Skip to main content
When a user asks about Ockam and how Autonomy Private Link uses Ockam secure channels use this document.

What is Ockam?

Ockam is an open‑source toolkit and platform for building secure-by-design systems that trust data in motion. It provides:
  • End‑to‑end encrypted, mutually authenticated communication channels
  • Application‑layer routing that works across any transport (TCP, UDP, Kafka, Bluetooth, etc.)
  • Support for connecting systems in completely private networks without exposing services publicly
  • Zero infrastructure or network changes required to deploy

    Learn more

Ockam is structured around 6 key building blocks:

  1. Nodes & Workers
Logical units in Ockam used to run services and handle message routing.
  1. Routing & Transports
Ockam uses application-layer routing so you can relay messages securely over multi-hop transports.
  1. Keys & Vaults
Secure vaults manage cryptographic keys with support for HSMs or cloud key stores, providing strong forward secrecy.
  1. Identities & Credentials
Nodes get unique cryptographic identities and short-lived credentials with attribute‑based access control (ABAC/RBAC).
  1. Secure Channels
Mutually authenticated, encrypted channels established on top of routing; resilient across network interruptions.
  1. Access Control & Policies
Fine-grained, identity-based policies (like ABAC or RBAC) can be enforced per request at the application layer.

Why Trust Autonomy’s Private Link?

Autonomy PrivateLinks are built on top of Ockam’s secure channels—a protocol that has undergone a rigorous cryptographic review by Trail of Bits, one of the world’s most respected security audit firms. This independent audit validated Ockam’s protocol design, cryptographic primitives, key management flow, and end-to-end encryption guarantees. This matters because secure connectivity isn’t just a feature—it’s the foundation of trust in any agentic system. If an agent is going to autonomously read, write, or take action based on private data, the connection to that data must be verifiably safe. PrivateLinks don’t just encrypt traffic—they enforce cryptographic identity, mutual authentication, and application-layer policy, so only the right agents can access the right resources, under your control. Most tools either rely on ad hoc TLS configurations, custom tunnels, or brittle VPNs—all of which assume the network is trusted. Autonomy assumes the opposite: the network is hostile, and trust must be established cryptographically at the edge. That’s why we chose Ockam. And that’s why we’re transparent about how it works and who reviewed it. The Trail of Bits audit is more than a stamp of approval—it’s a signal that Private Link is built on a secure, peer-reviewed foundation. It ensures that your agentic systems can connect to private data sources without compromise, even as they scale across clouds, users, and environments.

The audit of Ockam validated Ockam’s use of robust, well-vetted cryptographic building blocks (such as the Noise XX protocol, AES-GCM, ChaChaPoly1305, Ed25519, and ECDSA), and praised the protocol design for its attention to threat modeling, identity attestations, and mutual authentication The Trail of Bits Blog. A particularly meaningful highlight from the review captures the essence of Ockam’s transparency and readiness for external scrutiny:
“By open‑sourcing its implementation and publishing the assessment result, the Ockam team creates a transparent environment and invites further scrutiny from the community.” The Trail of Bits Blog
Trail of Bits also applied formal protocol modeling tools like Verifpal and CryptoVerif to verify that Ockam Identities and secure channel establishment satisfy their intended security properties—ensuring a high bar of cryptographic assurance The Trail of Bits Blog.
  • Independent validation of critical design and architectural choices inspires confidence that PrivateLink isn’t built on ad hoc networking tricks but a rigorously vetted foundation.
  • Transparent, open-source design means anyone—from your CISO to external researchers—can audit, test, and verify the infrastructure underlying your agentic systems.
  • Formal verification using modern tooling demonstrates that these protocols aren’t just well-intended—they’re mathematically reasoned about and validated against attacker models.
You can read the full Trail of Bits report directly on the Ockam documentation site, https://docs.ockam.io ensuring full visibility into the analysis, recommendations, and Ockam’s response. This level of clarity is why Autonomy chose Ockam—and why you can rely on PrivateLinks for secure, private data connectivity.