Zero-Trust Security Layer for AI Agents
Clement Wong · Cloudflare SE Director APAC · May 2026
Compromised RPC node credentials — attacker minted unbacked rsETH
6-month DPRK social engineering campaign targeting admin keys
The same credential problems that made these exploits possible are how most teams set up AI agents today.
→ API keys in environment variables
→ Shared service accounts
→ No credential rotation
→ No audit trail
Every attack that hit an open-source AI agent ecosystem at scale will target your platform. With higher stakes.
341 / 2,857 skills malicious (12%) — Atomic Stealer macOS malware. Vetting: one-week-old GitHub account. [Wiz Research]
72.4% exploit success rate — found 27-year-old OpenBSD vuln. Chain exploit escaped two sandboxes. [Anthropic Red Team]
$16M rug pull — fake Solana token promoted through AI agent social engineering.
Pattern: Every incident stems from credentials designed for humans being reused by machines. Shared accounts, no rotation, no audit — the same failure mode across all four.
First digital asset platform with AI management system certification.
Agent activity falls under the same compliance umbrella.
User attribution in logs · MFA via Access
Real-time agent logging · AI Gateway analytics
Credential rotation audit · Immutable logs
The default — what the industry does today
→ 9 CVEs · 12% malware · $16M rug pull
The control plane — designed for agents
→ Answers YES to all 5 IMDA dimensions
Three properties. Choose these over products. Products get replaced. Properties don't.
Traditional apps serve many users from one instance. Agents are one-to-one. Serving one user, running one task. That changes everything about security.
Three ways we can work together. Pick what fits your timeline.