A2AS.org

A2AS: Standard for Agentic AI Security

Behavior Certification and Runtime Security Framework
For LLM Models and Agent-to-Agent Security
Similar to How HTTPS Secures HTTP

Authors and Contributors

AWS
ByteDance
Cisco
Elastic
Google
JPMorganChase
Meta
OWASP
Salesforce
Wallarm

A2AS Framework

The Security Layer for AI Agents and LLM-Powered Applications

B
Behavior Certificates
Declaration and enforcement of agentic behaviors and resource permissions
A
Authenticated Prompts
Verification of context window integrity and prompt attribution
S
Security Boundaries
Isolation of untrusted input and segmentation of external data
I
In-Context Defenses
Security meta-instructions for guiding secure model reasoning
C
Code-Driven Policies
Definition of application-specific rules and policies
R
Runtime Security
Orchestrated A2AS controls for a defense-in-depth strategy

A2AS Use Cases

Practical Applications of the A2AS Framework

1
Agent Behavior Enforcement

Restricts AI agents to declared behaviors and resource permissions using behavior certificates

2
Prompt Injection Protection

Prevents malicious instructions from altering model behavior through security boundaries and in-context defenses

3
Application-Specific Rules

Embeds policy-as-code rules to enforce business logic and regulatory requirements for model inference

4
Identity and Access Control

Can bind authenticated prompts with enterprise identity for attribution and secure agentic access control

5
Context Window Integrity

Maintains trusted separation of system instructions and external inputs with explicit security boundaries

6
AI Supply Chain Security

Certifies agent manifests and capabilities to ensure trust in third-party or distributed AI components

7
Security Observability

Can record logs, telemetry, and metadata for visibility into agent actions and security enforcement

8
CI/CD Integration

Embeds behavior testing, policy validation, and security evaluation into automated AI development pipelines

Contribute to A2AS

Build, Implement, and Promote the A2AS Framework With Us

Researchers & Engineers
Help us research, evaluate, and build A2AS
  • • Advance the A2AS framework
  • • Collaborate with the expert team
  • • Contribute to open source projects
Design Partners & Users
Implement A2AS in your agentic AI systems
  • • Influence the A2AS roadmap
  • • Get early access to A2AS features
  • • Protect your production AI systems
Ambassadors & Supporters
Promote and educate the community about A2AS
  • • Promote agentic AI security
  • • Create educational materials
  • • Engage in co-marketing efforts
Express Your Interest