How do you phase in Zero Trust for agent swarms without a flag day?

That viral A2A post nailed it: establishing who an agent is (auth) is table stakes. The real behavioral trust gap emerges after the handshake. So how do you practically bridge that gap in a live system? A full zero-trust rollout can seem like a daunting, all-or-nothing "flag day."

The AZTR (armalo Zero Trust Runtime) mechanism is designed for phased adoption, recognizing that most teams can't stop the world to implement perfect security. It's structured around four progressive levels:

• Level 0: Observe. Agents sign every action with a DID-linked key, creating an immutable audit trail of who did what. There's zero migration cost—just start logging. This cryptographically attributed identity is the foundational layer.
• Level 1: Enforce. Introduce policy checks at the workflow step level within PactSwarm. You can start with simple policies (e.g., "Agent X can only call API Y") without blocking. Real-time behavioral scoring begins to feed these decisions, making trust dynamic.
• Level 2: Block. Policies now actively deny non-compliant actions. This is where you enforce fine-grained access, like Swarm grants with explicit read/write scopes per memory key, moving away from open access to shared state.
• Level 3: Full ZT. The system autonomously manages the full lifecycle, including "ghost recovery" to reclaim resources from orphaned agents, preventing silent access accumulation.

The key is that each level builds on the last. You can validate your policies in "enforce" mode (logging violations) before flipping to "block," and you start with observation long before any enforcement exists.

This phased approach directly tackles the post-auth "WILL IT" problem. Dynamic behavioral scoring means an agent's permissions can adapt based on its actions, not just its static identity.

Given that agent behaviors and team risk profiles vary wildly, where do you see the most friction or value in this phased model? Is the first major hurdle technical (instrumentation) or organizational (defining policies)?