Closing the human authority and accountability gap: why Faction partnered with iVALT

The threat environment has fundamentally changed. Cyber warfare with adversarial nation-states is now continuous, and AI is handing bad actors of every kind exponentially greater capability — finding vulnerabilities at machine speed, generating deepfakes that defeat verification, and increasingly acting autonomously inside systems. At the same time, organizations are deploying AI systems faster than governance frameworks are evolving — expanding the attack surface from inside as well as out.

The challenge is no longer simply keeping attackers out. The challenge is maintaining control.

Every major evolution in cybersecurity has followed a shift in infrastructure. Generation 1 protected trusted internal networks with firewalls and VPNs. Its organizing assumption was simple — inside means trusted — and for its era, that was reasonable. But the explosion of cloud, mobile, and remote work dissolved the perimeter entirely. The gateway became a visible target, credentials became the primary attack vector, and OT and IoT devices that couldn't run agents were left entirely exposed.

Generation 2 recognized the perimeter was gone. Zero Trust Network Access and Software-Defined Networking moved authentication to the cloud, enforced continuous verification, and enabled fine-grained access control. For large enterprises with cloud-first infrastructure, it was a genuine advance.

But for most organizations, Generation 2 traded one set of problems for another. It centralized trust in cloud control planes that became high-value targets — a compromise of the vendor's infrastructure is a compromise of every customer on the platform. It remained expensive and complex, priced for large-enterprise budgets. It was software-only, unable to protect OT and IoT devices. And it created metadata exposure: cloud providers can observe connection patterns, timing, and topology even when payload content is encrypted. The organization verifies more, but it controls less — and outsources trust entirely.

Neither generation answered the question that matters most today: who controls trust?

Generation 3 doesn't ask how do we keep attackers out, or even how do we verify identity. It asks who owns and controls the trust relationships that govern the organization's networks, devices, data, and AI. The answer has to be the owner — not a vendor, not a cloud provider, not a third party whose infrastructure is a shared target.

Faction Networks' Generation 3 Zero Trust platform was architected from the ground up on that principle. Instead of centralizing trust in a vendor's control plane, it returns trust to the owner — the organization creates and governs its own encryption keys and trust relationships, and the platform routes encrypted traffic without the ability to read it. These and other properties remove the structural weaknesses of the first two generations.

That's why we are so excited to announce our partnership with iVALT, whose Digital Trust platform caps off that foundation with identity. iVALT delivers continuous, passwordless, AI-resistant human verification to power Faction's step-up to a verified, present human at the moments that carry real risk — confirming that a responsible person approved a privileged or irreversible action and remains accountable for it.

Together, Faction and iVALT are bringing two integrated solutions to market.

Our Human-in-the-Loop solution lets organizations confirm that the people reaching a Faction network are in fact the authorized humans they claim to be — and step up to a verified, present person for high-risk actions, holding that person accountable for the decision.

• Continuous, passive verification that an authorized human is present — no passwords, no tokens to steal or spoof
• Step-up to explicit, active confirmation for privileged or irreversible actions
• Cryptographic binding of identity to the action, not just the session
• Full audit trail of who approved what, and when

That need becomes even more paramount once AI agents are operating inside an organization's networks. Our AI Security & Control solution is designed to ensure those agents remain governed, contained, and auditable — with a responsible human accountable for every consequential action they take.

• Every agent bound to an authorized, accountable human responsible for its actions
• Agent access contained and controlled with robust micro-segmentation
• Human authority enforced cryptographically — beneath the application layer, not bolted on above it where it would be exposed to manipulation or circumvention
• Protection against both external attackers and agents attempting to exceed their sanctioned scope

Initial integration is complete, joint development is underway, and commercial availability is targeted for Q3 2026.

Control. Peace of Mind.