AI Agent Liability - Agentic AI Gap Reduced with NEXUS A2A
Your Agents Are Making Decisions. Who Is Accountable, When They Get It Wrong?
The agentic AI transition happened faster than most legal, risk, and compliance teams were prepared for.
Eighteen months ago, AI agents were demos. Today they are writing contracts, managing vendor negotiations, executing trades, querying customer records, and instructing other agents to do the same — sometimes with no human reviewing a single intermediate step.
The question most organizations have not answered: when an AI agent takes an action that causes harm, who is accountable?
The answer, under EU AI Act Article 14, NIST AI RMF Govern 1.2, and emerging US federal guidance, is: the organization that deployed it. Not the model vendor. Not the protocol provider. The deployer.
That accountability requires evidence. Specifically, it requires a chain of proof: this agent was authorized to perform this action, by this human principal, within this documented scope, at this time, and here is the cryptographic record showing exactly what happened.
Most deployed agentic systems cannot produce this chain. NEXUS-A2A is built to produce exactly this, reducing agentic AI liability.
What the Regulators Are Actually Looking For in Agentic AI Liability
EU AI Act Article 14 requires “human oversight” for high-risk AI systems. But Article 14 is more specific than most people realize. It requires that human oversight be exercised through “appropriate tools” that allow the human to “understand the relevant outputs” and “monitor, detect, and intervene.”
This is not a checkbox. “We have a human who could theoretically intervene” does not satisfy Article 14. The human must have the tools to actually intervene — including a reliable record of what the agent did, the ability to revoke its authority, and the mechanism to stop it.
NEXUS provides all three: NOR audit chain (complete record), QUARANTINE performative (immediate revocation, 500ms propagation), and kill switch architecture (four tiers: operator, domain, principal, cryptographic).
NIST AI RMF Govern 1.2 requires organizations to establish “processes and responsibilities for AI risk management.” In the context of agentic AI, this means: who authorized this agent, what can it do, and who bears responsibility if it causes harm? The NEXUS Owner-of-Record requirement (AISM Invariant I-5) enforces this at the protocol level. Every deployed agent must have a named human who has formally acknowledged their governance responsibilities directly addressing agentic AI liability concerns.
The Three Questions That Determine Your Exposure
Organizations that cannot answer these three questions are carrying undocumented liability:
- Can you produce a cryptographic audit trail for any agent action in the past 90 days?
“Cryptographic” is the operative word. Application logs are mutable. A database row showing an agent made a call can be altered. An NOR receipt with a SHA-256 hash signed by the agent’s identity key cannot be retroactively changed without invalidating the signature. If your incident response or regulatory response relies on mutable logs, it does not satisfy the evidentiary standard regulators are beginning to expect.
- If an agent starts behaving unexpectedly, how quickly can you stop it?
The NEXUS QUARANTINE performative propagates across a delegation chain in 500ms. This is not a theoretical capability — it is a protocol-level mechanism that revokes not just the agent, but everything it delegated. If your current answer is “we would have to manually revoke credentials across multiple systems,” you have a real-time response gap.
- Can you demonstrate scope control at the delegation layer?
When an orchestrator delegates to a sub-agent, and that sub-agent makes a decision that causes harm, was the sub-agent operating within its authorized scope? Can you prove it, cryptographically? NEXUS VCC (Verifiable Capability Credential) documents the scope at every delegation hop. The AISM Invariant I-2 (Monotonic Scope Narrowing) ensures sub-agents can only hold capabilities explicitly granted, never amplified from parent grants. This chain is auditable and tamper-evident.
The Supply Chain Problem Nobody Is Talking About
MCP servers are the new third-party software vendors. Your agents are calling them for file access, database queries, web search, calendar management, and code execution. Most organizations have no inventory of which MCP servers their agents are connected to at any given moment.
If a malicious update reaches one of those servers — or if a new MCP server is connected by an agent without explicit authorization — do you know?
NEXUS AgBOM (Agent Bill of Materials) produces a real-time, hash-chained inventory of every tool, model, MCP server, and external API connected to a given agent. Every discovery event creates a new signed version entry. The chain is integrity-verified. Unsigned components (MCP servers without a NEXUS capability manifest) are flagged as supply chain risk.
This is OWASP Agentic AI ASI07 (Supply Chain Risk) operationalized as an audit-ready inventory.
Most organizations that attempt to build agent governance from scratch discover several things:
Identity architecture requires months. Cryptographic delegation with scope attenuation is not a weekend project. OPA policy deployment and maintenance requires dedicated engineering. Non-repudiable audit chains require infrastructure decisions that cut across security, legal, and platform engineering.
NEXUS delivers all of this as an open-source, Apache 2.0 SDK that installs in 60 seconds and deploys a sovereign gateway with five services (identity, policy enforcement, observability, workload attestation, economic accounting) via a single Docker Compose command.
pip install nexus-a2a-sdk
# Sovereign gateway deployment:
docker compose up -d
# gateway + OPA sidecar + OTel + SPIRE + RedisIt wraps existing MCP servers, ACS Guardians, and LangChain/CrewAI pipelines without requiring code changes.
The AISM score for NEXUS v0.3 against AI SAFE2 v3.0: 24/25 in stub mode, 25/25 in full production deployment. The gap: P4 behavioral analytics over long horizons (roadmap). All five structural pillars are addressed in the current release.
What to Ask Your Engineering Team This Week
If you are a CISO, General Counsel, or risk officer reading this, here are four concrete asks:
Ask 1: Run the AI SAFE2 v3.0 compliance checker against your current agentic deployment.
cd sdk/python
PYTHONPATH=. python ../../compliance/scoring/nexus-score.py --check-envThe output identifies specific liability gaps by pillar and control. It is not a sales tool — it is a technical assessment you can bring to your board.
Ask 2: Identify which agents in your current deployment have registered kill switches. Under HEAR Doctrine (Human Executive Authority and Response), every ACT-Tier 2 or higher agent requires a registered kill switch pathway. If the answer is “none,” that is a governance gap that predates regulatory enforcement pressure.
Ask 3: Request a list of every MCP server your agents are currently connected to. If that list does not exist, you have a supply chain inventory problem.
Ask 4: Identify the owner-of-record for your five most capable agents. EU AI Act Article 14 requires a named human accountable for each high-risk AI system’s actions. If the answer is “the team,” no regulator will accept that.
Sovereign Infrastructure Is a Strategic Advantage
Organizations that build sovereign agent infrastructure now acquire three compounding liability framework advantages:
Speed: When your governance infrastructure is in place, you can deploy new agents faster. Governance becomes a template, not a bottleneck.
Trust: Customers, partners, and regulators trust systems with cryptographic accountability. “We have logs” and “we have non-repudiable signed receipts” communicate very different levels of maturity.
Durability: The NEXUS Constitutional Constraints (CC-1 through CC-5) ensure that no governance process can remove human override capability, scope monotonicity, or memory provenance requirements. The foundation is designed to hold as agent capabilities scale.
The organizations watching this space and waiting for “the standard” to emerge for agentic AI systems are ceding ground to organizations that are building the standard by deploying it.
NEXUS-A2A is open source. The technical governance committee is accepting members. The IETF draft for L1-L2 is in preparation. This is the moment to participate, not the moment to wait for your AI liability or product liability to grow.
NEXUS-A2A v0.3 | Apache 2.0 | Cyber Strategy Institute
AI governance assessment and enterprise deployment guidance: cyberstrategyinstitute.com
