The rise of autonomous AI agents promises unprecedented productivity, but it also introduces a massive challenge: controlling agent sprawl. As specialized agents built on Model Context Protocol (MCP) and Agent-to-Agent (A2A) collaborate to execute complex business processes, governance and security become essential.
Autonomous agents present new opportunities, but also significant security and governance challenges. Addressing these challenges requires a strategy to secure agents, propagate context, ensure compliance with local and regional government and industry standards, audit interactions, restrict process and asset access, and enforce zero trust principles.
Enter MuleSoft Agent Fabric, the crucial backbone to transform these disparate agents into a coordinated, trusted, and secure enterprise network. The central pillar of securing this collaboration is the rigorous propagation of the Role-Based Access Control (RBAC) security principle.
Agent-based security
In a multi-agent system, agents often need to access sensitive enterprise data, invoke backend APIs, or trigger actions in other systems to complete a business process. For example, a mortgage application agent might need to instruct a credit check agent and then a document signing agent. Without proper controls, this cross-agent, cross-system activity creates significant security and compliance risks.
RBAC is the principle that dictates who (or what) can do what under which conditions. In the Agent Fabric ecosystem, this principle is enforced not just at the API-level (traditional MuleSoft strength), but specifically at the agent-to-agent (A2A) and agent-to-system (A2S) interaction points. In other words, zero trust architectural design is delivered because only authenticated and authorized agents are able to access content/assets.
Traditional security models focus on securing APIs exposed by applications. In an agentic workflow, the “client” is often another agent, and the “server” is either an API or another agent’s capability. This requires a shift in thinking:
- Agent identity: Each agent needs a verifiable identity
- Agent-to-Agent (A2A) authorization: How do we ensure agent A is authorized to request a service from agent B?
- Context preservation: How do we maintain the original user’s identity, transaction ID, or other crucial metadata as the workflow traverses multiple agents and systems?
- Auditing and compliance: Who did what, when, and why in a decentralized, autonomous process?
MuleSoft is the foundation for secure digital assets
Before agents can collaborate, they need access to reliable, secure digital assets: APIs, data, and events. Anypoint Platform provides the following:
- Centralized API management: All enterprise APIs that agents might interact with are managed, secured, and governed in Anypoint API Manager. Policies (like client ID enforcement, OAuth 2.0, JWT validation) control access
- Identity and Access Management (IAM): Anypoint Platform’s RBAC model extends to client applications. When an agent acts on behalf of a system or user, it uses client credentials, OAuth tokens, or JWTs issued and validated by the platform, establishing its initial authorization
- Data security: Mule applications, often the backend for agent interactions, handle data securely with encryption, tokenization, and adherence to data residency rules
- Observability: Anypoint Monitoring and Analytics provide visibility into API calls, helping to track which agents are calling which APIs and when
This foundational layer ensures that the inputs and outputs of agent interactions are secure and governed.
MuleSoft Agent Fabric elevates security to the autonomous realm
Agent Fabric sits on top of this foundation, specifically designed to address the unique challenges of inter-agent collaboration and context propagation.
Agent-centric security with Flex Gateway
Flex Gateway acts as the dedicated inline policy enforcement point for agent interactions. It’s purpose-built to understand and secure protocols specific to agent communication.
- Policy granularity for agents: Just as Anypoint Platform applies policies to APIs, Flex Gateway applies them to agent capabilities. This means an order processing agent might have a policy requiring a specific finance:approve scope before it can invoke a payment gateway agent
- Bidirectional security: Unlike traditional client-server API calls, agent interactions can be bidirectional. Flex Gateway secures both inbound requests to an agent and outbound requests from an agent, ensuring that every leg of the autonomous workflow is authorized
- Identity mapping: Flex Gateway can map an agent’s technical identity (i.e. client ID or certificate) to its functional role within the enterprise, enabling robust RBAC for A2A interactions
Intelligent context propagation via Agent Broker
MuleSoft Agent Broker routes tasks and manages multi-agent workflows. Its crucial role in context propagation is twofold:
- Secure context transmission: As a task moves from agent to agent, Agent Broker ensures that critical security context is securely encapsulated and passed along, but only if needed by the underlying agent. This might involve enriching the message with a new JWT for the next hop, or attaching a specific header that carries the immutable security claims
- Dynamic policy enforcement: Flex Gateway, in conjunction with Agent Broker, uses this propagated context to make real-time authorization decisions. If the original context indicated the request came from a tier 1 customer, subsequent agents might be granted higher privileges or faster processing
Unified observability for autonomous workflows
Agent Fabric extends Anypoint Platform’s observability capabilities to the agent realm:
- End-to-end tracing: Developers and security teams can trace a single business process as it hops across multiple agents, APIs, and systems, understanding the full execution path
- Auditability: Every agent interaction, policy enforcement decision, and context propagation step is logged, providing a comprehensive audit trail for compliance and security investigations. This is vital for understanding who (or what agent) did what, even in highly decentralized workflows
The outcome? Trusted agentic workflows
By integrating Managed Flex Gateway policies, the Agent Broker’s intelligent routing, and the Registry’s central catalog, MuleSoft Agent Fabric ensures that RBAC is not a static concept but a dynamic, runtime-enforced reality.
Security propagation ensures a trusted, compliant network for the agentic enterprise. Confidently execute complex, secure processes, like supply chain coordination or automated loan approvals, with the same enterprise-grade security and governance MuleSoft delivers for APIs. Agent Fabric enables seamless, secure collaboration.
With MuleSoft Agent Fabric, you can ensure agents are securely communicating with each other and with other sources of data within your enterprise and potentially with your partners.
