Skip to content
MassiveScale.AIMassiveScale.AI
The framework

The five questions every AI agent has to answer.

The Agentic Trust Framework is the open governance spec for AI agents. Published through the Cloud Security Alliance. Licensed CC BY 4.0. Vendor-neutral, by design.

How we know it works
  1. February 2026

    CSA published the spec.

    The Cloud Security Alliance made ATF an official open spec. It's the standards body the industry already trusts for Zero Trust (never trust, always verify) and cloud security.

  2. 7 days later

    Berlin AI Labs moved first.

    Seven days after we published, Berlin AI Labs was already mapping VERA to every ATF requirement, all five elements. They call it built on ATF principles. Unprompted.

  3. 30 days later

    Microsoft's toolkit conforms to ATF.

    Microsoft's Agent Governance Toolkit filed a formal ATF conformance assessment, 25 of 25 requirements, exactly 30 days after we published. Nobody asked them to.

  4. RSAC 2026

    Every major keynote landed on the same five.

    Independent speakers at the year's biggest security conference described ATF's five requirements without naming it. The five questions are the consensus.

Standards usually take years to get adopted. This one took days.

Read the five questions
  • 01
    Who are you?
    Unknown
  • 02
    What are you doing?
    Unknown
  • 03
    What are you eating and serving?
    Unknown
  • 04
    Where can you go?
    Unknown
  • 05
    What if you go rogue?
    Unknown

Each question gets its own section below.

01 · Identity

Who are you?

Every agent has its own identity, the same way every employee does. Not borrowed. Not anonymous. You know exactly which agent did what.

What failure looks like

97% of AI-related breaches lacked basic access controls. When agents share a service account, there is no trail and no accountability.

Source: IBM Cost of a Data Breach 2025
What governed looks like

Every agent has a credential that expires, scope it inherits, and a log that names it on every action. The auditor can answer "which agent did this" in one minute.

02 · Behavioral monitoring

What are you doing?

You know what normal looks like for this agent. So when something isn't normal, you notice. At 2 a.m. too.

What failure looks like

86% of AI agents ship without security approval. They run unmonitored next to your production data, and the first time anyone looks is after something goes wrong.

Source: Gravitee, Feb 2026
What governed looks like

Behavior baselines per agent, alerts on drift, and a human in the loop on anything that crosses the line you set.

03 · Data governance

What are you eating and serving?

You control what data goes into the agent. You control what comes out. You know where the model saw it and where it sent it.

What failure looks like

Shadow AI breaches added $670K on top of an already-bad breach in 2025. Most of it is data the agent should never have touched.

Source: IBM Cost of a Data Breach 2025
What governed looks like

Inputs classified before the agent reads them. Outputs filtered before they leave. Every prompt and response retained per your policy, not the vendor’s.

04 · Segmentation

Where can you go?

Agents reach only the systems they need to do their job. One compromised agent can't roam the building.

What failure looks like

An agent given full API access "to make integration easier" is one prompt injection away from your customer database. This is how lateral movement happens at machine speed.

Source: Pattern from our incident reviews
What governed looks like

Least-privilege per agent. Network segments around the agent runtime. Outbound calls go through a broker that enforces what the agent can and cannot reach.

05 · Incident response

What if you go rogue?

You can stop one agent without stopping the business. In minutes, not meetings.

What failure looks like

Gartner predicts 40% of agentic AI projects will get cancelled by 2027 because organisations can't answer this one. Risk controls are the gate.

Source: Gartner
What governed looks like

A kill switch per agent. A documented rollback. A runbook your on-call has actually rehearsed.

Where this fits

ATF bridges. It doesn't compete.

The other frameworks say what or whether. ATF says how.

NIST AI RMF
What it gives you
A risk-management process for AI
What ATF adds
The five technical controls to put inside that process
ISO 42001
What it gives you
An AI management system standard
What ATF adds
What good agent governance looks like in practice
OWASP for AI
What it gives you
A taxonomy of AI security risks
What ATF adds
Five operating questions that map to those risks
MAESTRO / AEGIS
What it gives you
Threat models and assurance patterns
What ATF adds
A governance spec your teams can implement on Monday

See where you stand against the five.

The free assessment takes 10 minutes. You'll get a score per question and a plain plan for the gaps.

Take the free assessmentRead the spec on agentictrustframework.ai

Prefer a conversation? Book a strategy call.