Skip to content

Commit 7539436

Browse files
ramkri123ramkri123
committed
docs: clarify privacy-preserving geolocation in KAgentI integration
- Updated KAgentI row to emphasize privacy-preserving geolocation binding - Added protection against sensitive data exfiltration attacks - Clarified that location verification preserves privacy while preventing spoofing
1 parent 8c7acb9 commit 7539436

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ AegisSovereignAI is designed to be framework-agnostic, serving as a secure execu
127127
| Agent Framework | Complementary Value of AegisSovereignAI | How AegisSovereignAI Accomplishes This |
128128
| --- | --- | --- |
129129
| **LangGraph** | **Just-in-Time Policy Enforcement:** Prevents agentic drift or PII leakage across complex, multi-step workflows. | **Automated Kill-Switch:** Fuses the agent session with a silicon-rooted SVID (SPIFFE Verifiable Identity Document) (Layer 2). Session inputs and outputs are verified via privacy-preserving "Batch & Purge" (Layer 3) before final delivery — proofs are generated over the complete session, not per-step. |
130-
| **KAgentI** | **Replay-Proof Agent Authorization:** Ensures each agent invocation is bound to verified hardware and location, preventing token replay and impersonation attacks. | **Hardware-Rooted SVID:** Extends KAgentI's native SPIRE support by binding SVIDs to TPM-attested device credentials and geolocation (Layer 2). This ensures the agent identity cannot be replayed or spoofed — the token is cryptographically bound to specific silicon and verified location, not just a valid service principal. |
130+
| **KAgentI** | **Replay-Proof Agent Authorization:** Ensures each agent invocation is bound to verified hardware and privacy-preserving geolocation, preventing token replay and impersonation and sensitive data exfiltration attacks. | **Hardware-Rooted SVID:** Extends KAgentI's native SPIRE support by binding SVIDs to TPM-attested device credentials and privacy-preserving geolocation (Layer 2). This ensures the agent identity cannot be replayed or spoofed — the token is cryptographically bound to specific silicon and verified location while preserving privacy, not just a valid service principal. |
131131

132132
## Technical & Auditor Resources
133133

0 commit comments

Comments
 (0)