Frequently Asked Questions

An Autonomous Identity Provider (AIdP) is an identity fabric built natively for the agentic era. Where legacy IdPs secure human-to-app interactions using passwords and passkeys, an AIdP secures complex, high-velocity Non-Human Identity (NHI) interactions. We provide continuous authentication, Intent-Based Access Management (IBAM), and predictive drift detection to govern AI agents making thousands of decisions per second.

Legacy API keys rely on "Bearer Token" semantics: if an entity holds the key, it is granted permanent, Always-On access. When AI agents chain tasks and spawn sub-agents, these static keys are easily exposed in logs or hijacked during a prompt injection attack. A stolen API key gives an attacker unlimited blast radius. INDRA eliminates this risk by utilizing Zero Identity — granting access mathematically only for the exact duration of an authorized task.

Role-Based Access Control (RBAC) grants broad privileges based on a static identity (e.g., "Admin"). Intent-Based Access Management (IBAM) governs the purpose of the action. Even if an agent has the "Database Read" role, IBAM will block a request if the embedding-space intent is "Exfiltrate Customer SSNs." IBAM understands context, dynamically restricting actions that fall outside the originally defined human intent.

Zero Trust says "never trust, always verify" — but it still assumes an identity exists persistently. Zero Identity takes the next step: no machine identity should exist in a standing, always-on state at all. Every credential is ephemeral, every session is cryptographically bound to a single human-initiated intent, and every authorization is re-evaluated on each invocation. Zero Identity is what Zero Trust looks like when applied to an autonomous, machine-speed workforce.

A Non-Human Identity (NHI) is any digital identity assigned to a machine — a service account, API key, AI agent, automation script, or IoT device — rather than a person. NHIs now outnumber human identities in enterprise environments by more than 100:1, and unlike human identities, they operate 24/7 with no natural oversight. Most legacy IAM tools were built for humans and are architecturally blind to the NHI attack surface.

INDRA operates a continuous, deterministic telemetry stream. We calculate the vector distance between an agent's current action and its baseline intent. A successful prompt injection forces an agent to deviate from its mission (e.g., suddenly attempting lateral network movement). Our Predictive Drift Detection instantly flags this semantic deviation and cryptographically severs the agent's privileges in milliseconds, quarantining the threat before the API call executes.

No. We operate a Zero State architecture. Identity is treated as an ephemeral calculation, not a stored state. We sit seamlessly at the edge, orchestrating access without permanently storing your proprietary data or vaulting raw API keys in centralized honeypots.

INDRA enforces Bounded Agency through cryptographic delegation chains. When a parent agent spawns a sub-agent, the sub-agent's capability token is mathematically derived from — and strictly bounded by — the parent's authorized scope. A sub-agent can never acquire permissions exceeding those of its parent, regardless of what it's instructed to do. This chain is verifiable at any point in the delegation tree and collapses automatically when the root session ends.

INDRA is designed to align with NIST SP 800-207 (Zero Trust Architecture), NIST SP 800-63 (Digital Identity Guidelines), and the emerging NIST AI RMF for agentic systems. We support OIDC and SAML 2.0 for IdP federation, and our credential model is compatible with SPIFFE/SPIRE workload identity standards. Our cryptographic audit trail architecture is designed to satisfy SOC 2 Type II evidence requirements.

No. Traditional security gateways route traffic back to centralized servers, adding 100–200ms of latency per hop. In high-velocity agentic workflows, this latency compounds and breaks the loop. INDRA executes strictly via globally distributed edge nodes. We evaluate intent constraints and issue JIT access in single-digit milliseconds.

For human workforce identity — SSO, MFA, employee lifecycle management — Okta and Auth0 remain strong choices and INDRA complements them via OIDC federation. Where INDRA diverges is the machine and agentic identity layer. Okta was not designed to govern 10,000 agent invocations per second, enforce intent-based access, or issue per-invocation ephemeral credentials. INDRA fills exactly that gap — you keep your human IAM and extend it into the agentic era.

INDRA is built framework-agnostic. We natively support MCP (Model Context Protocol), OpenAI Agents SDK, LangChain/LangGraph, and CrewAI. For authentication protocols, we support OIDC, SAML 2.0, and OAuth 2.0 Token Exchange (RFC 8693). If your stack isn't listed, our edge SDK provides a lightweight, framework-agnostic integration path.

Every intent evaluation, delegation grant, and access decision creates an immutable, cryptographically signed audit record committed before the action executes — not after. This produces a tamper-proof chain of custody for every agent action in your environment. For compliance teams, this means you can answer "who authorized this, when, and why" for every machine action — satisfying SOC 2, ISO 27001, and emerging AI governance frameworks.

Yes. INDRA's visibility layer continuously monitors for unregistered AI agents and copilots accessing your APIs and data — what we call "shadow AI." When an unregistered agent makes a request, INDRA can intercept, flag, and quarantine it before it accesses sensitive systems. CISOs get a real-time inventory of every AI agent touching their infrastructure, whether IT sanctioned it or not.

Yes — and it is especially well-suited to regulated environments. Financial services firms face strict requirements around non-human identity governance, audit trails, and data access controls. INDRA's Zero Standing Privilege model eliminates the long-lived credentials that create the largest attack surfaces in regulated environments. Our architecture supports FFIEC, PCI-DSS, HIPAA, and SOC 2 Type II requirements. We strongly recommend engaging your compliance team as part of the alpha onboarding process.

Alpha participants receive access to INDRA's edge-native identity platform with 500,000 free invocations. You'll get early access to our Intent-Based Access Management engine, Zero Standing Privilege credential issuance, and our real-time audit console. Alpha is reserved for enterprise teams only — no credit card required. In exchange, we ask for structured feedback to help shape the platform before GA.

Alpha participants lock in an early-adopter rate that will be significantly below GA pricing. We're building INDRA in partnership with our alpha customers — the teams who shape the product earliest get the most favorable economics. GA pricing will be invocation-based and announced before the end of the alpha period, with a minimum 60-day notice before any billing change takes effect.

During the alpha period, we will work directly with your team to ensure continuity. No service will be cut off without explicit communication and agreement. Post-alpha, usage beyond 500k invocations will be billed at your locked-in early-adopter rate per invocation. You will never be charged per seat, per workspace, or per agent — only for the compute used.