AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI
This addresses governance and security issues for organizations deploying agentic AI systems, though it is incremental as it builds on existing frameworks like NIST AI RMF and integrates specialized tools.
The paper tackles the security and governance challenges of autonomous, language-model-driven agents in production by introducing AAGATE, a Kubernetes-native control plane that operationalizes the NIST AI Risk Management Framework to provide a continuous, verifiable governance solution.
This paper introduces the Agentic AI Governance Assurance & Trust Engine (AAGATE), a Kubernetes-native control plane designed to address the unique security and governance challenges posed by autonomous, language-model-driven agents in production. Recognizing the limitations of traditional Application Security (AppSec) tooling for improvisational, machine-speed systems, AAGATE operationalizes the NIST AI Risk Management Framework (AI RMF). It integrates specialized security frameworks for each RMF function: the Agentic AI Threat Modeling MAESTRO framework for Map, a hybrid of OWASP's AIVSS and SEI's SSVC for Measure, and the Cloud Security Alliance's Agentic AI Red Teaming Guide for Manage. By incorporating a zero-trust service mesh, an explainable policy engine, behavioral analytics, and decentralized accountability hooks, AAGATE provides a continuous, verifiable governance solution for agentic AI, enabling safe, accountable, and scalable deployment. The framework is further extended with DIRF for digital identity rights, LPCI defenses for logic-layer injection, and QSAF monitors for cognitive degradation, ensuring governance spans systemic, adversarial, and ethical risks.