How ACT Works
A universal permissions layer for AI agents in 4 simple steps
1
Create Agent
Register your AI agent or automated system in the ACT platform
"Customer Support Bot"2
Define Policies
Specify what actions the agent can perform
Actions: ["read", "list"]
Resources: ["api://crm/*"]3
Issue Token
Generate a capability token (JWT) for the agent
eyJhbGciOiJSUzI1NiIs...4
Enforce & Audit
Every action is validated against policies and logged
ALLOWED ?: read
DENIED ?: deleteSystem Architecture
Your Application
AI Agent / Backend Service
API Request + Token
ACT Gateway
Validate Token ?
Check Policies ?
Log Audit Trail ?
ALLOW / DENY
Your API
Customers, Orders, Data
Real-World Example
ALLOWED ?
Customer Support Bot wants to read customer data
Policy says: "read" allowed ?
Token is valid: Not expired ?
Result: ALLOWED
DENIED ?
Customer Support Bot wants to delete customer data
Policy says: "delete" not allowed ?
Token is valid: Not expired ?
Result: DENIED
Why Use ACT?
Security First
Fine-grained permissions prevent unauthorized actions
Full Audit Trail
Every action is logged with who, what, when, and why
Instant Revocation
Revoke access globally in real-time if agent misbehaves
Framework Agnostic
Works with any AI framework, LLM, or backend system
Time-Limited Access
Tokens expire automatically after set duration
Compliance Ready
Meet regulatory requirements with detailed logging
Ready to Secure Your AI Agents?
Get started with ACT today