Published on 00/00/0000
Last updated on 00/00/0000
Published on 00/00/0000
Last updated on 00/00/0000
Share
Share
AI/ML
6 min read
Share
We’re entering a new era—not just smarter systems, but autonomous actors. Artificial intelligence (AI) agents are no longer confined to innovation labs or demos; they’re now embedded in critical, high-stakes workflows.
Imagine a loan application process: a customer interacts with a digital agent to submit documents (human-to-agent), which then triggers other agents to retrieve credit history from financial APIs, assess risk models, and cross-check employer data across HR systems (agent-to-agent). Finally, another agent compiles a recommendation and explains the decision to a human underwriter or the applicant (agent-to-human).
In such a scenario, each AI agent must be authenticated, tracked, and trusted before taking any action. That is why we are excited to announce the first release of AGNTCY Agent Identity, a framework that assigns, verifies, and manages credentials for AI agents.
In this blog we will more deeply examine the current challenges around AI agent identity, the characteristics of an agent identity management solution, and the key principles any such solution must follow.
Traditional identity systems were built to serve human users interacting with applications that persist over time—often referred to as long-lived apps. These systems assume stable, ongoing relationships between users and software. In contrast, autonomous agents require identity solutions that can keep up with their unique behaviors: operating at machine speed, scaling up or down instantly, and existing only as long as necessary.
Agents require fine-grained, task-specific permissions. But conventional delegation mechanisms (like static roles or API keys) are often too broad or too restrictive.
Example: An HR automation agent might need temporary access to payroll data, but not to other sensitive records. Without tightly scoped and time-bound permissions, agents risk being over-permissioned or blocked from functioning.
AI agents increasingly operate in human-like ways and can interact with web apps, navigate GUIs, and even solve CAPTCHAs. This blurs the line between human and machine activity, complicating attribution.
Example: A sales manager asks an AI agent like OpenAI’s Operator, a Computer-Using Agent (CUA) to generate a report. The agent logs into Salesforce, pulls the data, and shares it with the team. But who actually performed the action? Was it the manager, the agent acting on their behalf, or an admin behind the scenes? Traditional IAM can’t clearly attribute the activity, undermining audit trials and accountability.
To perform tasks, agents often store sensitive identity-linked data (credentials, session cookies, or tokens) in memory. These aren’t just technical artifacts; they represent active identity states. If not properly cleared, they become liabilities.
Example: An agent logging into a finance app might temporarily store a session token tied to a privileged identity. If that memory isn’t wiped after the task, it risks being leaked or exploited and potentially granting unauthorized access long after the agent has completed its job. Legacy Auth falls short without the granular task and temporal controls.
OAuth 2.0 and Security Assertion Markup Language (SAML) were groundbreaking for user-to-app and app-to-app delegation. But both assume static permissions, predefined scopes, and fixed session lengths—none of which work for agents that need just-in-time access changes based on task, context, or risk.
Both systems follow a "trust-once" model meaning that once authenticated; an entity is trusted for the duration of the session. That’s a dangerous assumption when dealing with agents that can change intent, be hijacked, or operate under shifting contexts.
More fundamentally, federated identity and single sign-on (SSO) systems were built around long-lived, human-initiated sessions—not for autonomous, ephemeral, and polymorphic agents. They lack support for fine-grained, task-scoped access and, short-lived credentials.
In a world where agents act independently, spin up or down in seconds, and cross organizational boundaries, identity systems must move beyond static federation and into dynamic, verifiable, task-based and contextual controls.
AI agents aren’t traditional users or services—they represent a new identity class: autonomous, ephemeral, polymorphic, and task-driven. Identifying and securing them requires more than retrofitting legacy IAM. It demands a system built from the ground up for dynamic, machine-first environments.
Agents need identity systems that are:
This is not just a technical patch, but a foundational shift. AI agents must become first-class citizens in our identity and trust infrastructure.
To secure autonomous workflows, identity must be embedded when the agent is registered and onboarded for authorized use, and then continuously verified and tightly managed throughout its lifecycle:
This is how we build trust in the age of AI—not with static credentials, but with agent identity that can be dynamic.
To secure agentic workflows, the AGTNCY is building an identity framework tailored to the needs of autonomous, ephemeral, polymorphic, and task-driven agents. This new platform is built on five core principles:
We’ve been working with forward-thinking partners like Cisco Duo, Skyfire.xyz, and Permit.io and invite you to join our Agent Identity Working Group—an open forum for developers, security architects, researchers, and builders who believe trust must evolve alongside AI.
Whether you’re hands-on with infrastructure or exploring the frontier of agent-based systems, your perspective matters.
Read more about what the AGNTCY is building: Documentation.
Get emerging insights on innovative technology straight to your inbox.
Outshift is leading the way in building an open, interoperable, agent-first, quantum-safe infrastructure for the future of artificial intelligence.
* No email required
The Shift is Outshift’s exclusive newsletter.
Get the latest news and updates on agentic AI, quantum, next-gen infra, and other groundbreaking innovations shaping the future of technology straight to your inbox.