For security
Govern the agentic estate the way you already govern infrastructure
Agents create operational and compliance exposure faster than traditional governance can keep up. There is no need for a parallel security stack. The same primitives you already operate, extended to a surface that has rarely had them.
Risk, with Control
A new caller shape, governed by the primitives you already speak
Every technology investment is a balance of speed, cost, and risk. AI is pushing speed up, and agents are a caller shape that traditional IAM and API governance were never built for. The risk profile shifts: new identities sharing keys across sessions, new permissions varying per call, and new data flows through tool arguments your policy was never designed to evaluate.
Dome brings primitives your stack already speaks to the agent layer: token exchange (RFC 8693), policy as code (Cedar), audit events shaped for your SIEM, and identity propagated end to end. CSPM speaks to your cloud posture. Dome speaks to your agent posture. Same operational discipline, applied to a surface that has rarely had it.
Enable the org while preserving the evidence chain.
Where existing governance falls short
The control points you already operate were built before agents
They don't translate. The shape of agent behavior requires new primitives, applied at new boundaries.
API governance doesn't carry over
API keys, scopes, and rate limits were built for deterministic callers. Agents share keys across thousands of sessions, vary intent per call, and pass user data into arguments your policy was never designed for.
Traditional IAM stops at the door
Your IdP authenticates the human. It doesn't speak about what the agent then did on their behalf. End-user identity needs to propagate through every tool call, not be discarded at the agent boundary.
Logs aren't audit
Request logs answer what was called. They cannot answer why an agent made a call, what policy applied, or whether the response should have been allowed back into context. Decisions need to be recorded as decisions.
Outputs are the new exfiltration vector
An agent that gets a record back, then summarizes it into a downstream tool call, can leak the sensitive part of the record without ever touching the original system. Response governance is mandatory, not optional.
What security needs from the agent layer
Authentication, authorization, audit, attribution
These compose. Each one assumes the previous one is in place. Together they form the operational envelope that SaaS vendors used to bundle into the product, now provided as a platform and applied uniformly across the estate.
Authentication
Every agent has a principal scoped to a workspace and tier, backed by your existing identity provider. When agents act on behalf of users, the user's principal propagates end to end. Backends see who actually made the request, not just which agent forwarded it.
Authorization
Cedar rules govern every tool call. Versioned in source control. Simulatable against the last 24 hours of traffic before they ship. Rolled back through the same lifecycle as code. Policies your team can reason about and your auditors can verify.
Audit
Every governed action recorded with full context: who, what, under which rule, with what result. Queryable. Streamable to your SIEM. Decisions are first-class events, not log lines reconstructed after an incident.
Attribution
When something goes wrong, name the agent, the user, the rule, and the version. The evidence chain is generated as a natural consequence of the agent operating through a governed path, rather than assembled retroactively from fragments.
Composes with
The systems you already operate
Dome is not another stack to run. It is the operational layer that connects your existing controls to a surface they couldn't reach before. Federate identity, stream audit, manage secrets, and escalate to SOAR through the tools you already buy and trust.
IdP: Okta, Entra, Auth0, Ping
Agent identity backed by your existing IdP. End-user identity propagated through every tool call via OAuth 2.0 Token Exchange (RFC 8693). No parallel identity store.
SIEM: Splunk, Sentinel, Elastic, Chronicle
Audit events stream into the security data lake in OCSF-shaped records. Investigations happen in the tools your SOC already lives in, with no new query language to learn.
Secrets: Vault, AWS/GCP Secrets Manager, 1Password
Tool credentials never leave the gateway. Injected at the call boundary from the secrets store your team already manages. Credentials never touch agent code.
CSPM: Wiz, Lacework, Prisma Cloud
CSPM speaks to your cloud posture. Dome speaks to your agent posture. Same operational discipline, applied to a control surface CSPM was never designed to reach.
SOAR: Cortex XSOAR, Splunk SOAR, Tines
Denials and anomalies can trigger playbooks. The audit trail provides the evidence chain those playbooks need to act, and the policy engine accepts the response.
Source control: GitHub, GitLab
Cedar policy lives in a repo. Versioned, peer-reviewed, simulated against the last 24 hours of traffic before merge. Rolled back through the same lifecycle as code.
Standards we speak
Open protocols, not proprietary plumbing
If your team already operates against these standards, integrating Dome is configuration rather than a new vendor relationship. Anything you don't recognize here is not introduced by us. These are the open building blocks the rest of your security stack already runs on.
RFC 8693: Token Exchange
End-user identity propagates with the agent's identity, end to end. Backends know whose request this really is, not just which agent forwarded it.
OAuth 2.0 · OIDC
Agent identities issued, refreshed, and rotated through standard flows. Federation with your existing IdP, not a parallel directory.
Cedar: policy as code
Open policy language with formal semantics. The same engine that powers AWS IAM Access Analyzer. Policies are auditable, verifiable, and amenable to static analysis. No black-box rule evaluator.
OCSF · CEF
Audit events emitted in the schemas your SIEM already parses. No bespoke ETL, no transformation layer between Dome and your security data lake.