Skip to content

What is ARIA? — Agent Risk & Identity Authorization

ARIA is our AI governance initiative: Shield (AI Model PEP) + MCP Gateway (tool PEP) with a PDP that returns constraints/obligations and a Receipt Vault for provable audit.

  • Budget caps (402)
  • Egress control
  • Cryptographic receipts
Visual representation of ARIA complete governance initiative showing all components

ARIA at a glance

ARIA (Agent Risk & Identity Authorization) provides provable guardrails for AI: create governed tools, enforce policy at the edge, and prove every action with receipts.

ARIA Shield

Policy Enforcement Point for LLM traffic: sessions not tokens; budgets, egress, and stream‑time truncation.

Learn Shield →

MCP Gateway

Policy Enforcement Point for tools: schema pins, plan steps, allow‑lists, signed receipts.

Learn Gateway →

PDP

Decisions with constraints and obligations—a dialogue, not a gate.

PDP deep‑dive →

Receipt Vault

Financial‑grade, tamper‑evident receipts with policy snapshot and spend.

Receipts →

How ARIA works

ARIA AI Agent Authorization Platform AGENT RISK & IDENTITY AUTHORIZATION Dual enforcement boundaries for secure agent delegation 🎯 Scenario: Delegated Travel Agent Alice Chen → Travel Agent Budget: $2000/trip • Spend enforced at runtime Alice Chen Delegator delegates Travel Agent AI Agent Plan itinerary (LLM) AI ARIA Shield PEP: OpenAI Gateway • Prompt classification (birtdistill) • Budget & spend enforcement • Guards LLM access for agents Book flight (tool) ARIA MCP Gateway PEP: Tool Access Guards MCP tool execution Check authorization + prompt classification PDP Policy Decision Point ✓ Evaluates prompt classification ✓ Validates delegation & budgets ✓ Returns PERMIT + spend limits Query delegation Membership Service (Neo4j) PIP: Delegation Graph Stores user → agent relationships with constraints Returns budget limits, spending controls, tool permissions Defines budgets enforced by ARIA Shield & MCP Gateway 📊 Delegation Graph Alice DELEGATES $2K • 3 tools Travel Agent Rich graph relationships enable flexible, secure delegation 🔐 ARIA's Unique Architecture ✓ Dual PEP Enforcement Guards both LLM access AND tool usage ✓ Prompt Classification + Budget Controls Birtdistill classification + spend enforcement ✓ Graph-Based Delegation

Flow at a glance

  1. Delegate: Alice delegates a Travel Agent with scope (budget, tools) recorded in Membership (Neo4j PIP).
  2. Plan: The agent plans an itinerary via the LLM. The call goes through ARIA Shield (PEP‑1).
    Shield classifies the prompt and attaches attributes (models, egress domain, purpose).
  3. Pre‑check: Shield asks the PDP for a decision with context (delegator ↔ agent, classification).
    PDP reads delegation constraints from the PIP (Membership graph).
  4. Tool: The agent executes a tool (book flight) via ARIA MCP Gateway (PEP‑2).
    Gateway validates schema pins/plan steps before the model or tool runs.
  5. Decision: PDP returns Permit with constraints (egress_allow, models_allow, spend_budget) and obligations (audit_log, receipt_emit, run_workflow) plus a TTL.
  6. Enforce: PEPs enforce in real time — Shield applies budget/egress/model caps; Gateway enforces schema and plan discipline.
  7. Prove: Both PEPs emit signed receipts. Analytics update spend and remaining budgets.

Actors & boundaries

ActorRoleBoundary
AliceDelegatorGrants scope in Membership (PIP)
Travel AgentAI AgentUses tools under delegation
ARIA ShieldPEP‑1LLM gateway: classify, cap, egress
ARIA MCP GatewayPEP‑2Tool gateway: schema/plan discipline
PDPDecisionReturns constraints + obligations

What the PDP returns

  • Decision: Permit/Deny with TTL for re‑use.
  • Constraints: egress_allow, models_allow, spend_budget, data_scope.
  • Obligations: audit_log, receipt_emit, run_workflow, consent.
Skip to controls →

Decisions with constraints and obligations

The PDP returns constraints the PEP enforces synchronously (egress_allow, models_allow, data_scope, spend_budget) and obligations the PEP performs after (audit_log, run_workflow, consent). This turns policy into precise, real‑time control.

ARIA for AI Delegation

Safer agent delegation without rewrites: you approve, we apply guardrails, and every action leaves a receipt.

  • Delegate with guardrails — scope, time, location, budget
  • One identity model — people, services, and agents governed the same way
  • Explainable decisions — clear reasons, not just allow/deny

Threats → Controls

ThreatControlEnforced by
Schema driftSchema pins (version/hash, grace window)MCP Gateway
OverspendPre‑gate budgets + stream‑time settlePDP + Shield
Prompt leakageEgress allow‑lists, classification policiesShield
Replay/token theftPairwise sub, act.sub, optional DPoPIdP + PEPs
Missing auditSigned, hash‑chained receiptsPEPs + Receipt Vault

How it works (end‑to‑end)

  1. Ingress with ARIA Passport (user ↔ agent binding)
  2. Schema pin & optional plan contract validation
  3. PDP decision → constraints & obligations
  4. PEP enforcement (budgets, egress, params)
  5. Tool call
  6. Receipt emission and chain update
  7. Analytics verify and update budgets

Watch the overview

Prefer video? Watch a 2‑minute ARIA overview.

Book demo Download white paper