← All glossary terms

What is zero trust security?

Zero trust is a security model in which no request is trusted by default, regardless of whether it originates inside or outside the network, every access attempt is authenticated and authorized individually, every time, rather than relying on network location as a proxy for trust.

The core principle: never trust, always verify

Traditional network security assumed that anything inside the perimeter (the corporate network) was trustworthy and everything outside was not, a model that fails once credentials are stolen or an insider account is compromised, since the attacker is then "inside" and implicitly trusted. Zero trust removes that assumption: every request is authenticated and authorized on its own merits, regardless of where it originates, every time.

What zero trust looks like in a content platform

Applied to digital assets and documents, zero trust means every access request, human or AI agent, is checked against identity and permissions at the moment of the request, not granted broadly because the requester is "on the network" or already logged into some other system. This includes AI agents acting via MCP or API: an agent's request to retrieve an asset is authenticated and permission-checked exactly like a human user's, with the same audit trail.

Why it matters more as AI agents get access

Zero trust becomes more important, not less, as AI agents gain the ability to search and retrieve content on users' behalf, a compromised or misconfigured agent under a perimeter-trust model could access far more than intended. Enforcing identity and permission checks on every single request, including automated ones, contains that risk to exactly what the requesting identity is authorized to see.

How ioMoVo approaches this

ioMoVo enforces permission checks on every request, human or AI agent, regardless of origin, with every action logged, so agentic access through MCP and A2A carries the same zero trust discipline as a human login. See the ioMoVo security page.

How is zero trust different from a firewall?

A firewall controls what can cross a network boundary; zero trust removes the assumption that anything already inside that boundary should be trusted, checking every request individually regardless of location.

Does zero trust apply to AI agents, not just human users?

Yes, in a properly implemented zero trust model, an AI agent's request to access content is authenticated and permission-checked exactly like a human user's, with no implicit trust from being part of an automated system.