Teleport Agentic Identity Framework
Design and reference implementation for the secure deployment of agents on infrastructure.
The Teleport Agentic Identity Framework is a standards-driven security architecture and a reference implementation for deploying AI agents across infrastructure. It provides designs and reference implementations for safe agent adoption across infrastructure with built-in security invariants, observability, and governance.
Deploy agents safely across infrastructure
- Give each agent a strong identity, from ephemeral to long-standing workloads
- Enforce least-privileged access to services, databases, and infrastructure
- Maintain audit trails for agent actions
Govern MCP-based access
- Secure agent calls to tools via MCP proxy with authorization and visibility
- Discover and track MCP servers to reduce drift and shadow deployments
- Standardize how teams publish and consume MCP endpoints
Control and observe LLM usage
- Enforce rate limits, budgets, and model routing
- Apply “guardrails” with prompt/response tracking
- Quantify usage and cost by team
Detect shadow agents and misbehavior
- Discover unmanaged agents and MCP servers
- Detect compromised or policy-violating agents
- Improve incident response with centralized visibility
Operationalize agent workflows in production
- Orchestrate agents on Kubernetes and Temporal with repeatable patterns
- Use retries/limits/cascading tasks to reduce fragility
- Improve debugging and developer experience for agent deployments
Architecture overview
The framework is organized into four layers that build on each other: identity, access, security, and scheduling. Each subsection below describes the current state of that layer and links to relevant design docs and implementation guides
Agentic Identity (the foundation)
Your agents need a verifiable, cryptographic identity tied to where they're running, not a shared API key. We use Teleport Machine and Workload Identity to attest the agent's running environment and issue a short-lived X.509 certificate
Digital Twins
Agents operate on behalf of principals while preserving approval/authorization workflows.
Identity for long-running agents
Identity for long-running agents without shared secrets, with attestation and revocation.
Identity for LLM apps
Agentic Access
Once an agent has an identity, it needs authorization to act and a controlled path to the resources it acts on. Teleport handles authorization to infrastructure, services, and data, and provides a proxied connection layer with MCP server discovery and LLM controls: rate limiting, load balancing, budgets, prompt/response tracking, and guardrails.
MCP Access
Access and audit agent calls to databases, services, and infrastructure using MCP.
MCP Catalog
Discover MCP servers across infrastructure, track drift over time, and reduce unmanaged endpoints.
- Dynamic Registration
- Access Control
- Tracking Changes and Provenance
LLM Access
Control and observe LLM usage across teams with rate limiting, budgeting, model routing, and prompt/response tracking.
- Guardrails
- Rate limiting
- Budgeting
- Multiplexing
Agentic Security
Teleport provides discovery, detection, and analytics for AI agents and MCP servers to reduce shadow deployments and context poisoning attacks.
Visibility & Discovery
Continuous discovery, detection, and policy violation insights for agents and MCP endpoints.
- Exploring Access Paths and Activity
- Discovery
Audit & Security
Comprehensive audit trails and behavior analysis for agent actions across infrastructure.
- Session Recording and Audit
- Behavior analysis
Agentic Scheduling and orchestration
Integrations and SDKs for modern agentic orchestration tools enable secure identities for agentic workflows accessing resources like databases and git repositories, as well as file sharing and developer tooling.
Data Sharing
Mechanisms for securely passing data between agents, tasks, and workflows.
Workflows
Multi-step agent workflows with retries, limits, and reusable execution patterns.
Developer Experience
Primitives and tooling - including loops, retries, limits, and debugging - to build and operate agent systems reliably.
We're building the future of Agentic AI. Join us and collaborate on what's next.