Zero trust is a security model in which no request is trusted by default, regardless of whether it originates inside or outside the network, every access attempt is authenticated and authorized individually, every time, rather than relying on network location as a proxy for trust.
Traditional network security assumed that anything inside the perimeter (the corporate network) was trustworthy and everything outside was not, a model that fails once credentials are stolen or an insider account is compromised, since the attacker is then "inside" and implicitly trusted. Zero trust removes that assumption: every request is authenticated and authorized on its own merits, regardless of where it originates, every time.
Applied to digital assets and documents, zero trust means every access request, human or AI agent, is checked against identity and permissions at the moment of the request, not granted broadly because the requester is "on the network" or already logged into some other system. This includes AI agents acting via MCP or API: an agent's request to retrieve an asset is authenticated and permission-checked exactly like a human user's, with the same audit trail.
Zero trust becomes more important, not less, as AI agents gain the ability to search and retrieve content on users' behalf, a compromised or misconfigured agent under a perimeter-trust model could access far more than intended. Enforcing identity and permission checks on every single request, including automated ones, contains that risk to exactly what the requesting identity is authorized to see.
ioMoVo enforces permission checks on every request, human or AI agent, regardless of origin, with every action logged, so agentic access through MCP and A2A carries the same zero trust discipline as a human login. See the ioMoVo security page.
A firewall controls what can cross a network boundary; zero trust removes the assumption that anything already inside that boundary should be trusted, checking every request individually regardless of location.
Yes, in a properly implemented zero trust model, an AI agent's request to access content is authenticated and permission-checked exactly like a human user's, with no implicit trust from being part of an automated system.