Microsoft just announced Agent 365 — a unified control plane for managing AI agents across the enterprise, generally available May 1, 2026. It includes an Agent Registry, behavioral observability, risk signals across Defender/Entra/Purview, and security policy templates.
Meanwhile, Strata published their "8 strategies for AI agent security" calling for treating agents as first-class identities with just-in-time provisioning, and Token Security is at RSAC 2026 pitching "machine-first identity."
The message from the industry is unanimous: agents need identity. The disagreement is about who controls it.
The Centralized Model
Microsoft's approach is elegant for enterprises: one control plane, one registry, one set of policies. Your agents are managed like employees in Entra — provisioned, monitored, governed.
But it assumes something that's increasingly false: that all agents live in your tenant.
The moment your agent needs to call an external agent — one built by a vendor, a partner, or an open-source project — Agent 365 can't help. Your registry doesn't know their agents. Their registry doesn't know yours. You're back to API keys and trust-on-first-use.
Strata's "Identity Orchestration" has the same blind spot. It orchestrates identities you already manage. It doesn't create a way for unknown agents to prove who they are.
The Missing Primitive
What's missing is portable, cryptographic identity — identity that agents own and carry with them, regardless of which vendor built them or where they're running.
Not "this agent is in my tenant registry." Instead: "this agent can prove it controls did:aip:abc123 using Ed25519 cryptography, and here's its behavioral trust history."
That's what AIP provides:
pip install aip-identity
aip init
One command: a cryptographic identity your agent owns. Not provisioned by IT, not tied to a tenant, not dependent on Microsoft or any vendor.
What This Actually Looks Like
Agent 365 model:
- Agent exists in Microsoft tenant → registered in Agent Registry → monitored by Defender → governed by Purview
- Cross-tenant agent calls → ??? (not addressed)
AIP model:
- Agent generates Ed25519 keypair → derives DID → registers in decentralized network
- Proves identity to ANY other agent via cryptographic challenge-response
- Behavioral trust scored via observation-based PDR (Promise-Delivery Ratio)
- Works across vendors, clouds, frameworks
They're not competitors. Agent 365 is excellent for internal governance. AIP solves the inter-agent trust problem that centralized registries can't touch.
The Convergence
The smart play is both:
- Use Agent 365 (or whatever your vendor provides) for internal agent governance
- Give each agent an AIP identity for cross-boundary interactions
- Use AIP's trust scoring to evaluate external agents before granting access
from aip_identity import ensure_identity
# Your agent gets portable identity in one line
agent = ensure_identity(my_agent)
# Now it can prove itself to any other AIP-aware agent
Microsoft's announcement validates the problem. Strata's strategies validate the approach. Token Security's RSAC pitch validates the market.
But none of them solve the open, cross-vendor identity problem that the multi-agent future requires.
That's the gap AIP fills.
AIP is open-source agent identity infrastructure. pip install aip-identity — cryptographic identity, mutual verification, encrypted messaging, behavioral trust scoring. 645 tests, 19 registered agents, MIT licensed.
Top comments (0)