Policy Access

Policy Access: Zero-Credential Execution for AI Agents

To perform complex tasks, AI agents need access to enterprise resources - databases, APIs, and administrative tools. But handing an autonomous AI the keys to your kingdom is a catastrophic security risk.

NuDay redefines AI authorization. Through our Policy MPC (Multi-Party Computation) Server, we enable secure, On-Behalf-Of (OBO) execution. Your agents get the data they need to do their jobs, but they never see, touch, or store the underlying authorization credentials.

The Problem: The Danger of "Credentialed" Agents

Most AI orchestration platforms and security vendors take a deeply flawed approach to agent access: they inject OAuth tokens, API keys, or session credentials directly into the agent's runtime environment or context window. This creates a massive, unpatchable vulnerability:

Memory Leaks & Storage

LLMs are designed to remember context. If you hand an agent a token, it can unintentionally memorize it, write it to plain-text conversation logs, or store it in its RAG history.

Replay Attacks

If an attacker compromises the agent via prompt injection, they can extract those stored credentials and execute devastating replay attacks against your sensitive data and infrastructure.

The NuDay Solution: On-Behalf-Of (OBO) Execution

With NuDay, the agent is mathematically physically separated from your secrets. We utilize a dedicated Policy MPC Server to broker all access.

Zero-Knowledge Architecture

When an agent needs to pull a customer record from Salesforce or execute a query in Postgres, it does not use a credential. Instead, it sends a cryptographic request to the Policy MPC Server.

Secure Brokering

The MPC Server verifies the agent's identity, checks the enterprise policy, retrieves the necessary credential from the vault, and executes the API call on behalf of the agent.

Data, Not Keys

The MPC Server returns only the requested data (the result) back to the agent. The agent never sees the API key or token, making AI-driven credential theft or replay attacks impossible.

Zero-Credential OBO Execution Flow via NuDay Policy MPC Server

NuDay ensures the AI Agent never handles authorization credentials, preventing replay attacks and data exfiltration.

Real-Time "Human-in-the-Loop" (HITL) Approvals

Autonomy must be governed by human oversight. NuDay allows you to enforce strict boundary conditions for high-risk actions (e.g., initiating a wire transfer, modifying production code, or accessing PHI).

Dynamic Access Requests

If an agent attempts an action that exceeds its baseline permissions, the Policy MPC Server pauses the execution and triggers a real-time Access Request.

3rd-Party Approvers

The request is instantly routed to a designated human approver via your existing workflows (Slack, Microsoft Teams, or Email).

Contextual Escalation

The approver sees exactly what the agent wants to do, why it wants to do it, and whose behalf it is acting on. Once approved, the MPC Server completes the OBO execution.

Seamless Enterprise IAM & PAM Integration

NuDay doesn't replace your enterprise identity stack; it extends your existing Zero-Trust architecture to your AI fleet.

Directory Sync

Native integration with LDAP, Active Directory, and OIDC, ensuring that an agent's permissions are dynamically tied to the human user's organizational role.

PAM Compatibility

Integrates seamlessly with existing Privileged Access Management (PAM) solutions. When the MPC Server needs to execute a privileged task, it can dynamically check out a short-lived credential from your existing PAM vault.

Unified Policy Enforcement

Manage agent access policies from the same centralized console you use to manage human access, ensuring consistent governance across the enterprise.

Competitive Contrast: Agent Access Models

Feature / Risk ProfileNuDay (Policy MPC Server)Legacy Orchestrators (LangChain/Semantic Kernel)AI "Firewalls" (Lakera/Protect AI)
Where Credentials LiveIsolated in the MPC ServerInjected into Agent Context / EnvironmentInjected into Agent Context / Environment
Risk of Agent Memorizing KeysZero (Agent never sees the key)High (Often logged in plaintext)High (Firewalls only filter outputs)
Vulnerability to Replay AttacksZero (Tokens are never exposed)HighHigh
Execution ModelOn-Behalf-Of (OBO) ExecutionDirect Agent ExecutionDirect Agent Execution
Native Human-in-the-LoopReal-time 3rd-Party Approval RoutingRequires custom codingOutput blocking only

Ready to Eliminate AI Credential Risk?

See how NuDay's Policy MPC Server enables zero-credential execution with real-time human oversight.