Frequently Asked Questions

What is ACT (Agent Capability Tokens)?

ACT is a universal permissions and authorization layer for AI agents and Large Language Models (LLMs). It provides OAuth-like security for autonomous AI systems, allowing you to grant fine-grained permissions, enforce access policies in real-time, audit all agent actions, and instantly revoke access when needed.

Think of it as the security infrastructure that makes it safe to deploy AI agents in production environments, giving you complete control and visibility over what your agents can and cannot do.

How does ACT work?

ACT works in four simple steps:

1. Create an Agent: Register your AI agent in the ACT platform and define its identity.
2. Define Policies: Specify what actions your agent can perform (e.g., "read user data", "create orders", "access API endpoint X").
3. Generate Tokens: Issue capability tokens that encode the agent's permissions in a cryptographically secure format.
4. Enforce & Audit: Your agent presents the token with each action. ACT validates the token in real-time and logs every action for audit purposes.

The entire process takes less than 5 minutes to implement via our simple REST API or SDKs.

Why do I need ACT for my AI agents?

AI agents without proper authorization are a security nightmare:

• Security Risk: Agents with unrestricted API access can accidentally or maliciously access sensitive data, modify critical systems, or cause data breaches.
• Compliance Issues: Regulations like SOC 2, GDPR, and HIPAA require detailed audit trails of all system access - impossible without a proper logging layer.
• No Accountability: Without audit logs, you can't prove what your agents did or didn't do.
• Scalability Problems: Managing permissions for hundreds of agents manually is unsustainable.
• Inability to Revoke: When an agent misbehaves, you need instant revocation - not hours of manual intervention.

ACT solves all these problems with enterprise-grade security, compliance, and control.

How is ACT different from API keys or OAuth tokens?

Traditional API keys and OAuth tokens weren't designed for AI agents and have critical limitations:

• API Keys: Static, all-or-nothing access. No fine-grained permissions, no audit trails, hard to revoke at scale.
• OAuth: Designed for human users with manual consent flows. Doesn't handle autonomous agent workflows, lacks agent-specific audit requirements.
• ACT: Purpose-built for AI agents with capability-based permissions, real-time enforcement, automatic audit logging, instant revocation, and agent-specific features like action limits and time-based expiry.

How do I integrate ACT with my AI agent?

Integration is simple and typically takes less than 30 minutes:

1. Sign up for an ACT account and create your first agent
2. Define permissions policies for your agent's actions
3. Generate an ACT token for your agent
4. Add a single API call to your agent's code before each action to check permissions
5. ACT returns approve/deny in under 10ms

We provide SDKs for Python, JavaScript, C#, Java, and Go, plus comprehensive REST API documentation.

What programming languages and frameworks does ACT support?

ACT works with any programming language or framework via our REST API. We provide official SDKs for:

• Python (for LangChain, AutoGPT, custom agents)
• JavaScript/TypeScript (Node.js, React agents)
• C# (.NET, Azure AI)
• Java (Spring Boot, enterprise apps)
• Go (high-performance agents)

Community SDKs are also available for Ruby, PHP, Rust, and more.

Does ACT work with ChatGPT, Claude, Gemini, and other LLMs?

Yes! ACT is LLM-agnostic. It works with:

• OpenAI (ChatGPT, GPT-4, GPT-3.5)
• Anthropic Claude
• Google Gemini
• Meta Llama
• Custom fine-tuned models
• Any AI framework (LangChain, AutoGPT, Semantic Kernel, etc.)

ACT sits between your agent and the resources it accesses, regardless of which LLM powers the agent.

What is the performance impact of using ACT?

ACT adds less than 10ms of latency per agent action. Our infrastructure is designed for high-performance:

• Sub-10ms average response time
• 99.99% uptime SLA on Business and Enterprise plans
• Globally distributed edge servers for low latency
• Handles millions of requests per day

The minimal latency is offset by the massive security and compliance benefits.

Can I self-host ACT?

Yes! Enterprise customers can deploy ACT on-premises or in their own cloud environment:

• Docker/Kubernetes deployments
• AWS, Azure, GCP compatible
• Air-gapped environments supported
• VPC/private cloud options

Contact our sales team to discuss self-hosted deployment options.

How much does ACT cost?

ACT offers flexible pricing to fit every organization:

• Free Plan: $0/month - 1 agent, 1,000 actions/month, perfect for testing and small projects
• Starter Plan: $49/month - 10 agents, 100,000 actions/month, email support
• Business Plan: $249/month - 100 agents, 1,000,000 actions/month, SSO, priority support
• Enterprise Plan: Custom pricing - Unlimited agents, unlimited actions, dedicated infrastructure, SLA guarantees, white-label options

All plans include unlimited policies, full audit logs, and instant revocation.

What counts as an "action"?

An action is any authorization check performed by ACT. For example:

• Your agent checks if it can read a database → 1 action
• Your agent checks if it can send an email → 1 action
• Your agent checks if it can access an API endpoint → 1 action

Token generation, policy updates, and dashboard usage do not count as actions.

What happens if I exceed my action limit?

We'll never shut down your agents unexpectedly:

• You'll receive email warnings at 80% and 95% of your limit
• Overage charges apply: $0.001 per additional action (equivalent to $1 per 1,000 actions)
• You can upgrade to a higher plan at any time to avoid overages

Do you offer discounts for startups, non-profits, or educational institutions?

Yes! We offer:

• Startups: 50% off Business plan for YC, Techstars, and similar accelerator alumni (first year)
• Non-Profits: 50% off all paid plans
• Educational Institutions: Free Business plan for academic research and teaching

Contact [email protected] with proof of eligibility.

Is ACT secure?

Security is our top priority:

• End-to-end encryption (TLS 1.3)
• Tokens cryptographically signed with industry-standard algorithms
• Zero-trust architecture
• Regular security audits and penetration testing
• SOC 2 Type II certified
• GDPR and CCPA compliant
• HIPAA-ready infrastructure (Business Associateagreements available)

Where is my data stored?

Your data is stored in enterprise-grade cloud infrastructure:

• Primary data centers in US-East, US-West, EU-West, Asia-Pacific
• Automatic geo-redundancy and backups
• Data residency options for compliance (EU customers can require EU-only storage)
• Encrypted at rest (AES-256) and in transit (TLS 1.3)

How long are audit logs retained?

Audit log retention varies by plan:

• Free: 7 days
• Starter: 30 days
• Business: 1 year
• Enterprise: Custom (up to 7 years for compliance requirements)

You can export audit logs at any time in CSV, JSON, or send to your SIEM system.

Does ACT support Single Sign-On (SSO)?

Yes! Business and Enterprise plans include:

• SAML 2.0 (Okta, Azure AD, Google Workspace, OneLogin, etc.)
• OAuth 2.0 / OpenID Connect
• SCIM for automated user provisioning

What support do you offer?

• Free Plan: Community forums and documentation
• Starter: Email support (48-hour response)
• Business: Priority email and chat support (4-hour response)
• Enterprise: Dedicated account manager, 24/7 phone support, Slack channel, custom SLAs

Do you have documentation and tutorials?

Yes! We provide comprehensive resources:

• Complete API documentation
• Quick-start guides for all major frameworks
• Video tutorials
• Code examples in multiple languages
• Integration recipes for popular use cases
• Best practices guides

Can I migrate from another authorization system?

Absolutely! We provide migration guides for:

• Custom API key systems
• OAuth implementations
• Legacy permission systems

Enterprise customers get dedicated migration support from our team.