Defend with Verdict (Agentic Firewall)
Overview
Verdict is the defend product in the AI Security Fabric: an agentic firewall that stands between an AI agent and the actions it wants to take. This course covers what Verdict defends against and how. You will learn why an agent's own compliance cannot be trusted (the Politeness Trap), how identity injection keeps agents from ever holding upstream credentials, and how a human-in-the-loop approval gate plus an approval audit trail turn a risky autonomous action into a reviewed one. A runnable OPA lab grounds it in the policy decision the firewall depends on.
Verdict is "coming soon" and not yet generally available. This course teaches its design and the authorization decision behind it; the lab runs in plain opa, not Verdict.
Who this is for
Architects and senior engineers on the Professional and Architect tracks who are designing guardrails for agentic systems. You should already understand the Authorization Gap and how OPA or Enterprise OPA evaluates a policy, which is why the two foundational courses are prerequisites.
Outcomes
By the end of this course you will be able to:
- Describe what Verdict defends against and place it as the "defend" product at Enforce for the AI-workload domain.
- Explain the Politeness Trap and why safety for a sensitive action must live in an external policy layer rather than in the agent's own judgment.
- Explain identity injection: how Verdict lets an agent act without ever holding the upstream credential, and why that shrinks the blast radius of a compromised agent.
- Model a human-in-the-loop approval gate as a default-deny OPA policy, and describe what the approval audit trail records.
Lessons
- The agentic firewall and the Politeness Trap
- Identity injection: agents that never hold the credential
- Human-in-the-loop approvals and the audit trail
Hands-on lab
This course includes a hands-on lab in lab/ that models the decision behind an approval gate: a low-risk agent action runs on its own, but a sensitive one is denied unless it carries a valid human approval. lab/policy.rego ships as a starter that denies everything; you implement the # TODO(learner) approval gate until the suite passes:
git clone https://github.com/EnforceAuth/university-labs.git
cd university-labs
opa test courses/defend-with-verdict -v
The starter fails 3 of 7. When your implementation is correct you will see PASS: 7/7.
Certification
Counts toward the Architect track. Certification is a machine-graded practical: you author a policy that the assessment engine runs against a hidden opa test suite you do not see. This lab is practice for that exam.