The Critical Need for Verifiable AI Agent Identity

Imagine you’ve built a personal shopping AI agent, and it’s ready to make a purchase from the Amazon sales agent. Before any money can be exchanged, the agents face critical identity problems: How does your agent know it’s interacting with the real Amazon agent? How does the Amazon agent know that your agent is who it claims to be? How can both agents confirm the legal entities that are liable if something goes wrong with the transaction? How can your agent check if there are any rules regarding transactions with the Amazon agent, without a consistent and reliable agent identity to reference?

These identity problems appear again and again in a wide range of circumstances where independent agents could collaborate with each other or engage in commerce.

The Agent Identity Gap

Long ago, people learned that identity and trust are critical for commerce and collaboration, so humans have a wide range of mechanisms to prove their identities in ways that are appropriate in the context of a transaction. The bouncer lets you into the bar because he trusts the state has issued a driver's license with a valid birthday. You trust a doctor because she has credentials to prove her competence and other reputation signals, such as the hospital where she works. You trust your bank with your savings because it can prove that it’s chartered. Your bank trusts you with a credit card after they’ve collected several proofs of your identity and checked your creditworthiness.

These human systems of proving identity and establishing trust do not make sense for AI agents. Agents operate 24/7 across borders. They make decisions in milliseconds. They can be cloned, modified, or compromised in ways humans cannot. Identity and trust systems built for humans won't work for AI agents.

The lack of agentic identity creates a significant gap between what we can envision agents accomplishing and what they can actually do. It limits the potential for agentic collaboration and commerce in many ways. For example:

  • Payments: Executing agent-to-agent or agent-to-service payments has serious risks for fraud and illegal activity, which means that without identity, agents can’t participate in commerce. Moreover, because agents are not legal persons, a critical part of agent identity is reliably linking them to businesses and individuals, creating a chain of ownership.

  • Security: Without verifiable identity, an agent could make arbitrary claims about capabilities or ownership in an agent registry, and then, when it takes on a task, act maliciously, intercepting sensitive data, misdirecting actions, or sabotaging entire workflows. (Security researcher Tom Neaves demonstrated how malicious agents can game multi-agent systems.)

  • Quality - Even if an agent isn’t malicious, it may simply be bad at the job it claims to do. Without a system to reliably establish and maintain reputations for agents, an agent can’t know if the counterparty agent it’s working with is really the best choice for the job.

Today, there are methods for authentication that agents could employ, such as API keys and bearer tokens. However, these methods can only confirm the possession of a valid credential. They can’t verify that the agent using the token is actually the agent it claims to be, because the credentials could be stolen or the capabilities could be misrepresented. Moreover, there is a range of other claims agents will need to make, so a more flexible system for identity is required.

Closing the Gap

In the Agent Commerce Kit (ACK) framework, we’ve proposed a pattern (ACK-ID) for agent identity that uses open standards to address the core identity challenges. ACK-ID works with and builds on other protocols that contribute to closing the identity gap.

Defining an Agent

The first step to establishing an agent identity is to describe the agent. We expect there will be several broadly adopted approaches to this. For example, the Google Agent2Agent (A2A) protocol addresses this problem with an “Agent Card,” which is a specific format and protocol for describing an agent and its capabilities in a machine-readable format. However, while a description is necessary, it is not sufficient.

Establishing Identity

The next layer is establishing identity. ACK-ID uses the decentralized identifier (DID) standard from the W3C. Think of DIDs as globally unique, permanent digital IDs that agents (and their owners) can create and control without needing permission from a central registration authority like ICANN for domain names or like a government for national IDs. Unlike traditional usernames or identifiers issued by a single company, DIDs are independent and cryptographically secured.

DIDs offer a number of advantages as IDs for agents:

  • Already a well-established W3C standard

  • Flexible, easy to adopt, and scalable

  • No dependency on a centralized authority

  • Resliant to fraud and attacks through the use of public key cryptography

  • Easily resolved by other agents

  • Convenient for conveying other information, such as access endpoints

ACK-ID uses DIDs to identify both agents and their owners.

Verifying Claims

Having a clear description of an agent, such as an A2A Agent Card, and a way to identify the agent using a DID are necessary building blocks, but not sufficient. The final component is a mechanism to easily and confidently verify claims an agent makes.

While DIDs provide unique identifiers, Verifiable Credentials (VCs) provide a standard way to make verifiable statements about those identifiers. Think of VCs as digital, tamper-proof versions of physical credentials like a driver’s license, a diploma, or a membership card, but designed for the digital realm.

VCs contain statements or “claims” made by a trusted Issuer about a Subject (e.g., an agent identified by its DID). These claims are digitally signed by the Issuer using their own DID and cryptographic keys. This signature allows anyone (as a Verifier) who trusts the Issuer to verify the authenticity and integrity of the claims about the Subject.

For payments, the most important claim an agent needs to prove is the identity of the entity that controls them. Without knowing the individuals or businesses that are controlling the agents in a transaction, the agents can’t be confident that they are sending or receiving payments in a way that is safe and legal.

Beyond ownership, it’s easy to imagine that agents will want to verify other claims made by agents. For example, claims about capabilities and functionality. Moreover, agents will need mechanisms to evaluate the reputations of other agents. DIDs, VCs, and the ACK-ID pattern language provide the building blocks that can be extended for these different use cases.

Unlocking Value

A robust system for verifiable agent identity opens up a wide range of use cases. Here are a few examples:

  • Secure Agent-to-Agent Payments: When your research agent purchases a dataset from a data provider, identity verification ensures the payment goes to the right place. The data provider proves it belongs to "DataCorp Inc" before your agent releases payment. If the data never arrives or arrives corrupted, you know exactly who to pursue for resolution. This accountability makes agents willing to transact with new partners.

  • Agent Registries and Discovery: Verified agent marketplaces are emerging where developers register their agents with proof of identity. Just as app stores verify developer accounts before allowing apps, these registries verify agent creators. Your coding assistant can search for debugging tools, knowing each result links to a real developer who can be held accountable. No more anonymous agents claiming capabilities they don't have.

  • Preventing Service Abuse: Customer service agents face constant attacks from bad actors trying to extract sensitive information. With identity verification, your support agent can verify that incoming requests come from legitimate user agents, not sophisticated attack tools. Similarly, when your agent needs human verification for a complex task, it can confirm the human reviewer's identity before sharing confidential data.

  • Specialized Service Networks: As agents specialize, they form ecosystems where a writing agent might pay for fact-checking services, a coding agent might purchase security audits, or a design agent might buy stock photography licenses. Each transaction requires trust. Identity verification enables these micro-economies to flourish without manual oversight.

As fintech analyst Simon Taylor notes in "The checkout page is dead", we're witnessing a fundamental shift where "commerce is moving upstream to the chatbot." When agents handle payments autonomously at the "point of intent," identity becomes the only trust anchor left.

These aren't theoretical scenarios. Major tech companies and financial institutions are deploying these systems today. Visa and Mastercard have announced agent identity as a top priority. Google, OpenAI, and others are building agent authentication into their platforms. The infrastructure for trusted agent commerce is being built right now.

Getting Started

If you’re ready to dig into agent identity more, take a look at the documentation and demos at the ACK website.