Platform
Cube23 is built from the inside out. The value lives in four things that can’t be reproduced with AI-generated forms: a protocol, a zero-trust worker fabric, an evidence ledger, and a memory engine that compounds over time.
01 · The Protocol
Without the protocol, Cube23 would be workflow automation. With it, every identity operation carries a complete, typed contract — what’s being done, why, who approved it, which worker may act, what proof is required, and how the result is verified.
The action, the target object — user, group, mailbox, entitlement, privileged role — and the business justification behind it.
Risk level, required controls, and the approval contract are part of the operation, not a separate ticket someone reconciles later.
Which connector and worker posture may execute. Nothing runs unless it was compiled into the protocol and sealed in an envelope.
The proof to capture and how final state is confirmed are declared up front — evidence is part of execution, not after-the-fact reporting.
02 · Zero-Trust Worker Fabric
Hybrid operations need execution near AD, LDAP, Exchange, and private networks. Traditional agents sit there permanently over-trusted. Cube23 does the opposite: a worker can do nothing until it’s handed a valid, signed envelope.
Permission exists for one job and a short window. When the envelope expires, so does the worker’s ability to act.
A worker validates the control-plane signature, then performs only the specified action on the specified object — nothing more.
Certificate validity, version, runtime integrity, and patch posture roll into a live trust score. Drift lowers it; a vault token issue blocks execution.
The platform can quarantine or revoke any worker immediately. Health and reliability feed back into future assignment.
03 · Evidence Ledger
Auditors, security, and operations all trust the same record because it’s generated as the work happens — not reconstructed from logs. Request, policy decision, approval trail, before/after state, execution transcript, and verification result travel together as a hashed evidence pack.
{
"evidenceId": "ev-2026-55881",
"operationId": "op-2026-000123",
"type": "EXECUTION_VERIFICATION",
"result": "SUCCESS",
"verifiedBy": "entra-graph-connector",
"proof": { "verificationMethod": "Graph API members lookup" },
"hash": "sha256:a91f...verified"
}
04 · Identity Memory Engine
Every request, approval, failure, and rollback enriches a long-term memory of how your identity environment actually operates. That memory drives smarter approval routing, safer rollback, and — only once it’s mature — recommendations that always cite the signals behind them.
Access grants, approvals, policy exceptions, and execution outcomes per identity — a living operational twin of each user and object.
Users, accounts, groups, apps, privileges, and owners, mapped across systems that normally keep this scattered — enabling blast-radius and toxic-combination analysis.
Recommendations and anomaly signals that never bypass protocol, policy, or evidence. AI assists; human accountability stays clear.
The stack
The kernel is built first — protocol, workflow, evidence, worker fabric, connectors, memory. Everything else extends it through the same contract.
Go deeper
A technical briefing covers the protocol schema, the worker trust model, and how Cube23 fits alongside your existing IGA and PAM investments.