AI Agents at Layer 8 of the OSI Stack?
Originally published on LinkedIn: https://www.linkedin.com/pulse/ai-agents-layer-8-osi-stack-jonathan-sander-qim1e
I’ve had this old ThinkGeek sticker stuck on the side of a shelf in my office longer than I’ve been in this office. It jokes: “Go away or I will replace you with a very small shell script.”
When I first put it up, the humor was obvious: if your only contribution to my life is repetitive (and annoying) technology can replace you. People should bring the judgment and flexibility that scripts can’t. This week, though, in conversations with customers about Astrix’s new Agent Control Plane (ACP), the joke landed differently. AI Agents don’t just seem capable of replacing some narrowly defined human functions. They’re beginning to feel like they occupy the same place in the tech stack as the humans themselves.
Layers 8 and 9 of the OSI Stack
You’ve probably heard the tongue-in-cheek extension of the OSI stack beyond its seventh and final layer (applications). Layer 8, the joke goes, is “people,” and layer 9 is “politics.” Over the years, I’ve been surprised how often those extra layers explain the real-world challenges of rolling out technology.
Now I’m wondering if they’re also the right lens to understand where AI Agents sit.
Of course, Agents are still made of bits running at the lower levels of the stack. And the conversational interfaces we use to interact with them clearly belong at layer 7, in the application tier.
But consider what happens when an AI Agent calls an API, pulls the same data a human would, and takes the next step based on inference. Functionally, that’s the same layer of the stack as the human: Layer 8.
In fact, when I talked with a customer building a multi-layered, multi-cloud agentic workflow for supporting field workers, we realized that the Agents in their design behaved almost exactly like human users. They read reports. They clicked buttons (or the API equivalent). They made choices that drove the workflow forward.
Securing Agents Like Humans
Which brings us to security. When people ask how to secure AI Agents, I’ve been saying that a mature program will end up looking a lot like today’s approach to securing human access. Just as humans rely on IAM alongside data protection, network controls, and policy training, agents will need their equivalents: non-human identity, DLP, prompt controls, and AI safety.
The big difference is that Agent identity is non-human identity. That makes it categorically different, with its own unique risks and control needs. But the building blocks (identity, access management, policy enforcement) are familiar. Thinking of Agents as Layer 8 “users” provides a useful mental model for applying those tools in a consistent way.
Framing the Next Step
Everyone is still figuring out how to integrate AI Agents into their operations. How will they affect workflows? Where do they reshape investments? What controls are needed?
If we frame Agents as peers to humans at Layer 8, we can start to answer those questions with confidence. We can reuse the security patterns that work for people - adapted, not copy-pasted - and apply them to Agents. That gives us a clear foundation for building trustworthy, governed AI systems.
As for Layer 9, the politics? That’s beyond the scope of this blog post. And frankly, I hope the Agents leave that one alone.
Comments ()