ACF banner
MICS Capstone Project Spring 2026

Agent Credential Firewall

Team members
Neha Dhage
Yaozong Yao
Nwamaka Abiakam
Georgio Mrad
Hamza Imran
Sireesha Pendyala

Agent Credential Firewall (ACF) addresses a growing security gap created by enterprise AI agents. Unlike traditional software, agents can interpret natural language, access business systems, use delegated credentials, and take autonomous actions across workflows. That creates new risks such as prompt injection, confused deputy behavior, tool misuse, privilege abuse, memory or context poisoning, and unauthorized actions carried out under legitimate identities. Traditional controls such as Identity Access Management, Data Leakage Protection, and static guardrails are not designed to evaluate whether a specific agent action, on a specific resource, in a specific context, should be allowed at that moment. As agents become more embedded in operational workflows, enterprises need controls that govern actions at runtime, not just access at sign-in.

ACF is a runtime enforcement layer built to bring zero-trust principles to agentic systems. In the architecture shown in the presentation, the agent never connects directly to downstream applications such as Gmail. Instead, every requested action is routed through an MCP gateway, evaluated by the OPA policy engine, and either allowed or denied based on the full execution context. Policies can incorporate factors such as user identity, action type, destination domain, recipient scope, timing, and rate limits. Every request, decision, and outcome is then written to IMMUDB to create an immutable audit trail. This design separates agent reasoning from execution, ensuring that the model can propose actions, but the firewall determines whether those actions are permitted.

The product solves a core enterprise problem: how to enable AI agents to operate usefully without giving them unchecked authority. ACF helps organizations reduce the risk of data exfiltration, unsafe tool usage, excessive delegated access, and hidden malicious behavior embedded in otherwise legitimate workflows. At the same time, it gives security, compliance, and audit teams visibility into what the agent attempted to do, why it was blocked or allowed, and how policy was enforced in real time. In practical terms, ACF turns agent security from a vague trust issue into an enforceable control model, giving enterprises a clearer path to deploy AI agents with accountability, least privilege, and auditability. 

Last updated: April 1, 2026