Red teaming
Continuous adversarial testing of AI systems (jailbreaks, extraction, manipulation) with findings turned into enforcement policy and re-scanned to prove the fix.
Part of the Agent Control Fabric: Highflame's identity, policy, and enforcement substrate for AI agents.
Keep exploring the glossary.
RFC 8693 (token exchange)
The standard that lets one token be exchanged for another with attenuated scope: the basis for verifiable agent-to-agent delegation.
Read →Scope attenuation
Narrowing permissions at each delegation hop so a sub-agent can never hold more authority than the agent that delegated to it.
Read →Shadow agents
Agents running across clouds, IDEs, and SaaS that no one inventoried or assigned an owner: the unmanaged majority of an enterprise's agent footprint.
Read →SPIFFE / WIMSE
Open standards for verifiable workload identity. Highflame extends them with agent-shaped claims for delegation, trust, and attribution.
Read →Trust tier
A provenance-based level on an agent's identity (first-party/attested, verified third-party, or unverified) that gates what the agent is eligible for and tightens its policy. It is a verified input to every decision, never a bypass: each action is still authorized per request, so there is no implicit trust.
Read →ZeroID
Highflame's open-source agent identity core (Apache 2.0), built on OAuth 2.1, SPIFFE/WIMSE, and RFC 8693: the inspectable foundation beneath Highflame Identity.
Read →