NCCoE Concept Paper Response · Submitted March 4, 2026
A 12-page technical response proposing Attested Governance Artifacts as the cryptographic enforcement layer for AI agent identity binding, continuous runtime authorization, and offline-verifiable audit evidence.
Download PDF· 12 pagesThis submission responds to the NCCoE concept paper on AI Agent Identity and Authorization by mapping Attested Governance Artifacts across six technical categories. It demonstrates how sealed policy artifacts, signed enforcement receipts, and tamper-evident continuity chains address identity binding, runtime authorization, and non-repudiation for autonomous AI agent systems.
Threat landscape for autonomous AI agents including credential theft, phantom execution, and post-hoc fabrication attacks.
Cryptographic identity binding through sealed policy artifacts with Ed25519 signatures and SHA-256 continuity chains.
Continuous runtime authentication via integrity measurements at every tool call, not just session initiation.
Portal-enforced authorization where policy artifacts define permitted operations before execution begins.
Tamper-evident continuity chains and offline-verifiable evidence bundles for air-gapped audit environments.
Behavioral drift detection through runtime measurement of tool-call patterns against sealed baseline profiles.
A four-phase demonstration protocol for the NCCoE lab environment covering artifact creation and sealing, runtime enforcement with drift detection, evidence bundle generation, and offline third-party verification.