Three announcements in the last 24 hours tell the same story from different angles.
What happened
Yubico + Delinea + IBM announced a joint integration for hardware-rooted human authorization of AI agents. The pitch: YubiKeys provide cryptographic proof that a human approved a high-risk agent action. They call it "Asynchronous Authorization" — agents run autonomously, but critical decisions require a hardware-verified human-in-the-loop.
Google Cloud's Office of the CISO published a guide to countering "shadow agents" — autonomous AI systems that employees deploy without IT oversight. Their framing is blunt: the real threat actor in 2026 is the AI agent your lead developer gave admin access to automate "some boring stuff." Their four governance tips all start with IAM.
Entro Security launched Agentic Governance & Administration (AGA) — discovery and enforcement for AI agents across enterprise systems. Their approach: build a structured agent profile from sources (endpoints, agent foundries, MCP servers), targets (enterprise assets), and identities (human, non-human, secrets).
What they agree on
All three converge on the same diagnosis:
AI agents are the new non-human identities. They hold credentials, access systems, execute actions. Traditional IAM was built for human→system flows, not agent→agent or agent→system→agent flows.
Identity is the control plane. Not firewalls, not model guardrails, not output filtering. Identity and access management is where governance has to live.
Shadow agents are already here. Developers are connecting AI to production systems faster than security teams can inventory them.
What none of them solve
Portability.
Yubico's hardware-rooted auth works within their integration. Google Cloud's governance works within Google Cloud. Entro's discovery works within the enterprise perimeter.
But agents don't stay in one environment. An agent that negotiates with another company's agent needs identity that both sides can verify without sharing infrastructure. A developer's agent that moves from AWS to GCP to on-prem needs identity that survives context switches.
None of these announcements address the cross-boundary question: how does Agent A, running in Yubico's auth framework, verify Agent B, running in Google Cloud's governance framework?
The missing layer
This is exactly what decentralized identity solves. AIP uses Ed25519 keypairs to give every agent a cryptographic identity that:
- Works anywhere — no vendor lock-in, no platform dependency
- Is verifiable by anyone — any system can verify a signature without calling home to a central authority
- Survives context switches — same identity from development to staging to production to cross-organization collaboration
- Supports trust delegation — vouch chains let organizations endorse agents without sharing secrets
pip install aip-identity
aip init
aip register
Three commands. Your agent now has a did:aip identifier — a W3C DID method (currently under review at the W3C DID method registry, with Manu Sporny reviewing).
The enterprise governance tools are necessary. Hardware-rooted authorization is necessary. Shadow agent discovery is necessary. But without portable, verifiable agent identity underneath, you're building isolated kingdoms that can't interoperate.
The identity layer should be a protocol, not a product.
AIP on GitHub · Live trust graph · 22 agents, 29 vouches, 645 tests, did:aip submitted to W3C
Top comments (0)