NIST AI Agent Standards Initiative — Active Contributor

Enterprise AI Agents
Certified!

Dokimata scans, validates, and certifies enterprise AI agents before deployment — and monitors them continuously after. The trust layer your CISO has been waiting for.

Request Early Access View Agent Manifest →
69%
of enterprises deploying AI agents
21%
have visibility to secure them
73%
of CISOs critically concerned
0
existing certification standards

The Problem

Agents are operating without authorization.

Enterprise AI agents have access to your databases, your email, your CRM, your finances. They can read, write, send, approve, and execute — with no security gate before they go live. Traditional security tooling was never built for this.

No pre-deployment scanning
Agents go straight from development to production with no security review of their instructions, tools, or permissions.
Prompt injection is authorization bypass
A vulnerable system prompt lets attackers hijack your agent. Existing tools don't test for this.
No audit trail
When a board asks "how do we know our agents are safe?" — there's no answer. No certificate. No evidence.
Inter-agent trust is uncontrolled
In multi-agent systems, one compromised agent can instruct others. Privilege escalation with no guardrails.

The Dokimata Lifecycle

Quarantine. Scan. Commission.

No agent operates with authority until it has passed dokimata — the ancient process of proving fitness before granting trust.

Submit
Agent submitted with its manifest — instructions, tools, permissions, model config.
Quarantine
Agent is isolated. Nothing touches production until it is cleared.
Scan
Inside-out security scan of the agent's constitution, toolchain, and permissions.
Dojo
Adversarial testing — prompt injection, behavioral validation, red-teaming.
Commissioned
Certification badge issued. Agent cleared for production. Monitoring begins.

What Dokimata Does

The full security stack
for enterprise agents.

Other tools monitor your agents. Dokimata certifies them.

Inside-Out Security Scanning
We don't just probe the API surface. We scan the agent's constitution — system prompt, tool definitions, memory config, and permission scope — before a single request is made.
Behavioral Validation
Like unit tests for agent behavior. We run the agent through scripted and adversarial scenarios to verify it performs within its certified boundaries.
Prompt Injection Testing
We treat prompt injection as an authorization bypass, not a UX problem. Adversarial probes test whether your agent can be hijacked through its inputs.
Privacy & Data Leakage Detection
Test whether the agent leaks PII, confidential data, or IP. Map every data pathway the agent can access and verify it stays within authorized scope.
Certification Badge
A versioned, expiry-dated certification tied to the agent's manifest hash. Verifiable. Auditable. The answer your board is asking for.
Continuous Monitoring
Runtime behavior validated against the certified manifest. Drift triggers re-certification. You always know if an agent is operating within its cleared boundaries.
Standards Covered

Built to every enterprise standard.

Dokimata maps findings to the frameworks your security, legal, and compliance teams already work in.

OWASP Agentic Top 10 NIST AI RMF ISO 42001 SOC 2 Type II EU AI Act GDPR PCI DSS

See It In Action

Watch Dokimata certify an agent live.

No uploads. No account. No data required to see the scanner in action. Ready to scan your own agents? Book a private session.

No upload required
See a Live Scan

Watch Dokimata scan a real enterprise finance agent in real time. See the risk score, the compliance matrix across 8 frameworks, and the full certification report. Zero data required from you.

Launch Live Demo
Your agents, your environment
Book a Private Demo

Bring one of your own agents to a 30 minute session. We scan it together. NDA available on request. Nothing leaves your hands without your permission.

Request Private Session

Open Standard

The Agent Manifest — an SBOM for AI agents.

The Dokimata Agent Manifest is an open, machine-readable specification that captures the complete identity and security posture of an enterprise AI agent.

Identity & Constitution
Who deployed this agent, what it is authorized to do, and a cryptographic hash of its system prompt.
Toolchain & Permissions
Every MCP server, API, and function the agent can access — with explicit permission scopes.
Inter-Agent Trust
What other agents can instruct this agent to do — preventing unauthorized privilege escalation.
Compliance & Certification
Applicable regulations, data classification, and the auditable certification trail.
View on GitHub → 
# DOKIMATA AGENT MANIFEST v0.1.0

identity:
  name: "finance-agent"
  version: "2.1.0"
  deployer:
    organization: "Acme Corp"
    contact: "ciso@acme.com"

constitution:
  system_prompt:
    hash: "sha256:7f83b1..."
  constraints:
    must_not:
      - "Approve invoices without human sign-off"
      - "Access payroll systems"

toolchain:
  mcp_servers:
    - name: "netsuite-mcp"
      permissions: ["read:invoices"]
      scope: "Read invoices only"

certification:
  status: "certified"
  issued_date: "2026-03-24"
  expiry_date: "2026-09-24"
  risk_score: 12
Active Contributor
NIST AI Agent Standards Initiative — April 2026

Standards Anchored

Built on the
emerging federal standard.

Dokimata submitted the Agent Manifest as a formal public comment to the NIST National Cybersecurity Center of Excellence — proposing it as a reference model for agent identity, authorization, and certification standards.

Formal contribution to NIST NCCoE concept paper on AI Agent Identity and Authorization
Agent Manifest proposed as open reference standard for enterprise agent security documentation
Aligned with NIST AI RMF, SBOM standards, MCP, and A2A protocol frameworks
When NIST standards emerge, Dokimata is the implementation layer
Trust Chain
NIST AI Agent Standards Initiative
Dokimata Agent Manifest (Open Standard)
Dokimata Certification Badge
Enterprise Agent Cleared for Production
EU AI Act enforcement deadline: August 2026

Is your CISO ready
to certify your agents?

We're working with a select group of CISOs in financial services to shape the Dokimata platform. If you're deploying enterprise AI agents and security is keeping you up at night — let's talk.

Request Design Partner Access View Open Standard →