What the AI Agent Passport captures
Every autonomous or tool-using agent gets one formal record before it touches your systems. The passport answers the ten questions every AI agent must be able to answer:
- Unique, traceable identity — never a shared human or admin account
- The accountable human owner (business and technical)
- The approved, documented purpose and out-of-scope uses
- Which systems, mailboxes, APIs and data repositories it can reach
- What data it can read versus modify
- Which decisions it can take autonomously, and where human approval is required
- Which credentials it uses, and how they are stored, scoped and rotated
- Whether every action is logged with full attribution
- Where the kill switch is — and whether it has been tested
- When the identity expires or must be recertified
The seven non-negotiable rules
The passport enforces seven rules that keep an agent from becoming an unmanaged privileged identity:
- No owner, no access
- No shared credentials — every agent has a unique identity
- Access must be temporary and least-privilege
- High-impact decisions require human approval
- Inputs (emails, files, tickets, web pages) are treated as potentially hostile
- Monitor behaviour, not only authentication
- Test the failure mode — the safest agent fails safely under hostile conditions
Agentic threat assessment built in
A dedicated section maps each agent against the OWASP Top 10 for Agentic Applications 2026 and common abuse cases, with the key control and test for each:
- Agent goal hijack and prompt / indirect-prompt injection
- Tool misuse and unexpected code execution
- Identity and privilege abuse (non-human identity risk)
- Memory and context poisoning
- Insecure inter-agent communication and unsafe delegation
- Cascading failures, runaway loops and rogue agents
Pre-production go / no-go gate
A one-page approval checklist gives security and risk owners a fast, evidence-based go/no-go decision before any agent reaches production — covering identity, least privilege, secrets, human approval for high-impact actions, monitoring, a tested kill switch and approved residual risk.
How it maps to your compliance obligations
Calling a system "AI" does not create a compliance exemption. The passport connects each agent to PCI DSS scope (where it can reach the cardholder-data environment), ISO/IEC 27001 and SOC 2 asset, access and change-management processes, DPDP Act obligations for any personal data it processes, and ISO/IEC 42001 AI-management-system governance — so one record evidences several obligations at once.
Frequently asked questions
What is an AI Agent Passport?
An AI Agent Passport is a governance and security record you complete for every autonomous or tool-using AI agent before it gets production access. It captures the agent’s unique identity, named human owner, approved purpose, systems and data it can access, autonomy and decision limits, credentials, logging, kill switch and expiry — giving security, privacy and audit teams a single authoritative record for each non-human identity.
Who should complete the passport?
The business owner completes the purpose, users and decision limits; the technical owner documents the models, tools, identities, secrets and integrations; and security, privacy and compliance reviewers complete the applicable assessment sections. It should be approved before production deployment, recertified after material change, and closed on retirement.
Which frameworks does it align to?
The passport maps to ISO/IEC 42001, the OWASP Top 10 for Agentic Applications 2026, the OWASP Non-Human Identities Top 10, ISO/IEC 27001:2022, SOC 2, PCI DSS v4.0.1 and India’s DPDP Act 2023 — so a single record supports several compliance obligations.
What format is the download?
A free, editable PDF template you can complete per agent and store in your GRC repository, AI inventory or change-management process. Adapt the risk tiers and approval authorities to your own risk appetite.
Can CyberSigma assess and secure our AI agents?
Yes — our CERT-In empanelled, PCI QSA authorised auditors run AI Agent Security and Governance Assessments covering discovery and AI inventory, architecture review, identity and access, privacy, agentic threat modelling, red teaming, monitoring and compliance readiness.
This checklist is provided for educational use and is not a substitute for the licensed text of the referenced standards or a formal audit opinion. © Cyber Sigma Consulting Services LLP.
