Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI

Ken Huang, Kyriakos Rock Lambros, Jerry Huang, Yasir Mehmood, Hammad Atta, Joshua Beck, Vineeth Sai Narajala, Muhammad Zeeshan Baig, Muhammad Aziz Ul Haq, Nadeem Shahzad, Bhavya Gupta

TL;DR

This work tackles the governance gaps for autonomous agentic AI by introducing AAGATE, a Kubernetes-native platform that operationalizes the NIST AI RMF. It combines MAESTRO-based mapping, AIVSS/SSVC-based measurement, and CSA Red Teaming for proactive management, augmented by zero-trust networking, explainable policy (Rego), and on-chain accountability (ETHOS/DIRF). Key innovations include the Janus Shadow-Monitor-Agent for continuous runtime evaluation, ZK-proofs for verifiable compliance, purpose-bound credentials via OAuth Relay, and a unified model that bridges policy, security, and AI development. The platform promises continuous, auditable governance across system, data, and agent ecosystems, with an open-source MVP designed to be adopted and adapted across enterprises.

Abstract

This paper introduces the Agentic AI Governance Assurance & Trust Engine (AAGATE), a Kubernetes-native control plane designed to address the unique security and governance challenges posed by autonomous, language-model-driven agents in production. Recognizing the limitations of traditional Application Security (AppSec) tooling for improvisational, machine-speed systems, AAGATE operationalizes the NIST AI Risk Management Framework (AI RMF). It integrates specialized security frameworks for each RMF function: the Agentic AI Threat Modeling MAESTRO framework for Map, a hybrid of OWASP's AIVSS and SEI's SSVC for Measure, and the Cloud Security Alliance's Agentic AI Red Teaming Guide for Manage. By incorporating a zero-trust service mesh, an explainable policy engine, behavioral analytics, and decentralized accountability hooks, AAGATE provides a continuous, verifiable governance solution for agentic AI, enabling safe, accountable, and scalable deployment. The framework is further extended with DIRF for digital identity rights, LPCI defenses for logic-layer injection, and QSAF monitors for cognitive degradation, ensuring governance spans systemic, adversarial, and ethical risks.

AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI

TL;DR

This work tackles the governance gaps for autonomous agentic AI by introducing AAGATE, a Kubernetes-native platform that operationalizes the NIST AI RMF. It combines MAESTRO-based mapping, AIVSS/SSVC-based measurement, and CSA Red Teaming for proactive management, augmented by zero-trust networking, explainable policy (Rego), and on-chain accountability (ETHOS/DIRF). Key innovations include the Janus Shadow-Monitor-Agent for continuous runtime evaluation, ZK-proofs for verifiable compliance, purpose-bound credentials via OAuth Relay, and a unified model that bridges policy, security, and AI development. The platform promises continuous, auditable governance across system, data, and agent ecosystems, with an open-source MVP designed to be adopted and adapted across enterprises.

Abstract

This paper introduces the Agentic AI Governance Assurance & Trust Engine (AAGATE), a Kubernetes-native control plane designed to address the unique security and governance challenges posed by autonomous, language-model-driven agents in production. Recognizing the limitations of traditional Application Security (AppSec) tooling for improvisational, machine-speed systems, AAGATE operationalizes the NIST AI Risk Management Framework (AI RMF). It integrates specialized security frameworks for each RMF function: the Agentic AI Threat Modeling MAESTRO framework for Map, a hybrid of OWASP's AIVSS and SEI's SSVC for Measure, and the Cloud Security Alliance's Agentic AI Red Teaming Guide for Manage. By incorporating a zero-trust service mesh, an explainable policy engine, behavioral analytics, and decentralized accountability hooks, AAGATE provides a continuous, verifiable governance solution for agentic AI, enabling safe, accountable, and scalable deployment. The framework is further extended with DIRF for digital identity rights, LPCI defenses for logic-layer injection, and QSAF monitors for cognitive degradation, ensuring governance spans systemic, adversarial, and ethical risks.

Paper Structure

This paper contains 34 sections, 6 figures, 6 tables.

Table of Contents

  1. Introduction
  2. AAGATE Architectural Philosophy
  3. NIST AI RMF as the Guiding Blueprint
  4. Key Components
  5. Comprehensive Mapping via a MAESTRO-Aligned Architecture
  6. Automated Measurement & Prioritization with AIVSS and SSVC
  7. Proactive Management through Continuous Red Teaming
  8. Zero-Trust Fabric as a Foundational Control
  9. Explainable Policy Engine for Transparent Governance
  10. Decentralised Accountability for Verifiable Trust
  11. Operationalizing the NIST AI RMF with AAGATE
  12. Govern Function: Culture, Accountability, and a Secure Foundation
  13. Signed Supply-Chain & GitOps
  14. Zero-Trust Fabric
  15. Decentralised Accountability (ETHOS Ledger Integration)
  16. ...and 19 more sections

Figures (6)

  • Figure 1: Kubernetes-native architecture with service mesh and observability.
  • Figure 2: AAGATE operationalizes the four core functions of the NIST AI RMF (Govern, Map, Measure, Manage) with specific security frameworks and implementations.
  • Figure 3: MAESTRO Threat Mapping & AAGATE Mitigations.
  • Figure 4: AAGATE system architecture showing real-time data flows within the zero-trust Kubernetes environment and the governance process.
  • Figure 5: Agent Identity Management.
  • ...and 1 more figures