Agent-Aware Zero Trust: A Framework for Securing Agentic AI in SASE and Cloud Architectures

Enterprise networking is undergoing a fundamental transition as Secure Access Service Edge (SASE), cloud-native architectures, and software-defined control planes converge with advances in artificial intelligence. A new class of systems, referred to as Agentic AI, is emerging within these environments. Unlike traditional automation, agentic systems exhibit goal-directed behavior, adapt to environmental feedback, and execute actions with limited or no human intervention. While such autonomy promises significant gains in efficiency and resilience, it also destabilizes the deterministic assumptions underlying conventional Zero Trust and SASE security models.

This paper introduces Agent-Aware Zero Trust, a security framework designed to govern autonomous, probabilistic agents operating within enterprise SASE and cloud environments. The framework treats autonomous agents as first-class identities subject to continuous behavioral verification, policy-bounded autonomy, and probabilistic trust enforcement. A threat taxonomy specific to agentic systems is presented, including objective drift, delegated privilege escalation, control-plane lateral movement, emergent multi-agent behavior, and decision opacity. To mitigate these risks, the paper proposes architectural mechanisms including cryptographic agent identity, hierarchical policy envelopes, dynamic trust decay models, telemetry-driven supervision, and deterministic kill-switches.

This work presents a conceptual and architectural security framework, grounded in enterprise-scale SASE and cloud operations, rather than a controlled experimental or simulation-based evaluation. The objective is to establish a defensible security model for enterprises seeking to deploy autonomous networking systems while maintaining governance, compliance, and human oversight.