Identity
Which AI worker is acting, under which owner, with which Passport and lifecycle state?
AI Assurance Framework
Scaled Agents frames AI assurance as an operating-record problem: who owns the AI worker, what it may do, what control path applies, what evidence exists, and when a request should fail closed or route to human review.
This page is public orientation for enterprise buyers, reviewers, and procurement teams. It does not provide certification, legal advice, audit conclusions, or a claim that Scaled Agents itself is the object of a deployed-agent assessment.
Context
Enterprises increasingly need a common way to explain AI worker ownership, oversight, and runtime controls across internal review, customer diligence, and independent assessment work.
Scaled Agents provides the control-plane records and customer-safe evidence model around that work. The customer still owns deployment scope, production decisions, security controls, and any formal interaction with external assessors.
Assurance Pillars
The product model is useful when assurance has to connect governance intent to runtime behavior and reviewable records.
Which AI worker is acting, under which owner, with which Passport and lifecycle state?
What purpose, boundaries, tools, data classes, and prohibited actions have been approved?
Which Toll Gates, Runtime Permit checks, and Action Broker boundaries decide whether a request proceeds?
Which Human Review records, Stamps, workflow events, and audit exports support later review?
Control Mapping
This matrix shows the public operating fit between enterprise assurance expectations and the core product records.
| Assurance need | Current Scaled Agents capability | Fit | Recommended follow-through |
|---|---|---|---|
| Named accountability | Passport owner, sponsor, reviewer, escalation path, and lifecycle state. | Strong | Surface assurance profile fields in customer-facing Passport review workflows. |
| Runtime boundary enforcement | Toll Gate, Runtime Permit, Action Broker, and fail-closed decision path. | Strong | Keep customer deployment evidence separate from public product context. |
| Evidence reconstruction | Stamps, evidence records, workflow events, and audit export package planning. | Partial | Finalize customer-safe assurance export composition over existing records. |
| External review preparation | Framework mapping, role separation, shared responsibility language, and control-plane summaries. | Partial | Pair product records with customer environment evidence and independent reviewer input. |
Product Records
Identity, owner, purpose, scope, risk, lifecycle, and evidence linkage.
Policy and control checkpoints for data, autonomy, tools, and consequential action.
Accountable reviewer decisions, exceptions, escalations, and remediation instructions.
Customer-safe summary path over existing evidence objects for later reconstruction.