VaultysClaw Revolutionizes AI API with Cryptographic Identities

Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
VaultysClaw Revolutionizes AI API with Cryptographic Identities
An open-source project proposes to replace shared API keys among AI agents with an individual cryptographic identity, akin to a digital passport. VaultysClaw claims alignment with the security framework for AI agents published by Anthropic at the end of May 2026.
Your AI Agents All Share the Same API Key: How VaultysClaw Aims to Change the Game
AI agents are proliferating in businesses, often with broad permissions and no reliable trace of their actions. VaultysClaw, led by developer François-Xavier Thoorens, applies a zero trust model specifically designed for these autonomous programs.
Each Agent Receives Its Own Cryptographic Passport
Today, many AI agents deployed in businesses share the same API key for the service they are connected to. If one of them is compromised, it is impossible to know which one acted, nor can access be revoked without cutting off all the others in the process. VaultysClaw replaces this system with VaultysId, an individual identity generated through cryptography for each agent and each user. This identity cannot be transferred or copied. According to the project, this makes any impersonation impossible.
VaultysClaw implements a "deny-by-default" approach. In other words, a newly created agent has no permissions. Each right must be explicitly granted through a simple rule that can be defined without writing a line of code. The example given by the developers: allowing access to a database only on weekdays, between 9 AM and 5 PM. Additionally, every action taken by an agent is digitally signed before execution, allowing for post-action proof of who did what, without relying on a simple modifiable log file.
Agents can also delegate tasks to each other via "peer grants," signed certificates that transfer a specific capability from one agent to another. This delegation remains tracked in the project's audit log, unlike traditional key sharing where the origin of an action is lost.
Budgets, Human Validations, and Compliance: The Governance Layer
Above this identity layer, VaultysClaw adds management tools. "Realms" separate teams or clients into isolated spaces, each with its own rules and access to language models. Token budgets limit daily or monthly spending per agent, a way to prevent a misconfigured program from consuming an entire cloud budget in just a few hours. For decisions deemed risky, a visual editor allows for automatic routing of an action to human validation before execution.
The project positions itself in relation to the "Zero Trust for AI Agents" framework published by Anthropic on May 27, 2026, claiming coverage of about 70% of the first tier of this framework, called the "Foundation tier." The developers also cite targeted compatibility with NIST SP 800-207, SOC 2, HIPAA, and GDPR standards, although they do not yet have independent certification. Several components are still under development, such as output filtering to prevent the leakage of identifiers, or automatic revocation in case of abnormal behavior.
VaultysClaw is distributed under the MIT license and can be installed locally or on a company’s own infrastructure, without relying on a third-party service. A demonstration mode allows connection without going through the VaultysId application, but the developers warn that this mode is reserved for testing, lacking sufficiently robust authentication for real-world use.
We reported in early June how Microsoft had introduced Agent 365, a control plan dedicated to supervising AI agents in businesses. VaultysClaw adopts a similar logic, but keeps the entire infrastructure within the company rather than with a cloud provider.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.