August 13, 2026
What “Trust Tier” Means in Practice: From UNVERIFIED to PLATFORM_TRUSTED
The 4-tier agent trust model is one of Stratium’s most differentiated features. Each tier’s threat model, the action-tier ceiling that pairs with it, and the path from REGISTERED to CERTIFIED for a new vendor agent.
August 6, 2026
Authorizing MCP Servers with stratium-mcp
The MCP authorization story for Claude Desktop, ChatGPT Desktop, and any other host that speaks Model Context Protocol. Real config, real demo, real DENY.
July 30, 2026
Authorizing Anthropic SDK Tool-Use Directly with Stratium
Companion to the Claude Code hooks post — for production agents your engineers build, not your developer fleet. Intercept every messages.create(tools=...) call. Cross-provider pattern (same hook wraps OpenAI tool calls).
July 23, 2026
Policy vs. IAM Role: A Side-by-Side
AWS IAM JSON on the left. Stratium policy on the right. The table of what IAM can’t express — agent trust tier, declared intent, classification hierarchy, working hours. Not IAM-replacement; IAM-extension for the agent layer.
July 16, 2026
Post-Quantum Agent Identity: Crypto-Agility in the Stratium Stack
When NIST PQC primitives land in your TLS, your delegation token signatures, and your KAS key-wrap, what does an authorization plane do? The crypto-agility framing for agent infrastructure.
July 9, 2026
TDF for Agentic Workflows: When Authorization Meets Data-Centric Encryption
What ZTDF is in three paragraphs. Why the same GetDecision call gates both an agent action and a key unwrap. A tier-1 agent attempting to decrypt SECRET data fails by construction.
July 10, 2026
DeepMind Just Cataloged 6 Ways to Hijack AI Agents. Authorization Only Stops 4 of Them.
A response to Franklin et al.’s March 2026 paper. Six environment-level trap categories — and an honest map of which four an externalized authorization decision actually stops.
July 2, 2026
Case Study: How a Federal Defense Contractor Authorizes 47,000 Agent Tool Calls a Week
Before/after architecture, day-in-the-life of a tool call, DENY counts by classification level, and the specific incident the architecture prevented. NATO/DoD hierarchies, air-gapped deployment, STANAG 4774.
June 25, 2026
Authorization Coverage: A Board-Reportable Metric for Agent Security
The phrase has been showing up across this blog. Here’s the formal definition, the formula, a sample dashboard, and the boardroom narrative: we went from 0% to 87% coverage in 60 days.
June 18, 2026
Authorizing Claude Code Sessions with Stratium: A Reference Architecture
Three hook scripts, one per-project CLAUDE.md block, fail-closed by default. Every Claude Code tool call on every machine in your fleet under Zero Trust enforcement.
June 16, 2026
Stratium in 90 Seconds: Compound Decisions for AI Agent Authorization
One engine evaluates the user, the agent, and every hop in the delegation chain. The response tells you who decided, at which depth, and why. Architecture, real SDK code, and the 30-day path.
June 7, 2026
When the Agents Collapse Into the Model
New research compresses multi-agent systems into a single model. The capability story is compelling. The authorization story — built around per-agent identity — is uncomfortable.
May 30, 2026
Zero Trust for AI Agents: A Capability Map for Anthropic’s Framework
Anthropic just published the most prescriptive Zero Trust framework for autonomous agents to date. Section by section, here’s how Stratium delivers each capability they name.
May 22, 2026
Defense in Depth Needs a Floor: Why Layered Agent Security Only Adds Up With a Shared Decision Plane
Layered agent controls drift the moment more than one team starts shipping. Identical intent, twenty different enforcement implementations. The variance is the vulnerability.
May 20, 2026
Agents Are Showing Up in Places You Can’t Roll Back
Low-stakes deployments could paper over an authorization gap with logs and apologies. As agents move into critical infrastructure, finance, and defense, the gap stops papering.
May 18, 2026
Confidentiality Is Not Agent Security: The Authorization Gap in AI Agent Runtimes
Encrypted memory protects an agent’s bytes. It doesn’t decide whether the agent should be allowed to call the tool. Mark O. Rogge calls it the Authorization Gap.
May 16, 2026
Authentication Passed. Authorization Failed. The Industry Consensus Just Shifted.
RSAC 2026 was the moment the industry stopped pretending identity was the hard problem. Cisco’s CSO, NIST, OWASP, and CSA all named the same gap in the same cycle.
April 29, 2026
The Zombie Agent Problem: Agentic Risk Is a Lifecycle Problem
Most agentic risk isn’t what your agents do on day one. It’s what they do on day four hundred — after creators have left, purpose has drifted, and nobody remembers what they’re allowed to touch.
April 27, 2026
Bearer Tokens Don’t Carry Intent: Nine Seconds and the Advisory Failure Mode
A founder lost production data in nine seconds because two advisory layers — a token’s creation intent and a model’s system prompt — both failed. The lesson isn’t about agents.
April 27, 2026
The Load-Bearing Wall of the Agentic Stack: Authorization
Agentic systems don’t fail because the reasoning model picks the wrong tool. They fail because the tool was allowed to run. Build the decision point first.
April 24, 2026
Indirect Prompt Injection Isn’t a Bug — It’s a Supply Chain Problem for Your AI
Google’s Workspace team calls IPI an “always-on” threat. Treat LLM tool use like production access: least privilege, policy-as-code, and data-centric controls.
April 22, 2026
SANDWORM_MODE: Malicious npm Worm Targets Keys, CI, and AI Coding Assistants
A supply-chain campaign steals credentials, poisons CI workflows, and injects malicious MCP servers into AI coding assistants. Here’s what to do now.
April 20, 2026
When an Employee’s AI Tool Becomes the Breach Vector: The Vercel Context.ai Incident
A compromised third-party AI tool turned a Vercel employee’s OAuth grant into a supply-chain entry point. The new delegation risk and what to do about it.
April 20, 2026
The Missing Layer in AI Agent Security: ABAC-Driven Authorization for Action Policies
AI agent risk isn’t identity verification — it’s that agents are granted broad, durable permissions to take powerful actions. ABAC-driven action policies are the missing layer.
April 17, 2026
NSA Zero Trust Guidelines Make the “Data Pillar” the Point
Tags → Policy → Enforcement → Monitoring. If your Zero Trust plan doesn’t change how data is labeled and governed, it’s mostly perimeter reshuffling.
April 15, 2026
Securing AI Agents at Enterprise Scale
Privilege amplification through delegation chains is the single biggest unaddressed risk in enterprise AI. A centralized policy engine is the only way to govern every hop.
April 13, 2026
From RBAC to ABAC: Why Attributes Define the Future of Access Control
Traditional role-based models were built for static environments. Attribute-based access control provides fine-grained, context-aware security for modern systems.
April 10, 2026
Deploying Zero Trust in Air-Gapped Environments
The most sensitive systems operate without connectivity. Data-centric security, local policy enforcement, and ABAC enable Zero Trust even in isolation.