Can I use CapiscIO to evaluate third-party agents?

Absolutely! Before integrating any third-party agent, run it through CapiscIO to check A2A compliance, transport protocol support, and endpoint reliability. This prevents integration failures and helps you choose the most reliable agents.

What is the A2A Protocol?

The A2A (Agent-to-Agent) Protocol is a standardized specification for AI agent communication and interoperability. It defines how agents expose capabilities and communicate reliably.

How does CapiscIO validation work?

CapiscIO validates AI agents against A2A protocol specifications. Our CLI tests actual endpoint connectivity across JSONRPC, GRPC, and REST transports - not just schema validation.

Can I integrate CapiscIO with my CI/CD pipeline?

Yes! Our CLI tool outputs JSON and uses standard exit codes, making it perfect for CI/CD integration. Catch broken agents before they reach production.

Is CapiscIO free to use?

The CLI tool is completely free and open source. We offer additional services for teams including registries, monitoring, and support.

The authority layer for the A2A protocol

The universal authority layer
for AI agents

Identity, badges, and policy enforcement for the A2A protocol — in two lines of code.

Think Let's Encrypt, but for AI.

guard = CapiscIO.connect()

Get Started Free See the Demos

pip install capiscio-sdk

Built for the ecosystems you already use

Agents talk to each other.
But who's listening?

OAuth tokens prove a user authorized an agent. They don't prove which agent is calling, what it's allowed to do, or who delegated that authority.

Tokens aren't identity

OAuth proves a user authorized an agent. API keys identify apps. Neither cryptographically proves which agent is calling at hop 2, 3, or 10 — or that the payload wasn't modified in between.

No payload integrity

Bearer tokens don't bind to payloads. A valid request captured in transit can be replayed, modified, or reordered. Cryptographic signatures on every message close this gap.

No delegation chain

Agent A calls Agent B calls Agent C — across teams, vendors, even organizations. Your IAM proves who logged in. It can't prove who delegated what to whom, or that scope wasn't escalated along the way. No existing protocol produces this artifact. Until now.

CapiscIO addresses 6 of the OWASP Top 10 for Agentic Applications

OAuth secures the first hop.
CapiscIO secures every hop after.

Think Let's Encrypt, but for AI agents: open, automated, and infrastructure-level.

Traditional IAM

Proves a user said go. After that first hop, it's bearer tokens — no proof of which agent is calling, what it changed, or who delegated what to whom.

NHI / Posture Tools

Discovers service accounts and shadow identities. Essential for visibility — but no inline enforcement on every call, no per-message signatures.

CapiscIO

Agent identity and every request cryptographically signed at every hop. Cross-org delegation chains verified locally — no callbacks to the issuing organization. Authority provably narrows at every hop.

Open protocol (8 published RFCs) · Open source Go core · Sub-millisecond overhead · Works alongside your existing identity stack

Three layers of trust

From development to production. From single agents to fleet-wide enforcement.

Runtime Identity Verification

Add trust enforcement to A2A and MCP endpoints in two lines of code. Ed25519 signatures, 60-second replay windows, verified DIDs.

Learn more about Guard →

from fastapi import FastAPI
from capiscio_sdk.integrations.fastapi import CapiscioMiddleware

app = FastAPI()
app.add_middleware(CapiscioMiddleware)

Built on open standards

Real engineering depth. Open source from day one.

First

Trust layer for the A2A protocol

23,600+

Stars on the A2A protocol we secure

Published protocol specifications

6 / 10

OWASP Agentic AI threats addressed

12+

Open source repositories

Python · Go · Node.js

Multi-language SDK coverage

<1ms

Verification overhead

Published RFCs

Callbacks for cross-org verification

6 / 10

OWASP threats addressed

Start in 60 seconds

From zero to trust-enforced. No dashboard signup required.

$ pip install capiscio-sdk

from capiscio_sdk import secure, SecurityConfig, CapiscIO

# Connect (reads CAPISCIO_API_KEY from env)
agent = CapiscIO.connect()

# Wrap your agent with trust enforcement
secured = secure(agent, SecurityConfig.production())

Read the getting started guide →Try the web validator →View demos on GitHub →

Building with AI Agents? Let's Talk.

I'm looking for 5 design partners building production AI agent systems. You get hands-on deployment support. We get real-world validation. No sales pitch — just problem-solving together.

— Beon de Nood, Founder

Become a Design Partner

Latest Insights

Learn about A2A Protocol, agent validation, and authority infrastructure

PyCon US 2026 and CapiscIO Startup Row logos

News Release

CapiscIO Selected for Startup Row at PyCon US 2026

CapiscIO, has been selected by the Python Software Foundation to exhibit at Startup Row at PyCon US 2026!

May 1, 2026

5 min read

A metaphorical bridge with 2 robotic figures are shaking hands with IETF on one side and OWASP on the other

Agent Authority

AI Governance

What IETF WIMSE, OAuth, and OWASP Actually Say About Agent Authorization - And What They Leave Out

The standards landscape for AI agent authorization is productive in places and misrepresented in others. Here is precisely where each standard stops.

March 28, 2026

5 min read

inside a narrowing architectural structure

AI Agents

AI Governance

Why Authority Only Shrinks: The Case for Monotonic Narrowing in Agent Delegation

There is a principle at the core of CapiscIO's architecture that we state in 3 words: authority only shrinks. It sounds obvious. It is surprisingly rare.

March 21, 2026

5 min read

Read All Articles

Your agents are already talking.
Give them an identity they can prove.

Start with the CLI. Validate your agent cards. Add Guard when you're ready for runtime enforcement.

Get Started Free Star on GitHub

GitHub Docs Security & Trust

The universal authority layerfor AI agents

Agents talk to each other.But who's listening?

Tokens aren't identity

No payload integrity

No delegation chain

OAuth secures the first hop.CapiscIO secures every hop after.

Three layers of trust

Runtime Identity Verification

Built on open standards

Start in 60 seconds

Building with AI Agents? Let's Talk.

Latest Insights

CapiscIO Selected for Startup Row at PyCon US 2026

What IETF WIMSE, OAuth, and OWASP Actually Say About Agent Authorization - And What They Leave Out

Why Authority Only Shrinks: The Case for Monotonic Narrowing in Agent Delegation

Your agents are already talking.Give them an identity they can prove.

CapiscIO Selected for Startup Row at PyCon US 2026

What IETF WIMSE, OAuth, and OWASP Actually Say About Agent Authorization - And What They Leave Out

Why Authority Only Shrinks: The Case for Monotonic Narrowing in Agent Delegation

The universal authority layer
for AI agents

Agents talk to each other.
But who's listening?

OAuth secures the first hop.
CapiscIO secures every hop after.

Your agents are already talking.
Give them an identity they can prove.