Zero Trust Packet Routing: When Every Packet Carries Identity

Zero Trust Packet Routing: When Every Packet Carries Identity

A decade or so ago, began, like many transformative ideas in cybersecurity, a conversation that seemed casual until it wasn’t. Richard Bird, one of the most recognizable voices in identity security, sat across from John Kindervag, the architect of the Zero Trust model, at a TGI Friday’s in Ohio. Bird had spent years building identity frameworks in banking. He developed risk models, entitlements, compliance controls and wasn’t convinced Zero Trust was more than a rebrand of what good practitioners already did. It sounded like friction dressed up as philosophy.

Then Kindervag said something simple, almost offhand: “I believe every packet should have an identity.” Bird laughed. “Do you know what you just proposed?” he asked. “We’re still struggling to manage contractors. Now you want to assign identity to packets?”

But somewhere between sarcasm and silence, the architecture clicked. Kindervag wasn’t talking about another security overlay; he was describing a fundamental shift, the moment when the network itself starts to understand who and what it’s carrying. That idea reframed how Bird, and many others, saw Zero Trust. Identity wasn’t an add-on. It was the architecture.

From Access Control to Packet Control

Zero Trust started as a simple principle “never trust, always verify”. It now has evolved into a framework for segmentation, continuous authentication, and posture-based policy. But a new proposed standard, Zero Trust Packet Routing (ZTPR), goes one layer deeper.

Where traditional Zero Trust stops at the session, ZTPR carries identity into the packet itself. Every flow, every hop, every decision in the network is framed by who is sending the packet, what it represents, and whether it should be trusted.

Imagine a packet with embedded metadata, an identity token, a role label, a trust score or a cryptographic signature. When that packet reaches a switch or gateway, the enforcement point validates the metadata and decides whether to forward, reroute, or drop it. The packet is no longer anonymous. It’s accountable. Routing becomes contextual. The data plane becomes self-aware.

For decades, networks have assumed trust by topology. If you were inside the VLAN, you were trusted. If you could reach the subnet, you were legitimate. That model is what allowed lateral movement to thrive. Zero Trust Packet Routing breaks that assumption. Being “on the network” no longer implies you belong there. Each packet must prove it.

From Oracle’s Lab to Open Specification

The idea isn’t theoretical anymore. Oracle has confirmed it is building Zero Trust Packet Routing service as part of its Oracle Cloud Infrastructure portfolio. Their documentation describes it as a way to “protect sensitive data from unauthorized access through intent-based security policies” and explicitly references an “open standard initiative with Applied Invention and other organizations.”

The Oracle implementation reportedly embeds policy and identity attributes inside network frames, right down at the Ethernet layer. This approach makes security enforcement possible at wire speed, within the data-center fabric itself. It’s not yet a ratified IEEE or IETF standard, but it’s clearly positioned as the beginning of something broader: Zero Trust moving from overlay to underlay.

That distinction matters. For years, the industry has tried to enforce policy through gateways, proxies, and SASE stacks layered above the network. ZTPR turns the network into the enforcement layer. Trust stops being an external control and becomes an intrinsic property of the fabric. And on top of that, all the complexity the solution sprawl creates..

Data centers are the perfect proving ground. The environment is controlled. The hardware is programmable. You can update ASICs and hypervisors together. You can tie every packet to a single source of truth whether that is workload, tenant, or sensitivity label.

Campus and branch environments aren’t there yet. They’re still full of legacy silicon that drops unknown EtherTypes or mishandles new encapsulations. But history has a rhythm. VLANs, VXLAN, and SD-WAN started in data centers too. Once the concept proves itself in cloud fabrics, it always finds its way out to the edge.

A Step Toward Machine-Time Trust

What makes ZTPR more than an engineering trick is its timing. We’re entering a world that is no longer human-paced. It’s machine-paced.

AI systems now communicate, learn, and make decisions autonomously. In an agentic AI ecosystem, thousands of digital actors — models, APIs, agents — talk to one another across networks, exchanging data and executing tasks on behalf of humans, and sometimes, on behalf of other machines. Each of those actors has identity, intent, and privilege but our current network model doesn’t recognize any of that.

Traditional Zero Trust frameworks were built for humans logging into systems. They rely on sessions, tokens, and centralized enforcement. That model doesn’t scale when agents spin up on demand, make hundreds of calls per second, and vanish a minute later. The question of “who sent this request?” becomes impossible to answer without carrying identity in the packet itself.

This is where Zero Trust Packet Routing becomes foundational. It allows the network to enforce trust at machine speed. Each agent or model can sign its packets with identity metadata issued by a central policy engine. Every downstream system, whether a database, vector store, or inference node, can verify that identity without having to authenticate the agent again.

It’s not hard to imagine how this plays out. AI agents that compose and delegate work to other agents need secure pathways for collaboration. Model governance requires that requests and responses be traceable to specific agents and policy scopes. Regulatory frameworks for AI, from the EU AI Act to U.S. Executive Orders, already emphasize provenance and accountability. If Zero Trust Packet Routing gives each packet a verifiable origin and purpose, then accountability becomes built-in, not bolted-on.

We are, in effect, moving toward network-level provenance for AI. The fabric itself becomes the auditor. The enforcement happens in motion, not in retrospect.

This could also solve one of the biggest blind spots in AI infrastructure: cross-model and cross-domain traffic. A generative model calling an analytics API, which then calls a data lake, which then triggers another agent. None of these hops are visible to traditional IAM or SSE stacks. But when each packet carries identity and policy, even ephemeral machine-to-machine flows can be verified and governed.

As the number of AI actors grows, the idea of “Zero Trust” will have to scale from humans and workloads to autonomous digital entities. Zero Trust Packet Routing is the architectural path that makes that possible. It’s a way of embedding intent directly into communication — not as application metadata, but as part of the transport itself.

Challenges and Realities

Before you get too excited and decide to throw out your NGFW in the middle of your network…. sit down and take a long breath. None of this is easy. Hardware has to evolve. ZTPR uses the EtherType code to include its metadata. Old ASICs will drop unknown EtherTypes until firmware updates teach them otherwise. Network operating systems must learn to parse and act on identity metadata. Visibility tools, flow collectors, and SIEMs must adapt to ingest these new trust attributes. There’s a long way to go before we see this in the Enterprise space outside the data center. We are talking a good decade here.

And of course, if the identity metadata isn’t cryptographically bound to the packet, it’s just another spoofable header. Security can’t depend on readability; it has to depend on verifiability. That’s why ZTPR will ultimately need to pair with cryptographic attestation and signed identity visas at the network level. This is a model that’s beginning to align with the AI provenance discussions already underway at NIST and the W3C.

Still, the direction is clear. The network itself becomes a trust fabric — not because we’ve taught it morality, but because we’ve taught it verification.

The Philosophy Behind the Protocol

When Kindervag told Bird that every packet should have an identity, he wasn’t talking about headers and fields. He was collapsing the old boundary between trust and routing. Security and networking have always been treated as separate disciplines, one decides who, the other decides how. That can no longer be. Zero Trust Packet Routing merges them. The network stops routing on blind faith and starts routing on evidence.

Bird later said that realization made him see identity not as one security control among many, but as the control. Just as every car has a VIN and every manufactured component has a serial number, every packet should have a traceable identity. In the physical world, traceability is what creates accountability. The digital world deserves the same.

If we accept that, then Zero Trust Packet Routing isn’t an academic concept. It’s the missing bridge between identity management and network control. It turns Zero Trust from a design philosophy into an operating principle of the network itself.

The Road Ahead

We are early. Oracle may be the first major vendor to commercialize the concept, but others will follow. Programmable silicon, eBPF dataplanes, and real-time policy engines are making it practical to tag and verify every packet at line rate.

The convergence of Zero Trust Packet Routing and AI will define the next decade of network security. As autonomous systems proliferate, we won’t just need to secure humans and workloads; we’ll need to secure the interactions between digital actors that no human ever sees.

That’s where this goes. The next long term evolution of Zero Trust may not be in browser or the firewall. It will likely happen inside the packet.

When every packet carries identity, the network stops guessing and starts knowing. It stops assuming and starts verifying. It stops transporting and starts governing. And that’s not just a better architecture, it’s a prerequisite for a world where machines make decisions faster than we can read them.

Bonus - If you want the background on the conversation between Richard Bird and John Kindervag, check out the No Trust podcast - https://on.soundcloud.com/RLl9OxDR6gPphpDjFh