.
Why This Matters Now
In March 2026, Mastercard and Google co-launched Verifiable Intent an open standard for cryptographically proving what a consumer authorized when an AI agent acts on their behalf. It s built on FIDO, W3C, and EMVCo standards, backed by Fiserv, IBM, and Checkout.com.