Does your AI have an HR system? Seven stages. One runtime. Every existing vendor covers one.
Every human organization has a seven-stage lifecycle for managing employees. You interview, onboard, watch during probation, evaluate performance, promote when trust is earned, discipline when behavior wavers, and offboard when the relationship ends. Aegis implements the same seven stages for AI agents, in code, in production, in real time. Each stage maps to a specific capability. The capabilities compose into a single runtime. The runtime is the product.
The seven stages of hiring an AI agent
-
Hire
Identity + contractEvery agent enters with a declared identity, a stated purpose, and a formal registration with the control plane. No agent operates without a signed contract of what it is allowed to attempt. Anonymous agents, shadow agents, and agents whose purpose cannot be stated in one sentence do not exist here.
-
Onboard
Minimum tools, entry badgeOn day one, an agent receives only the narrowest set of permissions it needs to begin its stated job. Not the permissions it might eventually need. The permissions required today, for the task in front of it. Nothing more. Expansion happens later, through earned trust, not through default access.
-
Probation
Narrow duties, close observationDuring probation, every action the agent takes is observed and recorded. The observation is not a log you review quarterly. It is a continuous audit trail with cryptographic integrity, reconstructible on demand, tamper-detectable. New agents begin at zero trust. Trust is an outcome of behavior, not a starting condition.
-
Evaluate
Performance review, continuousEvaluation is not an annual event. It is a continuously updated signal, recomputed on every action. Successful outcomes raise the agent's standing. Anomalous behavior lowers it. The signal is carried by the control plane, not by a human reviewer, and it is available to every policy decision the runtime makes downstream.
-
Promote
Permission expansion, earnedWhen an agent's evaluation signal crosses a threshold, new permissions become available. The promotion is not a manual ticket. It is a runtime decision, made by the control plane, based on demonstrated behavior over time. The new permissions are scoped, audited, and revocable. The agent does not keep them forever; it keeps them as long as it continues to earn them.
-
Review & Discipline
Suspension, demotion, added auditWhen behavior wavers, the control plane reduces the agent's scope before any human notices. The reduction is immediate, automatic, and auditable. It may be a temporary restriction while additional audit runs, or a permanent demotion if the anomaly is severe. Nothing is decided later. The response happens in the same decision path as the original request.
-
Offboard
Badge revoked, residual risk clearedWhen an agent leaves service, access is revoked, secrets it held are cryptographically cleared, and any data it carried with it is rendered unreadable. This is not a delete button. It is the provable disappearance of an agent's capability to act, and the provable absence of residual state in the places it touched. Offboarding is a first-class lifecycle event, not a cleanup job.
Where existing vendors reach
The seven-stage lifecycle is not proprietary to Aegis as a concept. It is proprietary to Aegis as a complete implementation. Every existing vendor in the adjacent space covers exactly one stage, because their architecture is committed to a particular point in the lifecycle and cannot naturally extend to the others.
| Vendor | Covers |
|---|---|
| Okta | Stage 1 (Hire — identity) |
| Kong | Stage 2 (Onboard — tool routing) |
| Palo Alto Networks | Stage 6 partial (Discipline — anomaly detection) |
| CrowdStrike | Stage 6 partial (Discipline — endpoint scope) |
| Microsoft Purview | Stages 3 + 5 partial (classification, labeling) |
| HashiCorp Vault | Stage 2 partial (Onboard — secret delivery) |
| Aegis | Stages 1 through 7, as a single runtime |
Identity-first vendors (Okta)
Built around the premise that the atomic unit of security is the identity. Stage 1 is their home. Stages 2 through 7 require a different atomic unit (the action, the data, the behavior over time) that their sales motion and runtime do not represent. They can partner with an AI licensing authority, but they cannot become one without abandoning their existing position.
Gateway-first vendors (Kong, Vault)
Architected around request routing and secret delivery. Stage 2 is their home. They handle onboarding because onboarding is a routing problem. Probation, evaluation, and promotion are continuous behavioral problems, and gateways do not carry state across requests by design. Adding state would require a second product built on opposite principles.
Anomaly detection vendors (Palo Alto, CrowdStrike)
Designed to identify the bad actor after it has acted. Stage 6 is their home. Their pattern assumes a long-lived subject (a host, an endpoint, a user) that can be observed over time. When the subject is an ephemeral AI agent with a thousand concurrent instances, the assumption collapses. Their detection budget runs out before the behavior is classified.
Classification-first vendors (Microsoft Purview, Adobe)
Built on the premise that data exists to be classified and retained. Stages 3 and 5 (partial) are their home. Their business model depends on data persisting long enough to be catalogued and labeled. Aegis treats data cessation as a first-class state. These are not opposite product roadmaps. They are opposite business models.
Why only Aegis covers all seven
The seven stages look separable on paper. They are not separable in practice. An agent cannot be onboarded with minimum permissions if its identity was not formally declared at hire. It cannot be evaluated continuously if its probation audit trail is not cryptographically sealed and reconstructible. It cannot be promoted dynamically if the control plane does not carry state from evaluation into authorization. It cannot be disciplined in the same decision path as the original request if discipline and request are handled by different runtimes. And it cannot be offboarded with provable disappearance if the data it touched was not wrapped in policy from the beginning.
Aegis is the only existing runtime that treats the seven stages as one lifecycle instead of seven products. The unit of enforcement is not the subject (who), because a subject with a thousand instances cannot be the unit. The unit of enforcement is the object (what data, under what purpose, carrying what policy). Every stage of the lifecycle reads from, writes to, and is bounded by the same object layer. That integration is the reason all seven stages are possible in a single runtime. It is also the reason competitors cannot reach stages two through seven without rebuilding their foundations.
We do not expect them to. We expect them to continue doing what they do well, and we expect the licensing authority for AI to be a new category that sits alongside them. Aegis is building that category.