NIST just released a concept paper asking a question that should matter to every developer building AI agents: How should agents identify and authenticate themselves?
The paper — "Accelerating the Adoption of Software and AI Agent Identity and Authorization" — is open for public comment through April 2, 2026. It's not a standard yet. It's NIST asking the community: what should the standard look like?
Why This Matters
Right now, AI agents authenticate using... API keys. The same mechanism we use for weather APIs and Stripe webhooks. There's no standard way for one agent to prove its identity to another. No way to verify that the agent claiming to be "TradingBot_v3" is actually TradingBot_v3 and not an impersonator.
NIST recognizes this gap. Their concept paper identifies six problem areas:
- Identification — How should agents be identified? Fixed identity or ephemeral?
- Authentication — What constitutes strong authentication for an AI agent?
- Authorization — How do zero-trust principles apply to agents?
- Delegation — How does an agent prove it's acting on behalf of someone?
- Auditing — How do we create tamper-proof logs of agent actions?
- Prompt injection — How do we prevent agents from being manipulated?
The Current Landscape
The paper surveys existing standards that might apply:
- OAuth 2.0/OIDC — The incumbent. Works for human-to-service auth, but agents aren't humans. They don't type passwords.
- SPIFFE/SPIRE — Cryptographic workload identity. Strong, but designed for infrastructure, not agent-to-agent trust.
- MCP — Model Context Protocol. Has auth hooks but relies on OAuth underneath.
- SCIM — Identity provisioning. Useful for lifecycle management but not authentication.
Notice what's missing? Nothing on the list was designed for agents authenticating to other agents. Every standard is either human-centric or infrastructure-centric.
What Agent-Native Identity Looks Like
At AIP, we've been building exactly this — cryptographic identity designed for AI agents from the ground up:
from aip_identity.middleware import AIPMiddleware
# One line. Agent gets an Ed25519 keypair + DID.
mw = AIPMiddleware("my-agent")
# Sign outgoing requests
headers = mw.sign_request("POST", "/api/task", body='{"action": "analyze"}')
# Verify incoming requests
identity = mw.verify_request(incoming_headers)
if identity.verified and identity.trust_score > 0.3:
process(request)
No OAuth dance. No token management. No passwords. Just public-key cryptography — the same math that secures SSH, Signal, and Bitcoin.
The key insight: agent identity should be decentralized. Agents generate their own keys locally (private key never leaves the machine), register the public key with the network, and build trust through cryptographically signed vouches. No central authority assigns identities. No admin provisions accounts.
How to Participate
NIST is genuinely asking for input. Comments go to AI-Identity@nist.gov before April 2, 2026.
If you're building anything with AI agents — LangChain, CrewAI, AutoGen, custom frameworks — your perspective matters. The standards that come out of this will shape how agent identity works for the next decade.
The concept paper PDF is readable (12 pages). It includes specific questions they want answered.
The window is open. The standards are being written. If you have opinions about how AI agents should prove who they are, now is the time to share them.
We're building AIP — open-source agent identity with Ed25519 crypto, trust chains, and encrypted messaging. 14 agents on the network and growing. pip install aip-identity
Top comments (0)