AI identity is a verifiable, cryptographic identifier carried by an autonomous AI agent that allows other systems to determine who the agent is, what principal it acts on behalf of, and what it is authorised to do. It is the missing primitive that makes agent-to-agent transactions, governance enforcement, and audit trails possible.

How is AI identity different from a service-account API key?

A service-account API key authenticates a process. AI identity additionally attests the principal (the human or organisation the agent represents), the hardware root of trust, the issuance event, and the revocation status. Lose a key and you rotate it; lose an AI identity and the revocation propagates across every relying party with a cryptographic proof.

Why does AI identity need to be hardware-bound?

Without hardware binding the identity is a movable secret. Anyone who exfiltrates the private key impersonates the agent indefinitely. With hardware binding the key cannot be extracted, so impersonation requires physical access to the device the principal authorised. AiEGIS Identity binds to TPM 2.0 on Windows/Linux, Apple Secure Enclave on macOS, and a FIDO2 biometric step on issuance.

What standards does AiEGIS AI identity use?

W3C Decentralized Identifiers (did:key and did:web) for the identifier, W3C Verifiable Credentials 2.0 for attestation, Ed25519 (RFC 8032) for the signature suite, and JWS (RFC 7515) with EdDSA (RFC 8037) for the bearer token. The receipt format is published and the verifying key is at /.well-known/aegis-evidence-pubkey.pem.

Can you revoke AI identity?

Yes. Revocation publishes the agent DID to a public revocation list at aiegis.ie/.well-known/aegis-agent-revocation/{org}/, and any relying party that verifies an X-AEGIS-Tag JWT also checks the revocation list. Revocation propagates as fast as the relying party's cache. The receipt format includes the issuance epoch so downstream auditors can detect post-revocation activity.

AI Identity in 2026: Cryptographic Identity for Autonomous AI Agents

The missing primitive of the autonomous-agent era. Hardware-bound. Principal-attested. EU-sovereign.

What "AI Identity" Actually Means

The phrase AI identity showed up in vendor decks before it meant anything. It was a synonym for "user account" in the early generative-AI products, then a synonym for "service account" in the early LLM-platform APIs. Neither captures the real shape of the problem. An autonomous AI agent acts on behalf of a principal — a human, an organisation, sometimes another agent. The relying party needs to know who is calling, who authorised the call, what hardware the agent runs on, and whether the authorisation has been revoked. That is AI identity. Anything less is a username string.

Why Existing Identity Stacks Don't Carry The Weight

Single sign-on, OAuth, and service-account API keys were designed for a different problem. They authenticate a human in front of a tab, or a process calling a microservice. None of them carry the principal attestation an agent needs to transact under governance:

OAuth tokens are bearer. Whoever holds the token is the principal. There is no per-call binding to the device the token was issued on.
Service-account keys are static. The same JSON file works from any machine. Exfiltrate it once, impersonate indefinitely.
SAML and OIDC assume a human at the browser. An agent has no browser, no MFA challenge, no consent screen at the moment of action.
Cloud-IAM workload identities are vendor-locked. An AWS IAM role does not transfer to a Google Cloud relying party, much less to a third-party agent marketplace.

The thing AI identity needs is a portable, hardware-bound, revocable, principal-attested identifier that is verifiable offline. That is the agent passport.

What An Agent Passport Carries

Field	Purpose
DID (did:key or did:web)	Globally unique identifier, controlled by the agent's signing key, resolvable without a central registry
Principal reference	The human or organisation the agent acts for, signed by the principal at issuance
Hardware attestation	TPM 2.0 quote on Windows/Linux, Apple Secure Enclave attestation on macOS, FIDO2 biometric on issuance
Issuance epoch	Wall-clock time of issuance, signed; used to detect post-revocation activity downstream
Capability claims	What the principal authorised the agent to do, scoped by rule pack (EU AI Act, GDPR, NIST RMF, MGAIF, POPIA)
Revocation pointer	URL of the public revocation list the relying party must check
Signing key	Ed25519 (RFC 8032), held in hardware, never exported

The passport is encoded as a W3C Verifiable Credential and the runtime bearer form is a JWS (RFC 7515) with EdDSA (RFC 8037). Relying parties verify offline against the public key published at /.well-known/aegis-evidence-pubkey.pem and the JWKS at /grid/.well-known/jwks.json.

Hardware Binding Is Not Optional

If the private key sits in a file, anyone who can read the file is the agent. That is the entire history of stolen-credential incidents in cloud security; importing the same failure mode into the AI-agent era would be a choice. AiEGIS Identity binds the signing key to:

TPM 2.0 on Windows and Linux machines that have one (the vast majority shipped since 2016).
Apple Secure Enclave on macOS Touch ID-equipped Macs, with Touch ID required at issuance.
FIDO2 / WebAuthn security keys as an alternative root, with biometric or PIN gating.

The signing key is generated inside the hardware element and never leaves it. The agent process can request signatures; it cannot extract the key. Lose the device and the agent goes with it. Steal the key and you get nothing.

Revocation As A First-Class Operation

Identity systems that cannot revoke are bookkeeping; they describe a state that may or may not be current. AiEGIS Identity publishes a public revocation list per organisation at /.well-known/aegis-agent-revocation/{org}/. The list is signed. Relying parties cache it with a short TTL and check on each call. Revocation latency is the cache TTL, not a quarterly directory sync.

Receipts produced after a revocation event are still verifiable as signatures but are flagged as post-revocation by any auditor with the revocation list and the receipt's issuance epoch. The receipt format includes both fields by design.

Why The EU Context Matters

The EU AI Act, in force since 2024, requires deployers of high-risk AI systems to keep automatically-generated logs and to ensure the system is used in accordance with instructions. The deployer obligation is unmet if the deployer cannot prove which agent acted when and who authorised it. An EU-hosted, EU-issued AI identity stack removes the cross-border transfer question entirely: the issuance, the revocation list, and the verifier all live inside the EEA. The full Article 26 deployer-obligation mapping is at /article-26-walkthrough.

What's Live Today

Issuance: /identity for the explainer, agent passport endpoints in production.
Verification: JWKS at /grid/.well-known/jwks.json, evidence public key at /.well-known/aegis-evidence-pubkey.pem.
Revocation: per-org list under /.well-known/aegis-agent-revocation/.
Governance binding: the same passport is accepted at /api/protect as the X-AEGIS-Tag header, which means the identity layer composes with the 15-layer governance stack without a second issuance step.

Where To Start

If you're evaluating AI identity for a deployment: read /identity for the product surface, /what-is-passport for the explainer, /blog/agent-passport-did-key-explained for the DID:key path, and /governance for how the passport composes with the rule packs. Issue request: /identity.