Inspiration

AI agents are rapidly evolving from simple chatbots into autonomous systems that browse the web, execute tools, access enterprise APIs, manage infrastructure, and collaborate with other AI agents. Protocols such as A2A and MCP have made agent interoperability possible, but they largely focus on communication not trust.

Today, an AI agent can request another agent to execute sensitive actions with little or no governance around identity, delegation, permissions, or intent. This creates entirely new security challenges, including prompt injection, identity spoofing, unauthorized tool execution, replay attacks, and rogue autonomous behavior.

We built Pramaan to answer one fundamental question:

Before one AI agent trusts another, how can it prove that the request is legitimate, authorized, secure, and compliant?

Our vision is to bring the same level of security and governance that enterprises expect from human users to autonomous AI agents.


What it does

Pramaan is a Proof-of-Authority governance layer that sits between AI agents and verifies every agent-to-agent interaction before execution.

Instead of allowing agents to communicate directly, every request passes through a comprehensive security and governance pipeline.

Pramaan provides:

  • Proof-of-Authority verification for every A2A interaction
  • Verifiable agent identities using W3C Verifiable Credentials
  • Human-backed delegation chains
  • Zero-Knowledge Proof-based policy validation
  • Dynamic authority intersection to calculate effective permissions
  • Rogue agent detection through behavioral risk scoring
  • Quorum-based trust receipts
  • Automatic revocation and circuit breaking
  • Tamper-evident audit logging
  • Prompt injection detection
  • Replay attack prevention
  • API rate limiting
  • Behavioral anomaly detection
  • Honeypot-based deception mechanisms

Beyond governance, Pramaan also includes Sentinel, an AI security assessment platform capable of:

  • Scanning A2A agents for security weaknesses
  • Auditing MCP servers
  • Discovering exposed tools and resources
  • Running AI red-team attacks using DeepTeam
  • Generating detailed security reports

The result is an enterprise-ready trust layer that transforms agent communication protocols into secure, governed AI ecosystems.


How we built it

Pramaan is built as a modular governance platform composed of multiple independent security components working together.

Backend

  • Python
  • FastAPI
  • LangChain
  • A2A SDK
  • DeepTeam

Frontend

  • React
  • AG-UI Protocol

Governance Engine

We designed a multi-stage verification pipeline where every request passes through:

  • Identity verification
  • Delegation validation
  • Policy evaluation
  • Risk assessment
  • Authority computation
  • Human approval (when required)
  • Audit logging
  • Final execution

We also implemented a global interceptor that performs:

  • PII redaction
  • Goal integrity validation
  • OPA/Rego policy enforcement
  • Sandbox restrictions
  • Output validation

For security testing, we integrated DeepTeam to perform automated red-teaming against AI agents and MCP servers while generating actionable security reports.

The entire architecture is designed to be modular, so new governance rules and security modules can be added without changing existing agent implementations.


Challenges we ran into

Building governance for autonomous AI agents introduced several unique technical challenges.

One of the biggest challenges was designing a security pipeline that performs comprehensive verification without significantly impacting latency.

We also had to determine how multiple independent security decisions, identity, delegation, organizational policy, behavioral risk, and runtime constraints could be combined into a single trust decision.

Integrating multiple emerging technologies, such as the A2A SDK, AG-UI, DeepTeam, and MCP, required significant experimentation because these ecosystems are still evolving rapidly.

Another major challenge was balancing security with usability. Enterprise-grade governance can quickly become overly restrictive, so we designed Pramaan to support human approvals, configurable policies, and modular security controls rather than hardcoded rules.

Finally, implementing realistic AI attack simulations, including prompt injection, replay attacks, rogue agent behavior, and MCP security assessments, required building a comprehensive testing framework beyond standard application security practices.


Accomplishments that we're proud of

During the hackathon, we successfully built a working end-to-end governance platform rather than a proof-of-concept.

Some achievements we're especially proud of include:

  • Designing a complete Proof-of-Authority framework for AI agents
  • Building a 16-layer security architecture covering governance and runtime defense
  • Integrating Verifiable Credentials, delegation chains, and Zero-Knowledge Proof concepts into agent authorization
  • Developing a real-time security dashboard for monitoring agent interactions
  • Building an MCP security scanner capable of discovering and assessing exposed tools
  • Integrating DeepTeam for automated AI red-teaming
  • Creating comprehensive audit logs and trust receipts for every governance decision
  • Building a modular architecture that can evolve alongside future agent ecosystems

Most importantly, we demonstrated that security can become a first-class capability for Agentic AI rather than an afterthought.


What we learned

This project taught us that securing AI agents is fundamentally different from securing traditional software.

Authentication alone is no longer sufficient. Autonomous agents require continuous verification of identity, authority, intent, behavior, and policy compliance throughout every interaction.

We also learned how rapidly the Agentic AI ecosystem is evolving. Standards like A2A and MCP provide excellent foundations for interoperability, but governance, trust, and enterprise security remain significant open challenges.

From an engineering perspective, we gained valuable experience integrating modern AI frameworks, designing modular security architectures, and building systems that combine AI capabilities with traditional cybersecurity principles.


What's next for Pramaan

We see Pramaan evolving into a comprehensive security and governance platform for enterprise Agentic AI.

Our roadmap includes:

  • Support for additional agent protocols beyond A2A and MCP
  • Distributed trust authorities for multi-organization deployments
  • Production-ready policy management with enterprise integrations
  • Advanced behavioral threat detection using machine learning
  • Continuous runtime monitoring for large agent networks
  • Compliance reporting aligned with emerging AI governance standards
  • SIEM and enterprise security platform integrations
  • Cloud-native deployment for large-scale enterprise environments
  • Open-source community contributions and extensible governance plugins

As AI agents become an integral part of enterprise systems, we believe secure, trustworthy, and governed autonomy will become just as important as the intelligence of the agents themselves. Pramaan aims to provide that missing trust layer.

Built With

Share this project:

Updates