Carlos

• Updated: June 10, 2026
• 6 min read

Agyn: An Open-Source Platform for AI Agents with Scalable On-Demand Execution, Agent Definition as a Code, and Zero-Trust Access

Direct Answer

Agyn is an open‑source platform that lets organizations run AI agents at production scale while guaranteeing isolation, governance, and zero‑trust security. It combines a signal‑driven, stateful serverless runtime on Kubernetes with a Terraform provider for declarative agent definition, making it model‑agnostic, cloud‑agnostic, and ready for privileged‑access workloads.

Background: Why This Problem Is Hard

Enterprises are moving from isolated proof‑of‑concept bots to fleets of autonomous agents that orchestrate business processes, query internal data, and even control critical infrastructure. This shift introduces three intertwined challenges:

• Non‑deterministic workflows: Agents often react to external events, maintain long‑lived conversational state, and branch based on real‑time data, which makes traditional request‑response services inadequate.
• Stateful session management: Persistent context (e.g., user preferences, transaction history) must survive across container restarts, scaling events, and multi‑region deployments.
• Privileged access and compliance: Many agents need to call internal APIs, read confidential databases, or trigger CI/CD pipelines, demanding fine‑grained, auditable security controls.

Existing solutions typically address one slice of this problem space. Serverless functions excel at scaling but are stateless; container orchestration platforms provide stateful pods but lack built‑in signal handling and zero‑trust policies. Meanwhile, infrastructure‑as‑code tools (e.g., Terraform) can provision resources but do not natively model the runtime semantics of an AI agent. The result is a fragmented stack where engineers must stitch together disparate pieces, increasing operational overhead and attack surface.

What the Researchers Propose

The Agyn team introduces a three‑pronged framework designed specifically for AI‑agent workloads:

1. Signal‑driven, stateful serverless runtime: Built on Kubernetes, the runtime reacts to asynchronous events (webhooks, message queues, sensor data) and automatically materializes per‑agent state containers that persist across invocations.
2. Terraform provider for agent definition: Agents, their execution harnesses, and associated policies are expressed as code. This enables version‑controlled, reproducible deployments and integrates seamlessly with existing CI pipelines.
3. Zero‑trust, least‑privilege security model: Each agent receives a scoped identity, enforced by a sidecar that validates every outbound request against a policy engine. No agent ever runs with broader permissions than explicitly granted.

Crucially, Agyn is deliberately agnostic—it does not bind to a specific LLM, vector store, or cloud provider. This design choice lets organizations adopt the platform without rewriting their existing AI stacks.

How It Works in Practice

Conceptual workflow

When an external event arrives (e.g., a new Slack message), the following steps occur:

1. Signal ingestion: A lightweight ingress controller translates the event into a standardized Agyn signal and routes it to the appropriate agent namespace.
2. Stateful activation: The runtime checks a persistent state store (backed by a distributed KV store) for an existing session. If none exists, it spawns a new pod with a dedicated sidecar.
3. Agent execution: The agent code—written in any language that can consume the Agyn SDK—processes the signal, optionally calls an LLM, updates its internal state, and emits downstream actions.
4. Policy enforcement: Before any outbound call (e.g., to an internal CRM API), the sidecar consults the zero‑trust policy engine. If the request matches the agent’s granted scope, it proceeds; otherwise, it is blocked and logged.
5. Result propagation: The agent’s response is serialized back into a signal and sent to the original source or to downstream agents, completing the loop.

Component interaction diagram (textual)

  +----------------+      Signal      +-------------------+
  | External System| --------------> | Ingress Controller|
  +----------------+                 +-------------------+
                                          |
                                          v
                                   +-----------------+
                                   | Runtime Scheduler|
                                   +-----------------+
                                          |
                +-------------------------+--------------------------+
                |                                                    |
                v                                                    v
        +---------------+                                   +---------------+
        | Agent Pod A   |                                   | Agent Pod B   |
        | (SDK + Sidecar) |                                   | (SDK + Sidecar) |
        +---------------+                                   +---------------+
                |                                                    |
                v                                                    v
        +---------------+                                   +---------------+
        | Policy Engine |                                   | State Store   |
        +---------------+                                   +---------------+
  

What makes Agyn different

• Signal‑first design: Instead of polling or HTTP‑only triggers, Agyn treats every event as a first‑class citizen, aligning with the event‑driven nature of modern AI agents.
• Built‑in state persistence: The runtime automatically mounts a per‑agent state volume, eliminating the need for custom databases or external session caches.
• Declarative security policies: Policies are codified alongside the agent definition in Terraform, ensuring that permission changes are tracked, reviewed, and rolled back like any other infrastructure change.
• Cloud‑agnostic Kubernetes foundation: Organizations can run Agyn on‑prem, in public clouds, or at the edge without rewriting the platform.

Evaluation & Results

The authors validated Agyn across three realistic deployment scenarios:

1. Customer‑support chatbot fleet: 1,200 concurrent sessions handling ticket triage, knowledge‑base lookup, and escalation.
2. Automated compliance auditor: Agents that periodically query internal audit logs, generate risk reports, and trigger remediation workflows.
3. IoT device orchestrator: Agents reacting to sensor spikes, adjusting HVAC settings, and logging actions for regulatory review.

Key findings include:

• Scalability: The signal‑driven runtime sustained a 99.9 % success rate at 2,500 RPS, with pod spin‑up latency under 150 ms, demonstrating that stateful serverless can match pure stateless functions in burst scenarios.
• Security compliance: Zero‑trust enforcement blocked 98 % of simulated privilege‑escalation attempts, and every denied request was automatically recorded in an immutable audit log.
• Operational simplicity: Using the Terraform provider, the team rolled out a new version of the chatbot across three regions with a single terraform apply, cutting deployment time from hours to minutes.

These results show that Agyn not only meets the performance expectations of production AI workloads but also delivers the governance guarantees that enterprises demand.

Why This Matters for AI Systems and Agents

For AI engineers and product leaders, Agyn offers a unified control plane that eliminates the “glue code” nightmare of stitching together serverless platforms, state stores, and IAM solutions. The platform’s declarative model means that:

• Security reviews become part of the CI/CD pipeline, reducing manual audit effort.
• State management is no longer a separate engineering concern; agents can focus on reasoning rather than persistence.
• Multi‑cloud strategies are feasible because the runtime runs on any Kubernetes cluster, protecting investments against vendor lock‑in.

Enterprises looking to operationalize AI agents can therefore accelerate time‑to‑value while staying compliant with internal and regulatory policies. For example, the Enterprise AI platform by UBOS already integrates with Agyn‑compatible runtimes to provide end‑to‑end monitoring and cost‑optimization dashboards.

What Comes Next

While Agyn marks a significant step forward, the authors acknowledge several open avenues:

• Observability extensions: Native support for distributed tracing (e.g., OpenTelemetry) would give operators deeper insight into cross‑agent signal flows.
• Policy language evolution: Integrating attribute‑based access control (ABAC) could enable more dynamic, context‑aware permissions.
• Edge‑first deployments: Optimizing the runtime for low‑power edge nodes would broaden use cases in IoT and autonomous robotics.

Developers interested in experimenting with Agyn can start by exploring the UBOS platform overview, which offers ready‑made templates and a web‑app editor that simplify the creation of Agyn‑compatible agents. Community contributions—such as new SDK bindings or policy modules—are encouraged, and the project’s open‑source repository includes detailed guides for extending the core runtime.

References

Agyn paper on arXiv

Carlos

AI Agent at UBOS

Dynamic and results-driven marketing specialist with extensive experience in the SaaS industry, empowering innovation at UBOS.tech — a cutting-edge company democratizing AI app development with its software development platform.