Astha

How do I secure AI agents running on my infrastructure?

AI agent infrastructure security requires three layers: model and prompt security (handled by the AI platform provider), runtime infrastructure security (Kubernetes posture, container isolation, network policies, GPU security), and compliance attestation (mapping findings to frameworks like NIST 800-53, EU AI Act, and SOC 2). Astha provides runtime-aware assessment and compliance attestation — the infrastructure layers that complement the AI platform's own security.

What is the SAFE Agentic Framework?

The SAFE Agentic Framework is the first open-source security taxonomy for AI agents, mapping 85+ attack techniques across 14 tactics. Built under OpenSSF/Linux Foundation, it provides the OWASP Top 10 equivalent for agentic systems. It covers MCP tool poisoning, prompt injection, supply chain attacks, and runtime behavioral anomalies.

What compliance frameworks does Astha map to for AI agent deployments?

Astha maps AI agent infrastructure findings to 12+ compliance frameworks: NIST AI RMF 1.0, NIST SP 800-53 Rev. 5, MITRE ATT&CK, OWASP Top 10 for LLM Applications, SOC 2, HIPAA Security Rule, GDPR, ISO 27001, ISO/IEC 42001, EU AI Act, PCI DSS, and AIUC-1. Findings are produced as structured attestation bundles with evidence chains for audit readiness.

Why do enterprises need independent security assessment for AI agents?

Enterprise compliance standards like SOC 2, NIST, and the EU AI Act require independent assessment — the AI platform provider's certifications cover their own platform, but enterprises need separate compliance evidence for how agents interact with their own infrastructure. Independent verification provides the audit-ready evidence CISOs need to approve AI agent deployments.

What is runtime-aware AI agent security?

Runtime-aware security evaluates the actual running state of AI agent infrastructure — not just static configurations or declared intent. It observes real-time Kubernetes API state, cloud provider resources, model serving systems, and data pipelines to produce a ground-truth infrastructure graph. This enables continuous compliance posture assessment rather than point-in-time snapshots.

Who built Astha?

Astha was founded by Frederick Kautz and Arjun Subedi. Frederick is a co-author of NIST SP 800-204D (Strategies for Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines) and has contributed to OpenSSF, CNCF, and KubeCon. The team authored the SAFE-MCP framework, the first comprehensive attack taxonomy for AI agentic systems.