A missing primitive for the age of agents.
We built our systems for a world where software waited.
For most of computing history, software was passive. It waited to be run. It waited to be instructed. It waited for a human to decide what happened next.
So we built our trust systems around that assumption.
A user logged in. A session began. Access persisted. The machine treated that continuity as reality because, for a long time, it mostly was.
Identity answered who you were. Permission answered what you could touch. Time answered whether the credential had expired.
These were the right primitives for the world they were built in.
Software no longer just waits.
It reads, writes, calls, chains, plans, retries, watches, and continues.
It does not need to be malicious to create risk. It only needs to be capable.
This is what agents make obvious. They inherit the access patterns of human-operated software, but they do not share the same relationship to human attention.
They can act while you are looking. They can act while you are distracted. They can act while you have left.
The old trust model can tell that a session exists. It can tell that a token is valid. It can tell that a process has permission.
It cannot tell whether the accountable human is still there.
You approve access.
You walk away.
The system does not know the difference.
Your identity is still valid. Your permissions are still valid. The session is still active.
But the accountable human is gone.
And now something else is acting in your place.
This is where traditional desktop security begins to feel structurally incomplete. Hardening is necessary, but every static defense becomes the baseline that serious attackers design around. OS-level security matters, but it is still a floor.
The higher leverage boundary is the permission layer: what can enter, what it can touch, and under what conditions access remains valid.
Authentication proves who you were. Presence proves you are still there.
There is a state our systems rarely model directly: whether the human is there at the moment access becomes consequential.
Phones already understand this in fragments.
You unlock the device. You approve a payment. You confirm with your face or your finger. The system is not merely checking identity. It is checking presence at the moment of consequence.
Desktop systems mostly never made this transition. They assume a long-lived trusted user session. Once access is granted, it tends to remain granted until something explicitly revokes it.
That model was tolerable when software acted in short arcs around visible human intent.
Agents stretch the arc.
They can operate inside your credentials, but not always inside your attention.
A presence-based system does not say the agent cannot work without you.
Nothing has to stop.
Planning can continue. Code can be searched. Drafts can be written. Local computation can proceed.
What changes is not activity.
Without presence, the system does not collapse.
It simply loses access to the domains where actions become real.
Your files. Your accounts. Your external identity.
The boundary is not whether work happens.
It is whether work can cross into the parts of the system where it matters.
Reading may remain open. Drafting may remain open.
But committing, modifying, and publishing become conditional.
Not on identity.
On presence.
The point is layered access.
Some things remain open. Some things remain permission-bound. Some things are time-bound. And some things can be presence-bound.
This is not the system closing when you leave.
It is the system knowing which doors should close.
That is the missing primitive: a live, revocable, hardware-authenticated condition that can be attached to sensitive resources.
Authenticated Presence Sessions are the name for that condition.
A new trust system for machines that act through time.
Authenticated Presence Sessions do not extend the old model. They add a new axis of trust.
Zero trust asks whether a request should be trusted.
Presence asks whether the conditions that justify access are still true.
That difference matters because agents are not just requesting access once. They are operating through time.
The question is no longer only:
Who are you?
What are you allowed to do?
The next question is:
That question requires a system-level condition that can be checked, enforced, and revoked in real time.
In the presence layer, access is no longer merely a property of identity. It is a property of state.
A file can exist but remain sealed. A credential can be available to the system but unavailable to a process. A capability can be present in the environment but locked behind human presence.
The implication is architectural.
This cannot live only in applications. Applications are part of what must be constrained.
The boundary has to move down.
Into the filesystem. Into the operating system. Into the hardware token. Into the bytes that become meaningful only when the right state exists.
Storage should not merely encrypt data at rest. It should participate in trust. It should be capable of refusing to reveal meaning unless a valid presence session exists.
That is the future this points toward: a desktop where access is not a flat inheritance from the logged-in user, but a live composition of identity, policy, time, and presence.
Agents still act. That is the point. They keep working inside the parts of the system that do not require human presence.
But the sensitive boundaries are no longer ambient. They are explicit, layered, and revocable.
The system does not need to trust the agent with everything merely because the agent is running locally.
This is the shift.
We built systems that answer who can act and what they can do.
The next systems answer what access should be live, under which conditions, at the moment action occurs.
Authenticated Presence Sessions are one of those conditions.
Not a feature. Not a prompt. Not a pause button.
We built systems that assume trust persists.
Now we need systems that understand when it should end.
Not as a timeout.
Not as a manual action.
As a condition of reality.
Presence is that condition.