Who are you hiring? Five shapes of AI workforce that are being deployed right now, and the lifecycle each one needs.
The seven-stage lifecycle is not an abstract model. It is how a real team of AI agents actually behaves when deployed into production. Here are five concrete shapes of that workforce. Different jobs, different risks, different stages of the lifecycle carry different weight. Aegis covers all seven stages for all five, with the same runtime.
① Internal AI assistants
Who you are hiring: a new employee who answers questions from every department using the company's internal data.
HR records, financial reports, customer information, employee directories, contracts. The assistant needs narrow, purpose-scoped access to all of them, not blanket read on the whole knowledge base. The dangerous stages for this hire are Stage 2 (Onboard, scope the right data for the right role) and Stage 6 (Discipline, detect the moment a query pattern starts looking like data harvesting). Aegis enforces both in the same runtime.
② Agent-based product vendors
Who you are hiring: a workforce you are about to resell to your own customers, and whose every action will be audited by their security team.
If you are building a product powered by AI agents, your customers' procurement review will ask who is responsible for what the agent does, how you know it did what it was supposed to do, and what happens when it does not. Aegis gives you those answers before the question is asked. Stage 3 (Probation audit) and Stage 7 (Offboard with provable residual-risk clearance) are the stages your customer will ask about. Both are runtime features, not policy documents.
③ Regulated-data handling
Who you are hiring: an agent that must touch financial records, medical data, or legal documents to do its job.
The regulatory requirement is not "secure it" in the abstract. It is: prove, line by line, what the agent accessed, when, for what purpose, and that the access was authorized at the moment it happened. Stage 1 (Hire with declared purpose), Stage 3 (Probation audit with cryptographic integrity), and Stage 5 (Promote only after measured performance) are load-bearing. A single runtime that carries state across all three is the only thing a regulator will accept.
④ Multi-agent workflows
Who you are hiring: a team of agents that hand work to each other, with no human sitting between hops.
When agent A hands data to agent B, and B hands it to C, the identity model breaks down. Whose purpose is the data being used for? Whose audit trail carries it? Whose permissions govern the third hop? Subject-based security vendors cannot answer this. Aegis answers it by moving enforcement to the data itself, so that every hop inherits the original contract. Stage 2 (scoped onboard) and Stage 4 (continuous evaluation across hops) carry the load.
⑤ Partner and platform integration
Who you are hiring: agents that live inside a platform you do not own, connecting to data you do own.
Platform integrations are the case where you cannot trust the surrounding environment, and you cannot assume the partner's security team is equivalent to yours. The contract has to be enforced at the boundary and carried with the data as it crosses. Stages 1 through 7 all matter, because you do not have a second chance to check in once the agent is on the other side of the boundary. Aegis is the boundary, and the runtime that enforces the contract on the other side.