Brief IA

VaultysClaw Revolutionizes AI API with Cryptographic Identities

💻 Code & Dev·Tom Levy·

VaultysClaw Revolutionizes AI API with Cryptographic Identities

VaultysClaw Revolutionizes AI API with Cryptographic Identities
Key Takeaways
1VaultysClaw aims to replace shared API keys with individual cryptographic identities for AI agents.
2This open-source project is inspired by the concept of a digital passport to secure interactions of AI agents.
3VaultysClaw aligns with the security framework for AI agents published by Anthropic in May 2026.
💡Why it mattersThis innovation could enhance the security of AI agents by avoiding vulnerabilities associated with shared API keys.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

VaultysClaw Revolutionizes AI API with Cryptographic Identities

An open-source project proposes to replace shared API keys among AI agents with an individual cryptographic identity, akin to a digital passport. VaultysClaw claims alignment with the security framework for AI agents published by Anthropic at the end of May 2026.

Your AI Agents All Share the Same API Key: How VaultysClaw Aims to Change the Game

AI agents are proliferating in businesses, often with broad permissions and no reliable trace of their actions. VaultysClaw, led by developer François-Xavier Thoorens, applies a zero trust model specifically designed for these autonomous programs.

Each Agent Receives Its Own Cryptographic Passport

Today, many AI agents deployed in businesses share the same API key for the service they are connected to. If one of them is compromised, it is impossible to know which one acted, nor can access be revoked without cutting off all the others in the process. VaultysClaw replaces this system with VaultysId, an individual identity generated through cryptography for each agent and each user. This identity cannot be transferred or copied. According to the project, this makes any impersonation impossible.

VaultysClaw implements a "deny-by-default" approach. In other words, a newly created agent has no permissions. Each right must be explicitly granted through a simple rule that can be defined without writing a line of code. The example given by the developers: allowing access to a database only on weekdays, between 9 AM and 5 PM. Additionally, every action taken by an agent is digitally signed before execution, allowing for post-action proof of who did what, without relying on a simple modifiable log file.

Agents can also delegate tasks to each other via "peer grants," signed certificates that transfer a specific capability from one agent to another. This delegation remains tracked in the project's audit log, unlike traditional key sharing where the origin of an action is lost.

Budgets, Human Validations, and Compliance: The Governance Layer

Above this identity layer, VaultysClaw adds management tools. "Realms" separate teams or clients into isolated spaces, each with its own rules and access to language models. Token budgets limit daily or monthly spending per agent, a way to prevent a misconfigured program from consuming an entire cloud budget in just a few hours. For decisions deemed risky, a visual editor allows for automatic routing of an action to human validation before execution.

The project positions itself in relation to the "Zero Trust for AI Agents" framework published by Anthropic on May 27, 2026, claiming coverage of about 70% of the first tier of this framework, called the "Foundation tier." The developers also cite targeted compatibility with NIST SP 800-207, SOC 2, HIPAA, and GDPR standards, although they do not yet have independent certification. Several components are still under development, such as output filtering to prevent the leakage of identifiers, or automatic revocation in case of abnormal behavior.

VaultysClaw is distributed under the MIT license and can be installed locally or on a company’s own infrastructure, without relying on a third-party service. A demonstration mode allows connection without going through the VaultysId application, but the developers warn that this mode is reserved for testing, lacking sufficiently robust authentication for real-world use.

We reported in early June how Microsoft had introduced Agent 365, a control plan dedicated to supervising AI agents in businesses. VaultysClaw adopts a similar logic, but keeps the entire infrastructure within the company rather than with a cloud provider.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.