AI-era privileged access · zero standing privilege

Your AI agents should never hold a standing key to the estate.

Luca Defense is the control plane that stores, executes, and organizes your entire privileged-access posture — tiered zones, phishing-resistant identity, and an AI Admin-Gate that brokers every privileged action an agent takes: scoped to one task, alive for minutes, approved where it matters, and immutably audited.

A hijacked agent becomes a bounded event, not a whole-estate breach. No standing vault keys, no standing directory writer, no standing BMC login — everything just-in-time.
The problem

One prompt-injection shouldn't be able to take the whole estate.

AI agents are a new kind of principal: they authenticate like a machine, act with the reach of a senior operator, behave non-deterministically, and can be steered by any content they read. Handed standing privilege, they are a permanent, machine-speed path to catastrophe.

78
Graph permissions on one over-privileged app whose secret any agent could read
0 gates
between an agent and the vault, k8s, the directory, and the BMC fleet — today
1 phish
from tenant takeover when admins are ordinary daily-driver accounts
100%
of admin actions brokered & audited once Luca Defense is in front
Tiered zones

Three zones. Each one harder to reach than the last.

Built on Microsoft's Enterprise Access model. A higher zone is never administered from a lower one, and credentials never flow downward. An asset's zone is the highest tier it can control — so a server's BMC lives with the identity it could seize.

Tier 0 · most restricted

Admin

Identity and anything that can seize it.

  • Domain controllers & Entra admin roles
  • The iDRAC / BMC fleet
  • The credential vault
  • PAW-only · JIT · phishing-resistant
Tier 1 · infrastructure

Fabric

The control planes that run everything.

  • Hypervisor & cluster management
  • Kubernetes API & the public edge
  • Firewall & CDN administration
  • Administered only downward from Admin
Tier 2 · workloads

Green

Users, apps, and every AI agent.

  • User endpoints & devstations
  • Production app workloads
  • All AI / agent identities
  • No standing upward admin path
The flagship

The AI Admin-Gate

A single narrow choke-point for every privileged action an agent initiates. There is no other path from an agent to a control plane — and the gate never trusts the agent's own narrative for the decision.

  1. Intercept & classify. The agent's intent hits the gate — action, resolved parameters, target zone and tier — never raw shell, kubectl, or Redfish.
  2. Policy & approval. RBAC v3 returns allow / deny / require-approval. Destructive, irreversible, or Tier-0 actions require a human — and dual-control for the top tier.
  3. Broker a JIT credential. The Secrets Broker mints one scoped, minutes-lived credential for that one task, logged before it is usable, auto-revoked on expiry.
  4. Execute & prove. An ephemeral runner performs the action; every request and outcome lands in a tamper-evident audit.
# today — standing, wholesale, unobserved
agent → decrypt entire vault
agent → rewrite all of Entra
agent → log in to every BMC

# with Luca Defense — brokered, single-scope
agent → gate.request("rotate iDRAC .6")
  → policy: approve (human, FIDO2)
  → lease: 1 credential · 5 min · audited
  → done · revoked · logged
Store · Execute · Organize

One control plane, not fifteen consoles.

Security posture lives in one place, is pushed out from one place, and is governed in one place.

🗄️

Store

Every zone, Conditional-Access & PIM policy, break-glass account, firewall intent, AI action-allowlist, and broker grant — versioned, diffable, one source of truth.

Execute

The only thing that pushes settings outward — to the directory, the firewall, the BMCs, and the broker — always report-only before enforce, so nothing locks you out.

🛡️

Organize

Governs who and what may invoke each action, routes AI through the admin-gate, and keeps a tamper-evident record of every change.

Why it holds

Proven parts. Dogfooded on our own AI fleet.

Extends a shipped tool-governance engine Phishing-resistant MFA · FIDO2 Just-in-time elevation · PIM Zero standing privilege Tamper-evident audit Break-glass, tested quarterly It governs our own agents first

Give your AI zero standing privilege.

Luca Defense is in build now, dogfooded across our own estate. Request early access or a walkthrough of the architecture.

Request access