Works with
Building agents? Running them in production? Then the gap is already open.
AI agents act autonomously inside developer environments — running shell commands, editing files, and calling local tools that never cross a network boundary. That's the blind spot gateways can't reach. Ory enforces at the agent itself, checking every action against your policies before it runs.
Authenticated
Every agent and sub-agent authenticates with its own credentials before acting. The delegation chain back to the user or upstream agent is recorded before any tool runs.
Authorized
Ory applies fine-grained authorization to shell commands, file writes, MCP tools, server connections, and downstream API calls using the same policy model that governs human access.
Accountable
Allowed, denied, escalated, and approved actions are recorded in audit logs and exported through OpenTelemetry. The delegation chain survives token expiry, so you can answer the audit question even after credentials are gone.
How Ory's agent security works
Authenticate agent identities
Ory resolves the agent’s identity inside the harness, whether it was started by a human, another agent, or a headless process. Each agent gets its own credentials and audit attribution, so teams can see which agent acted, where it ran, and how it was delegated.
Apply fine-grained authorization
Before an agent action runs, Ory checks the requested tool against Ory Keto (Permissions). Shell commands, file writes, web fetches, and other harness tools can be enforced through the same Zanzibar-style permission model used for application access.
Enforcement that fits your risk tolerance
Every agent action passes through a real decision point before it executes. Define what's allowed, what's blocked, and what requires human approval — then roll out enforcement at the pace your organization demands. Start by observing agent behavior across your environment, then tighten controls as your policies mature.
Observability across agent activity
Capture allowed, denied, deferred, and approved actions as structured audit events across the full agent loop. Every decision records who started the session, which agent acted, what it attempted, what policy allowed or blocked it, and why — creating the traceability needed for security review, compliance, and future standards alignment.
Get started with your preferred AI tool
Ory provides packages for five AI coding agent harnesses that works whether you're self-hosting Ory or using Ory Network. Install and share feedback in our Slack community:
Frequently asked questions
More on agent security
Securing AI agents with Ory Hydra and MCP: A complete integration guide
Learn how to integrate Ory Hydra, a powerful and fully open-source OAuth 2.1 server, with the Model Context Protocol (MCP) to create secure, standardized AI agent interactions.
Ory Agent DX: Build secure apps at the speed of thought, the right way.
Ory Agent DX is the ultimate developer toolkit that unifies AI automation with Ory’s hardened security ecosystem. By seamlessly blending Model Context Protocol (MCP) servers, plugins, CLI, and Ory Elements, it gives developers a conversational, agent-led workflow to develop enterprise-ready identity, access management, and fine-grained permissions.
