Codios - A2A AI agent Security caging, cryptographic layer

Your AI agents are talking to each other right now.

Agent A calls Agent B. Agent B calls Agent C. Agent C calls an external API.

Every hop is an API request. How are you securing them?

If you said "API keys" or "mTLS" — you have a problem.

The mismatch nobody talks about

API keys solve one problem: authentication.

They tell you who made the call. That's it.

They don't tell you:

What that agent is allowed to do
How many times it can do it
For how long
Which other agents it can delegate to

In human systems, that's fine. Humans have approval loops. Humans are slow. Humans raise alarms when something looks wrong.

Agents have none of that.

Real examples I've seen

Example 1: A billing agent gets compromised. It calls the payment endpoint 50,000 times in 90 seconds before anyone notices. API key worked perfectly — authenticated every call.

Example 2: Agent A delegates to Agent B delegates to Agent C. Agent C's logs show a call from Agent A. No visibility into the chain. No way to audit what actually happened.

Example 3: A team spins up 50 ephemeral agents for a batch job. They use one API key for all of them. The job finishes. The key stays active for months because nobody knows which agents still need it.

What agents actually need

After building multi-agent systems for the past year, I've landed on four non-negotiable layers:

Layer	What it does
Identity	Cryptographic proof of which agent is calling
Authorization	Explicit permission to call a specific action
Scope	Limits on count, time, and delegation depth
Audit	Tamper-evident trail of every decision

API keys give you zero of these. mTLS gives you maybe the first one.

How we solved it

We built Codios — a cryptographic authorization layer designed specifically for AI agents.

The core idea: instead of passing API keys, agents carry signed capability contracts. A contract is a JSON document that says:

"Agent A can call the 'transfer' action on Agent B, up to 1000 times, until April 30th."

The signature is Ed25519. Verification happens offline in ~0ms. No database lookup. No network latency.

Each contract is one-time use for replay protection. Call counters prevent runaway agents. Everything is auditable end-to-end.

The whole enforcement pipeline runs in 1–2ms.

Diagram showing four-layer A2A security model: Identity (Ed25519 keypair), Authorization (signed capability contract), Scope (actions list), and Audit (append-only enforcement log). These layers work together to secure agent-to-agent communication in under 2 milliseconds.

---

What you get with Codios

TypeScript and Python SDKs with Express and FastAPI middleware
Offline verification — no round trips for auth decisions
Replay protection built into the contract nonce
Audit logs that trace full delegation chains
BYOK — your keys never leave your infrastructure

The bottom line

You can keep using API keys for agents. Many teams do.

But you'll eventually hit the same walls: delegation chains you can't trace, compromised agents you can't stop fast enough, and API keys living forever in .env files across twenty machines.

Or you can use Codios and ship today.

→ codios.midlantics.com

Building AI agents in production? Codios can be deployed as in SaaS and also as in VPC. ISO 27001 certification compliant.