.png)

Executive Summary
We stand at the threshold of a fundamental transformation in computing. Autonomous AI agents — systems that independently plan, execute, and adapt across organizational boundaries — are no longer experimental prototypes. They are operational realities embedded in enterprise workflows, government systems, and critical infrastructure, acting with a degree of independence that fundamentally alters the calculus of trust.
This transformation arrives when our policy and security frameworks remain anchored to assumptions that no longer hold. We designed cybersecurity models for human users with persistent identities, for static software with deterministic behavior, and for centralized systems operating under singular organizational control. None of these assumptions survives contact with the agentic web, where autonomous systems act, transact, delegate authority, and collaborate across dynamic environments without continuous human oversight.
The core policy challenge is easy to state but hard to answer: How do we ensure that autonomous agents remain accountable to human principals, operate within authorized boundaries, and can be securely discovered, governed, and constrained across fragmented platforms and regulatory regimes? This paper advances a governance framework built on three interdependent principles.

These layers must evolve in parallel rather than sequentially. Identity infrastructure establishes accountability and trusted interaction, but identity alone cannot secure systems whose primary risks emerge during execution. Runtime governance, behavioral enforcement, and continuous visibility therefore become essential components of trustworthy agentic systems.
The window for shaping the architecture of the agentic web is narrowing. The decisions made now will determine whether this ecosystem develops as an open, interoperable security architecture — or fragments into proprietary systems that concentrate control.
The OpenPolicy Coalition, representing organizations at the forefront of cybersecurity, AI security, cloud infrastructure, and runtime governance, presents this framework alongside policy recommendations designed to reduce regulatory fragmentation, enable interoperability, and align security controls with evolving operational realities.
The decisions made now will determine whether the agentic web develops as an open and interoperable security architecture, or fragments into proprietary systems that concentrate control, constrain visibility, and amplify systemic risk. The sections that follow trace the path from the threats agentic systems introduce, through the identity and discovery foundations that establish accountability, to the runtime governance and harmonized standards required to keep them secure at scale.
%20(300%20x%2050%20px)%20(2).png)
OpenPolicy welcomes the opportunity for collaboration on agentic security and the defining policy challenges of the AI era. If you’d like to discuss these ideas or explore opportunities to get involved with the OpenPolicy Coalition, we’d love to hear from you. For engagement, please contact Michelle Sahar: Michelle@openpolicy.co
.png)
