Machine identities outnumber humans in most enterprises today. AI agents act at machine speed across APIs and MCP servers — most with shared credentials, no scoped authority, and no accountability chain back to who authorised them.
Between 2024 and 2026, the adoption of agentic AI — autonomous systems executing multi-step workflows across APIs, tools, and data sources — moved from novelty to production across industries. The Model Context Protocol (MCP) and similar agent-framework standards accelerated this integration into enterprise stacks.
The identity governance underneath did not scale with it. Most production AI agents authenticate using shared service accounts, long-lived API tokens, or static credentials stored in secret managers. None of these identify which human owns the agent's authority — or what happens when that human's role changes.
The EU AI Act's high-risk system obligations enter enforcement in August 2026. Article 12 requires automatic logging of events during system operation. Article 14 requires human oversight. Neither is enforceable without cryptographic identity binding agent actions to human sponsors.
Agent deployments are not evenly distributed. These are the environments where autonomous action is highest-volume, highest-risk, and most in need of identity governance today.
Autonomous agents handling reconciliation, payments, fraud investigation, and algorithmic trading. DORA requires auditable access to ICT systems; MiFID II requires algorithmic trading accountability. Without identity binding, both are unenforceable.
CI/CD pipelines, infrastructure-as-code agents, security automation. Agents routinely deploy production changes — often with broader permissions than any single human engineer. SOC 2 and NIS2 both now require traceability to originating human authority.
Chatbots, support agents, sales assistants, insurance adjusters. When an agent commits your company to a price, a claim, or a contract — you need to prove which human authorised that agent's authority, and at what scope.
Current non-human identity practice — API tokens in Vault, OAuth client credentials, IAM service accounts — was designed for machine-to-machine communication. Agentic AI is something new: autonomous actors making human-equivalent decisions on behalf of human principals. The identity layer underneath needs to reflect that.
Non-human identity has three existing approaches today — secret managers (HashiCorp Vault, AWS Secrets Manager), workload identity platforms (SPIFFE/SPIRE), and OAuth-based machine-to-machine frameworks. Each solves part of the problem. None solves the cryptographic binding between an agent's authority and the human who delegated it.
| Capability | Secret Manager | Workload Identity (SPIFFE) | IdentiGate |
|---|---|---|---|
| Per-agent unique identity | Typically shared | Yes | Yes |
| Cryptographic delegation from human | No | No | Yes — passport-anchored |
| Scoped authority per action | No | Partial — via policy | Yes — cryptographic |
| Action signing at AdES level | No | No | Yes — default |
| EU AI Act Article 12 evidence | No | Partial — access logs | Yes — tamper-evident |
| Revocation on human role change | Manual | Manual | Automatic propagation |
| MCP & agent-framework native | No | No | Yes — designed for |
IdentiGate is not a replacement for your secret manager. It is the layer that binds the credentials inside it to a verified human principal — creating the accountability chain that agents, MCP servers, and autonomous workflows require under the EU AI Act and NIST AI RMF.
Most production agents authenticate via service accounts shared across multiple agents, pipelines, or environments. When something goes wrong, the post-incident investigation cannot answer "which agent did this?" — let alone "which human authorised it?"
IdentiGate issues a unique cryptographic identity per agent, delegated from the human sponsor's passport-verified key. Every action traces back, not guessed at.
A credit-memo agent gets the same permissions as a full finance user, because the identity system can't scope narrower. A support agent can read entire customer profiles because the IAM was designed for human users. Least-privilege is aspirational when the identity primitives are too coarse.
Cryptographic delegation supports per-task, time-bound scopes. An agent authorised for "memos under €5,000, 09:00–17:00 UTC Mon–Fri" cannot operate outside it — structurally.
When a human leaves the company or changes role, the agents they delegated to typically keep running. Their credentials persist until someone remembers to rotate them. This is the #1 source of orphaned machine identities — and the #1 route by which ex-employee attacks escalate.
An agent's authority is cryptographically bound to the human principal. When the principal's role changes, the agent's authority changes with it — provably, with audit trail.
Article 12 requires automatic logging. Article 14 requires human oversight. Article 17 requires quality management including risk documentation. None of these are technically enforceable with OAuth tokens and centralised logging. They require cryptographic proof connecting agent actions to human decisions.
IdentiGate produces exactly the cryptographic proof the EU AI Act requires — as the default output of how agent identities are issued and used. Not as an add-on compliance module.
Each capability below solves a specific moment in the agent lifecycle — from the first task delegated to an AI, through cross-organisation agent-to-agent workflows, to the EU AI Act evidence record an inspector will ask for. Deployable today, built on our existing products.
A company deploys its first production AI agent. Where does its identity come from? A shared API key copied from a teammate's config. A service account token sitting in a secrets vault. Long-lived credentials anyone with repo access can read. Per-agent cryptographic identity ends this — every agent gets its own passport-delegated key pair on creation. No shared secrets, no long-lived tokens, no credentials to rotate.
The AI agent commits €40K in procurement spend on Tuesday. By Friday, the question is: who authorised it? In most systems, the answer is "the agent" — which is legally meaningless. With human-sponsor delegation, every agent action carries a cryptographic chain back to a specific passport-verified human. The human is in the loop, even when the agent runs autonomously.
"Access the Q3 revenue report, read-only, until end-of-day Tuesday." That is the authority the agent should have. In most IAM setups, this translates into a permission policy that relies on the agent obeying it. With cryptographic scoping, the authority is not a policy to enforce — it is a mathematical envelope the agent cannot exceed, because the key material simply does not permit it.
The agent sends an email to a supplier, triggers a payment, files a regulatory form. Each of these is an action with real-world consequences. A log line saying "agent X did Y at time Z" is not evidence — it can be edited, replayed, or disputed. An AdES-signed action, cryptographically bound to the agent's identity and timestamped, is evidence that survives a court or a regulator.
An EU AI Act inspector arrives and asks for Article 12 logs, Article 14 human-oversight records, and Article 17 risk documentation for the last quarter. In a typical agent deployment, these have to be reconstructed from scattered logs and ticketing systems. With a cryptographic evidence chain, they are already there — produced as a structural by-product of the identity architecture, not a separate compliance module.
The human principal changes roles on Monday. On Tuesday, their five delegated agents are still running with the old authority — because the agent revocation was never wired to the human's IAM event. Automatic revocation propagation closes this gap: when the human's authority changes, the delegation chain downstream changes cryptographically, same transaction, same audit record.
The regulation isn't here yet. Our architecture already is.
A company's procurement agent contacts a partner company's MCP server to negotiate delivery terms. The partner's agent calls back. No human touches either exchange. In today's ecosystem, this runs on shared API keys and bilateral onboarding. With passport-anchored agent federation, each agent carries cryptographic proof of which company it serves and which human authorised it — no pre-provisioned trust required.
The receiving system needs to know the incoming agent is authorised to execute trades — but not the specific scope or authority level. It needs to know the agent represents a regulated entity — but not the entity's internal structure. A zero-knowledge proof confirms the required attribute without disclosing the rest of the identity envelope.
An unsolicited AI agent contacts a company's customer service API and claims to act on behalf of a large counterparty. Is this real? Know Your Agent (KYA) — the organisational equivalent of KYC for AI — cryptographically verifies three facts about the incoming agent: which company it serves, which human authorised its deployment, and what scope of authority it holds. Agents without this proof do not get past the gate.
Embed IdentiGate agent identity into your MCP server, agent framework, or autonomous workflow. Scales from single-agent pilots to regulated enterprise deployments with EU AI Act reporting built-in and direct IAM integration (SPIFFE, Vault, HashiCorp).
Low-code entry point for teams piloting agent identity without full IAM integration. Manual agent creation, eIDAS AdES action signing, evidence artefacts generated on every action — all without engineering work.
For full pricing details, see product pages: Identity Verification, Authentication, AdES Signing. Integration fees are scoped per engagement — we quote after a short discovery call.
Full pricing, volume tiers, and enterprise terms live on the product pages. Integration fee scoped per engagement — we quote after a short discovery call.
20 minutes. A real passport scan, a real MCP server, a real agent operation. See the cryptographic delegation chain, the scoped authority envelope, and the EU AI Act-ready evidence artefact — all generated by one simple flow.