Badge Is Building The Trust Layer Your Agents Have Been Waiting For
This article is a continuation of the discussion I had with the Badge team at RSAC 2025 which led to a follow-up discussion at RSAC 2026 in San Francisco. That article can be found here. In this article, we examine how Badge is solving one of enterprise security’s oldest problems — establishing portable, cryptographic trust across humans, machines, and AI agents — without storing a single shared secret.
If you wander the RSA Conference show floor long enough, you start to hear the same refrains on loop. Everyone promises zero trust, AI, and “reimagined identity.” Very few can explain, in concrete cryptographic terms, how any of that actually works when you drop it into a messy enterprise that has lived through a decade of mergers, half-migrated directories, and a graveyard of stored credentials.
Then you sit down with Dan Kaufman and the Badge team, and the conversation snaps into focus.
Radiant Logic did exactly that. As Dan tells it, they came to Badge with an almost sheepish confession: their customers were pounding on the door asking for something Radiant Logic did not have.
“Radiant Logic came to us and said, verbatim, ‘Hey, we’re getting all these [customers] with all this incoming data, and we have all these logos… all these logos are coming in asking exactly for that, and we see that you’re working with other people. Why not us?’ We said, ‘We were not purposely not working with you. We didn’t know that’s what you wanted and what the opportunity was.’”
Once they compared notes, the path forward was straightforward: OEM the Badge capabilities into Radiant Logic’s identity fabric so customers can buy the value as a native capability instead of a bolt-on.
“We worked with them for a bit, integrated the product, got it all in so they can just go and sell it. And now we’re announcing that we have a partnership .”
For CISOs, that pairing is interesting because of what each side brings to the table. Radiant Logic already sits at the center of complex identity fabrics in some of the largest enterprises in the world. Badge plugs in not as yet another identity silo, but as what Dan describes as a cryptographic backbone.
Dr. Tina Srivastava, co-founder of Badge Inc. put it succinctly:
“It’s sort of starting to position Badge, at least in the market, as this kind of trusted backplane where the question is asked, ‘Is that backed by Badge?’”
If you strip away the marketing gloss, that is exactly the kind of question CISOs want their architects asking: what is the root of trust behind this identity decision, and can I reuse it everywhere, for humans, machines, and now agentic AI.
Agentic AI Needs A Badge, Too
Badge started with human identity because it is the easiest place for the industry to understand biometrics and risk-based authentication. But the team is very clear that the same cryptographic plumbing applies to AI agents.
“You wrote [last year] really clearly how Badge allows you to derive a key on the fly from any factors, whether that’s human biometric, device signals, hardware, machines. And so what we’re able to do is also have your agentic AI covered, right? So why is it called agentic AI? It’s because you’re giving it agency to act on your behalf. And so if you have a cryptographic key, now you can have delegated, scoped credentials for your agentic AI agents to act on your behalf.”
Think about what most vendors are actually selling under the banner of “AI assistants” today. At best, you get a smart macro wired to an API token that can do a handful of tasks. At worst, you get a glorified chatbot with access it should never have had in the first place.
Badge is trying to force the conversation into more adult territory. If an agent is going to act on behalf of a human, it needs what a human has in any serious security program:
- A cryptographically strong identifier tied back to a root of trust
- Delegated, scoped credentials that define what it can and cannot do
- A way for relying parties to verify the agent was actually authorized for this action
Dan paints a vivid example from healthcare that will make any privacy-minded CISO wince, mostly because it is so plausible. You are furious with your current insurer and instruct your agent to move your records and coverage somewhere else.
“It’s a perfect thing for agentic AI to do, because you’d be like, ‘Oh, please just go handle that. Move me from insurance company to insurance company.’ Okay, now what happens? Here’s the problem…”
He then lays out three gaps that will resonate with anyone who has lived through an AI proof of concept that quietly turned into a risk register entry:
- “How does the relying party know this agent is actually acting for you, not just holding a pile of your data?”
- “How do relying parties differentiate between multiple agents tied to the same person, each intended for different scopes, like medical vs shopping vs travel?”
- “Even if identity and intent are clear, how do you ensure the agent operates inside a strict scope and is not quietly spraying data to third parties?”
“If you don’t have this trust layer that’s sitting inside, it’s going to be hard. Right now it’s wild west. Everyone’s racing, it’s free, but when we get into it, you can think about a million examples.”
The punchline is simple:
“Everything that applied to the human identity, this exact same technology, it’s already built, already done, applies in this [agentic] world as well. We always say, ‘How do you prove you’re you?’ With an agent, it is exactly the same thing. How do I prove that the agent is right?”
For an industry that loves to chase shiny models and “AI-native” platforms, this is a refreshingly grounded position. Badge is not trying to be the best foundational model or the flashiest AI co-pilot. They are unapologetically focused on making sure you can trust whatever agent you eventually deploy, regardless of whose model is under the hood.
No Stored Secrets, Real Cryptography, And The M&A Mess
If you want to see how serious a vendor is about identity, ask them what happens after a merger. Most will start hand-waving about roadmaps and “phased consolidation.” Badge talks about X.509 certificates, Kerberos, and the reality that your directory topology looks like a family tree drawn by a committee.
Dan continues, “Healthcare is a great example, because healthcare has really grown up through consolidation. You often have disparate networks. You have systems where it’s really challenging to access the systems, clinics merge, hospitals merge. So you have these disparate systems.”
In that world, Radiant Logic’s identity fabric provides the policy and routing. Badge provides a way to authenticate across these patchwork domains without spraying passwords or synchronizing directories for the next three years.
“Specifically, an example comes from Cerner Cloud which requires access through an AD trust that supports only one AD domain. And so that becomes a challenge, especially in healthcare. We have all kinds of domains… Our joint solution now provides SSO from any managed AD domain into that Cerner AD domain and the authorization that goes with it.”
The trick is a cryptographically derived X.509 certificate that rides alongside Radiant Logic’s policies.
“Usually there’s this challenge of, how do you SSO across untrusted domains, and so with Badge, because you can derive an X.509 certificate, you can actually have seamless SSO, even to untrusted domains and unfederated domains.”
If this sounds like cheating to anyone who has ever lived through an AD migration, that is the point.
“Let’s say you have two different companies. Company A is merging with Company B, and they have totally different Active Directories that don’t trust each other… The whole point of an M&A is usually that you’ve sold the value that one plus one equals three. So that means that people from this organization should access resources from this organization in order to really get the value out of that acquisition and that merger. But if these domains don’t have any trust relationship between each other, it can take a very long time to achieve that.”
Instead of touching every resource, Badge and Radiant Logic allow policy to say who should be able to access what. Badge then materializes the right certificate at the right time. No trust relationship between domains, no directory duplication.
“On day one, through specifying the appropriate policy in Radiant Logic – because you can derive an X.509 certificate – you now don’t have to duplicate users or establish a trust relationship, but that certificate can enable that access. The user has a very seamless experience. They just click on that file share and bam, it works. Whether it’s a SQL Server, a file share, a Kerberos web app, whether it’s an [old] app, they can just open it and it works.”
If you are thinking about the multi-year odyssey you went through the last time your company acquired something, you are not alone.
“Any of the M&A activities that I’ve been involved with are three to five year journeys, and then massive project management road maps with dependencies and gates and all of that stuff…”, says Kaufman, “I just did the migration from Google to Microsoft for an organization that had 600 applications. It was nasty and painful. I mean, it’s still going on.”
Badge and Radiant Logic have heard the same thing from their shared customers.
“Their customer came to us, and they’re like, ‘We’re not sure it’s possible at all, but is there any chance we could get this done by 2028?’ We said, okay, so you have to wait for the customer to go away, and then we talked to Radiant Logic and went ‘Or we could do it tomorrow!’”
There is some well-earned snark in that delivery, but there is also a real point: if you remove stored secrets and instead derive credentials cryptographically from trusted factors, a lot of old constraints simply stop applying.
“CISOs are recognizing that you can, for the first time, do this without stored credentials. By not having stored credentials, you open up all these capabilities and solve this long-standing Kerberos cross-domain SSO challenge. By not having stored secrets, you can actually unlock so many things across the enterprise.”
Platform, Not Professional Services
If all of this sounds like a consulting-heavy story, that is exactly what Badge is trying to avoid. Dr. Srivastava noted the obvious tension:
“If you go to a consulting group, they’re going to look at that as ‘You’re going to cannibalize our hours,’ right? So the companies that are building platforms and products and are looking for long term, scaling sort of growth, that’s really where the [value is].”
Badge is intentionally productizing capabilities that have traditionally lived in expensive integration projects. That is part of why OEM relationships matter so much here. Badge wants to be part of the core product that a customer is already buying, not a competing platform that has to be justified on its own.
Dan continues about M&A integration realities, “There’s no real large company that doesn’t do some kind of M&A. Pick any industry you want. They’re constantly buying things and they’re constantly shedding things. So that’s why the path we’ve taken is, look, we’ll just integrate into your core product, and then you just have this other capability, which now allows you to win accounts.”
That pattern is repeating across the ecosystem:
- Radiant Logic for identity fabric and cross-domain access
- CyberArk and others for authorization and privileged access
- Thales for secure key management and recovery
“Our partners, which you did such a great job talking about [last year], CyberArk, now Palo Alto, which is great, are our stakeholders. Part of the partnerships with CyberArk, Thales, Radiant Logic is also that a lot of them do the authorization, but you can’t do that without the cryptographic foundation,” says Kaufman.
“What they really recognized is that by Badge providing that cryptographic foundation, they can now assert the authorization for a cryptographically verified agent, and that it’s a scoped set of credentials based on what [the user] wants this agent to do.”
In other words, Badge is happy to be the plumbing as long as the plumbing is everywhere.
“People are like, ‘Well, how many products do you have?’ We’re like, we just have one thing.”
That “one thing” is a trust layer built on strong cryptography, no stored secrets, and the ability to derive credentials on demand for humans, machines, and agents. One thing.
It is not a bad thing when that message starts to land.
“That’s why we were all tickled when we got the AI award at RSAC this year, because we’re like, ‘Oh, our message is getting through. This is exactly what we were trying to say.’ Trust is the fundamental thing. We concentrated on talking about human identity because it was an easy way for people to understand and deal with biometrics. But the truth is, trust is just trust, and it shouldn’t matter whether you’re machine identity or human identity. The same cryptographic principle is what applies.”
A CISO’s Next Move
If you are a CISO watching the agentic AI hype cycle spin up on top of an already fragile identity stack, Badge is not going to show up with a magic “AI solved” button. That is probably a good sign.
What they are doing is more foundational:
- Eliminating stored secrets in favor of derived cryptographic keys
- Providing a consistent root of trust for humans, machines, and agents
- Making brutal M&A and cross-domain SSO problems tractable on realistic timelines
- Plugging that capability directly into the platforms you already use, instead of asking you to rip and replace
The call to action here is pretty direct. Before you greenlight another AI agent pilot or commit to another multi-year directory migration, ask some basic questions.
What is the root of trust for this interaction? Can I prove that this agent really represents the human it claims to? Can I scope what it is allowed to do in a way that is enforced cryptographically, not just in an internal spreadsheet?
If you cannot answer those cleanly today, it may be time to look at what Badge and its partners are doing. Start by mapping your highest pain scenarios: healthcare or financial data access, M&A integration, cross-domain SSO, or any AI initiative where your legal team looks nervous. Then evaluate whether a no-stored-secrets, derived-key-approach can give you faster, more trustworthy outcomes than yet another round of directory synchronization and brittle one-off integrations.
Identity is not getting simpler. Your users, your agents, and your regulators are not getting more patient. A reusable cryptographic trust layer is not a luxury anymore, it is table stakes.
Badge is betting that if they can quietly become that layer inside the tools you already trust, the rest of the ecosystem will have a much easier time keeping its AI promises.
Author’s Note: The author sat down with “DARPA” Dan Kaufman, Dr. Tina Srivastava, and the Badge Team at the 2026 RSAC Conference in San Francisco, March 23rd to 25th, 2026, for this Innovators Spotlight interview for Cyber Defense Magazine.
For more information, please visit www.badgeinc.com.
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
