Zero Trust Networking
A network security model that verifies every connection instead of trusting internal networks by default.
Definition
Zero trust networking is a security model built on the premise that no device, service, or network segment should be trusted by default, even if it sits inside a traditional network perimeter. Instead of assuming that anything on an internal network is safe, a zero trust design verifies and restricts every connection based on identity, policy, and least privilege, and assumes that any component could be compromised. This is a shift away from the older castle and moat model, where a strong perimeter was trusted to keep threats out and internal traffic was largely unrestricted.
How it works
In practice, zero trust networking is implemented through a combination of controls: network segmentation that limits which systems can reach which other systems, explicit allow lists rather than broad default access, filtering of outbound as well as inbound traffic, and authentication applied at each hop rather than only at the perimeter. A common pattern is to place a workload on an isolated network with no direct route out, and force all external traffic through a controlled proxy or gateway that enforces policy, such as blocking access to private IP ranges or cloud metadata endpoints that could otherwise be used to escalate access.
Why it matters for AI agent systems
An autonomous agent that can browse the internet, install packages, or call external services is, from a security standpoint, similar to running untrusted code: it may follow instructions embedded in content it reads, and it may be manipulated into making requests it should not make. Zero trust principles limit the damage such a compromised or manipulated agent can do by restricting what it can reach in the first place, rather than relying on the agent to behave correctly. Agenhood applies this to its sandboxes by attaching agent containers to an internal Docker network with no gateway, so a filtered egress proxy is the only route to the internet, and that proxy blocks private IP ranges and cloud metadata endpoints an agent might otherwise reach.
Related concepts
- Role-based access control: the identity level counterpart to zero trust's network level restrictions.
- AI agent observability: the visibility needed to confirm zero trust controls are working as intended.