Combines a complete Cross App Access (XAA) implementation with innovative Cross Data Access (XDA) to secure interactions with and between AI agents
San Francisco, California – March 25, 2026 – InCountry AgentCloak today announced its complete Cross App Access (XAA) implementation and introduced Cross Data Access (XDA) at the RSA Conference, delivering the industry’s first unified zero trust security solution for AI agents that combines identity and data protection in a unified solution.
AgentCloak provides complete support for Cross App Access, the official authorization extension to the Model Context Protocol (MCP), while introducing its breakthrough Cross Data Access that secures the flow of data between AI agents. Together, they enable secure, policy-controlled interactions with and between AI agents, replacing risky static keys and repetitive user consents with centralized, mediated trust and fully governed and protected data flows.
“Cross App Access secures the handshake between agents, while Cross Data Access secures the conversation,” said Peter Yared, CEO of InCountry and one of the inventors of federated single sign-on (SAML). “Comprehensive agentic security requires tight integration of both identity and data controls, which only AgentCloak delivers today.”
How AgentCloak Works
- Cross App Access (XAA) issues short-lived, tightly scoped tokens for agent-to-app and agent-to-agent interactions. AgentCloak can complement an existing primary identity provider to issue short-lived tokens and also operate as the primary identity provider for nonhuman agentic identities.
- Cross Data Access (XDA) extends XAA with secure digital twins and AI-powered data cloaking/uncloaking, ensuring each agent receives the absolute minimum data needed to perform its task, delivering true data minimization and zero trust agentic workflows.
For example, in a healthcare workflow, an AI triage agent reviews recently updated patient records to identify follow-up candidates. Using AgentCloak, the triage agent is authorized with an XAA ID-JAG token and receives only cloaked, de-identified data including risk score fields, with names and full medical histories replaced with secure tokens and masks. Once a patient is flagged, an external third party scheduling agent is authorized with its own short-lived XAA ID-JAG token along with the absolute minimum uncloaked information: the patient’s name, contact method, and relevant diagnosis code, while all other sensitive details remain protected. This ensures full HIPAA compliance and true zero-trust agentic operations.
AgentCloak delivers end-to-end zero-trust security for AI agents by tightly coupling XAA’s identity controls with XDA’s intelligent data protection. This unified approach gives enterprises centralized governance, auditability, and data sovereignty across complex multi-agent workflows while meeting the strictest compliance requirements.
About InCountry AgentCloak
InCountry AgentCloak powers data protection at the nexus of AI, identity, and sovereignty. Our products deliver identity-centered authorization for AI agents, AI data minimization, cross-border AI sovereignty, profile data residency for Identity and Access Management solutions, and data residency for enterprise apps and SaaS, including Salesforce and ServiceNow. Trusted by Global 2000 companies in life sciences, semiconductors, and financial services, InCountry proudly enables compliance with leading regulatory bodies, including the Cyberspace Administration of China, the Saudi Arabian Monetary Authority, and European Data Protection Authorities.