Stacked Zero Trust

Home
Archive
About

Why subscribe?

Stacked Zero Trust is a working argument about what Zero Trust becomes when AI is one of the things on the network.

Zero Trust as a discipline is, by now, broadly settled. The major frameworks - NIST SP 800-207, the CISA Zero Trust Maturity Model, the DoD Zero Trust Reference Architecture, the Forrester ZTX model - have converged. Most large organisations are at some point on the journey. The conceptual fight is over.

The fight that isn’t over is what the architecture does when the subjects on the network stop looking like the subjects the frameworks were written around. Autonomous AI agents - acting on behalf of users, calling tools, ingesting data, making decisions across cascading chains of action - are a new kind of principal. They are not stable, not always identifiable, not discrete-requesting. The trust algorithm has quiet assumptions about subjects that the agentic generation simply does not meet.

This publication works out, in public, what that means. It argues that Zero Trust did not fail under agentic AI - the implicit subject model did. It proposes a three-layer architecture in response: the classical Zero Trust substrate; AI as mediator, augmenting the trust algorithm itself; and AI as subject, with autonomous agents treated as first-class principals. And it takes the harder problems within that architecture seriously, including the ones nobody has clean answers to yet.

## The shape of the series

Thirteen essays across four acts. The reframe; the stack, layer by layer; the hard problems, including where the regulators are catching up; and what it means to make any of this real, with a maturity model and an honest assessment of where the vendor conversation currently sits.

At the end of the series, a full reference document will be published - the architecture in detail, a complete subject taxonomy, the maturity model in full, a glossary, further reading, and composite engagement scenarios. The essays give you the argument. The document gives you the workbook.

## What this publication is not

It is not a vendor pitch. No platforms are recommended. Specific vendors are named where they are doing genuinely interesting work and named again where they are over-claiming, but the goal is to describe the pattern rather than to sell a stack.

It is not an introduction to Zero Trust. There are good ones already; NIST SP 800-207 is more readable than its reputation suggests.

It is not certain. Two or three of the harder essays - agent identity, posture for probabilistic subjects - are written precisely because the answers are not yet settled. Those essays are an invitation to argue.

## Who writes it

Colin Henderson, Director of Solution Architecture, working on Zero Trust and managed security for large customers. Based in Edinburgh. The writing here is personal and independent of any employer; views expressed are mine.

## What to expect

New essays land roughly fortnightly through the early acts, settling to monthly for the later, more demanding pieces. Subscribing means you receive each essay by email when it publishes, plus the reference document at the end of the series.

No paid tier. No upsell. The work is free to read.

---

*Stacked Zero Trust. Edinburgh.*

Stay up-to-date

Never miss an update—every new post is sent directly to your email inbox. For a spam-free, ad-free reading experience, plus audio and community features, get the Substack app.

Join the crew

Be part of a community of people who share your interests. Participate in the comments section, or support this work with a subscription.

To learn more about the tech platform that powers this publication, visit Substack.com.

User's avatar

Subscribe to Stacked Zero Trust

Zero Trust for the era of agentic AI. By Colin Henderson, Edinburgh.

People

© 2026 colin henderson · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture