AI agents are entering production. Financial services. Healthcare. Logistics. Government. The security conversation so far has focused on one thing: identity. Sign the agent. Verify the card. Move on. Identity is important. But it is the front door, not the building. ## What happens after the agent walks in? A signed identity card tells you who the agent claims to be. It does not tell you: Whether the agent's requests have been tampered with in transit Whether the agent is replaying a previous request to bypass controls Whether the agent is injecting malicious payloads through tool arguments Whether the agent is exfiltrating data through its responses Whether the agent is escalating its own privileges Whether the agent's behaviour has drifted from its baseline Whether the agent is trying to disable its own monitoring What the agent actually did, with cryptographic proof, for your auditor These are not edge cases. These are the attack surface of every agent in production today.…