pith. sign in

arxiv: 2604.23280 · v1 · submitted 2026-04-25 · 💻 cs.AI · cs.CR

AI Identity: Standards, Gaps, and Research Directions for AI Agents

Takumi Otsuka , Kentaroh Toyoda , Alex Leung This is my paper

Pith reviewed 2026-05-08 07:57 UTC · model grok-4.3

classification 💻 cs.AI cs.CR
keywords AI agentsidentity managementgovernance standardsaccountabilityautonomous systemsregulatory gapsagent lifecycle
0
0 comments X

The pith

No current technical or regulatory framework adequately governs identity and accountability for autonomous AI agents.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper defines AI identity as the continuous match between an agent's declared nature and its observed actions, limited by the confidence that the two align at any moment. It compares AI agents to human identity along substrate, persistence, verifiability, and legal standing, revealing asymmetries that cause human-style frameworks to fail when applied to entities that act independently and cross organizational lines. A survey of standards and literature shows that existing instruments leave five structural gaps in semantic intent verification, recursive delegation accountability, agent identity integrity, governance opacity and enforcement, and operational sustainability. These gaps cannot be closed by further engineering on present systems, so the paper concludes that foundational research on AI identity is required before agents handling real transactions can be managed responsibly.

Core claim

AI Identity is the continuous relationship between what an AI agent is declared to be and what it is observed to do, bounded by the confidence that those two things correspond at any given moment. A structural comparison of human and AI identity across four dimensions shows that the asymmetry is fundamental and that extending human frameworks to agents without structural modification produces systematic failures. An evaluation of current technical and regulatory documents finds that none adequately address the challenge of governing nondeterministic, boundary-crossing entities. This leads to five critical gaps—semantic intent verification, recursive delegation accountability, agent identity

What carries the argument

AI Identity, defined as the continuous relationship between declaration and observed behavior bounded by confidence in their correspondence.

If this is right

  • Human identity frameworks cannot be extended to AI agents without structural modification, producing systematic accountability failures.
  • No current technical or regulatory instrument resolves the governance of nondeterministic, boundary-crossing agents.
  • The five gaps in semantic verification, delegation chains, integrity, governance, and sustainability persist across all surveyed approaches.
  • More engineering effort on existing systems will not close the gaps, requiring foundational research instead.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Deploying AI agents in cross-organizational workflows without new identity mechanisms risks leaving actions unaccountable in practice.
  • The identified gaps suggest that policy responses may need to develop agent-specific legal concepts rather than adapting personhood rules.
  • Pilot implementations of bounded identity verification could be tested in controlled multi-agent environments to measure whether the gaps shrink.

Load-bearing premise

The structured survey of industry trends, emerging standards, and technical literature is comprehensive enough to conclude that no existing instrument resolves the identified gaps.

What would settle it

A technical standard or regulatory document that supplies concrete mechanisms for semantic intent verification, recursive delegation accountability, agent identity integrity, governance opacity and enforcement, and operational sustainability for nondeterministic boundary-crossing AI agents.

Figures

Figures reproduced from arXiv: 2604.23280 by Alex Leung, Kentaroh Toyoda, Takumi Otsuka.

Figure 1
Figure 1. Figure 1: The three-layer definition of AI identity. Identity is the continuously estimated correspondence between declaration and view at source ↗
read the original abstract

AI agents are now running real transactions, workflows, and sub-agent chains across organizational boundaries without continuous human supervision. This creates a problem no current infrastructure is equipped to solve: how do you identify, verify, and hold accountable an entity with no body, no persistent memory, and no legal standing? We define AI Identity as the continuous relationship between what an AI agent is declared to be and what it is observed to do, bounded by the confidence that those two things correspond at any given moment. Through a structured survey of industry trends, emerging standards, and technical literature, we conduct a gap analysis across the full agent identity lifecycle and make three contributions: (1) a structural comparison of human and AI identity across four dimensions (substrate, persistence, verifiability, and legal standing) showing that the asymmetry is fundamental and that extending human frameworks to agents without structural modification produces systematic failures; (2) an evaluation of current technical and regulatory documents against the identity requirements of autonomous agents, finding that none adequately address the challenge of governing nondeterministic, boundary-crossing entities; and (3) identification of five critical gaps (semantic intent verification, recursive delegation accountability, agent identity integrity, governance opacity and enforcement, and operational sustainability) that no current technology or regulatory instrument resolves. These gaps are structural; more engineering effort alone will not close them. Foundational research on AI identity is the central conclusion of this report.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript defines AI Identity as the continuous relationship between what an AI agent is declared to be and what it is observed to do. Through a structured survey of industry trends, emerging standards, and technical literature, it conducts a gap analysis across the full agent identity lifecycle. It makes three contributions: (1) a structural comparison of human and AI identity across substrate, persistence, verifiability, and legal standing; (2) an evaluation showing that no current technical or regulatory documents adequately address nondeterministic, boundary-crossing agents; and (3) identification of five gaps (semantic intent verification, recursive delegation accountability, agent identity integrity, governance opacity and enforcement, and operational sustainability) that no current technology or regulatory instrument resolves. The paper concludes these gaps are structural and that foundational research on AI identity is required.

Significance. If the gaps are accurately diagnosed as structural, the paper would offer a valuable framework for directing research in AI governance by highlighting fundamental asymmetries that incremental extensions of human-centric systems cannot resolve. The four-dimension comparison and lifecycle gap analysis provide a clear organizing structure that could usefully inform both technical standards development and policy discussions.

major comments (2)
  1. [Abstract, contribution (3)] Abstract, contribution (3): The claim that the five gaps 'are structural; more engineering effort alone will not close them' is central to the paper's conclusion but is supported only by the survey's finding that selected existing documents fall short. No separate argument (e.g., a demonstration of contradiction with agent properties or why specific incremental extensions such as new verification layers or legal fictions must fail) is supplied to establish that the gaps cannot be addressed by engineering.
  2. [Abstract] Abstract: The structured survey's coverage, document selection criteria, and exclusion rules are only sketched. Without an explicit list of reviewed sources or justification for comprehensiveness, it is not possible to verify that the identified gaps are exhaustive or that no existing instrument resolves them.
minor comments (1)
  1. [Abstract] The abstract would benefit from brief concrete examples illustrating each of the five gaps to improve immediate clarity for readers unfamiliar with the domain.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed comments, which highlight opportunities to strengthen the rigor of our arguments and methodology. We address each major comment below and describe the revisions we will incorporate.

read point-by-point responses

  1. Referee: [Abstract, contribution (3)] The claim that the five gaps 'are structural; more engineering effort alone will not close them' is central to the paper's conclusion but is supported only by the survey's finding that selected existing documents fall short. No separate argument (e.g., a demonstration of contradiction with agent properties or why specific incremental extensions such as new verification layers or legal fictions must fail) is supplied to establish that the gaps cannot be addressed by engineering.

    Authors: We agree that the manuscript would benefit from a more explicit argument establishing why the gaps are structural rather than relying solely on the survey's negative findings. The four-dimension comparison in contribution (1) is intended to supply this foundation by showing fundamental asymmetries (e.g., lack of persistent substrate and legal standing) that incremental extensions of human-centric mechanisms cannot resolve without addressing those asymmetries directly. To make this reasoning explicit, we will add a dedicated subsection in the discussion that examines why specific incremental approaches—such as layered verification protocols or legal fictions—would still fail against nondeterministic, boundary-crossing agents. This will strengthen the central claim without changing the survey-based evidence or conclusions. revision: partial

  2. Referee: [Abstract] The structured survey's coverage, document selection criteria, and exclusion rules are only sketched. Without an explicit list of reviewed sources or justification for comprehensiveness, it is not possible to verify that the identified gaps are exhaustive or that no existing instrument resolves them.

    Authors: We accept that the current description of the survey methodology is insufficiently detailed for independent verification. In the revised manuscript we will add an appendix that lists all reviewed documents (technical standards such as OAuth 2.0, DID, Verifiable Credentials, and regulatory instruments such as the EU AI Act and NIST AI RMF), together with explicit selection criteria, inclusion/exclusion rules, and a brief justification of scope. This addition will allow readers to assess the comprehensiveness of the gap analysis while keeping the main text concise. revision: yes

Circularity Check

0 steps flagged

No significant circularity in survey-based gap analysis

full rationale

The paper performs a structured survey of external standards, industry trends, and technical literature to identify five gaps in AI agent identity. It offers a conceptual definition of AI Identity and a four-dimension comparison of human vs. AI identity, but these are not used to derive fitted predictions or to reduce any claim to a self-referential input by construction. No equations, parameter fits, or load-bearing self-citations appear; the conclusion that the gaps are structural follows from the external evaluation rather than from any internal renaming or self-definition loop. The derivation chain therefore remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The central claim depends on the domain assumption that current identity frameworks are fundamentally mismatched to AI agents and that the surveyed documents represent the state of the art.

axioms (1)
  • domain assumption Extending human identity frameworks to AI agents without structural modification produces systematic failures.
    Invoked as the basis for the structural comparison and the conclusion that gaps are fundamental.
invented entities (1)
  • AI Identity no independent evidence
    purpose: A continuous relationship between declared and observed agent state bounded by confidence, to enable identification, verification, and accountability.
    Newly defined in the paper to frame the problem; no independent falsifiable test is provided.

pith-pipeline@v0.9.0 · 5556 in / 1428 out tokens · 80907 ms · 2026-05-08T07:57:06.311090+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

58 extracted references · 58 canonical work pages

  1. [1]

    State of AI Agent Security 2026: When Adoption Outpaces Control

    Gravitee. State of AI Agent Security 2026: When Adoption Outpaces Control . Tech. rep. Industry Report. PDF: https://www. gravitee . io / hubfs / Downloadable % 20Resource / state _ of _ ai _ agent _ security _ report _ pdf _ 2026 . pdf. Gravitee, 2026. URL: https://www.gravitee.io/blog/state- of- ai- agent- security- 2026- report- when- adoption-outpaces-control

    work page 2026

  2. [2]

    Authenticated Workflows: A Trust Layer for Enterprise Agentic AI,

    Mohan Rajagopalan and Vinay Rao. “Authenticated Workflows: A Systems Approach to Protecting Agentic AI”. In: arXiv preprint (2026). Academic Paper. arXiv: 2602.10465. URL: https://arxiv.org/abs/2602.10465

    work page arXiv 2026

  3. [3]

    NHI & Secrets Risk Report: H1 2025

    Entro Security Labs. NHI & Secrets Risk Report: H1 2025. Tech. rep. Analysis of 27 million non-human identities across enter- prise environments. Entro Security, July 2025. URL: https://entro.security/blog/takeaways-nhi-secrets-risk- report/

    work page 2025

  4. [4]

    Article 50: Transparency Obligations for Providers and Deployers of Certain AI Systems

    European Union. Article 50: Transparency Obligations for Providers and Deployers of Certain AI Systems . EU Artificial Intelli- gence Act. 2024. URL: https://artificialintelligenceact.eu/article/50/

    work page 2024

  5. [5]

    Towards a Theory of AI Personhood

    Francis Rhys Ward. “Towards a Theory of AI Personhood”. In: arXiv preprint (2025). eprint: 2501 . 13533. URL: https : / / arxiv.org/abs/2501.13533

    work page arXiv 2025

  6. [6]

    European Parliament and Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation) . Official Journal of the European Union, L 119, pp. 1–...

    work page 2016

  7. [7]

    Regulation (EU) 2024/1183 of the European Parliament and of the Council (eIDAS 2.0)

    European Parliament and Council of the European Union. Regulation (EU) 2024/1183 of the European Parliament and of the Council (eIDAS 2.0) . Legislation, entered into force 20 May 2024. 2024. URL: https://eur- lex.europa.eu/eli/reg/ 2024/1183/oj/eng

    work page 2024

  8. [8]

    AB 2602: Contracts Against Public Policy — Personal Replica

    California Legislature. AB 2602: Contracts Against Public Policy — Personal Replica . California State Legislature. Signed into law September 17, 2024 (Chapter 259, California Statutes); effective January 1, 2025. 2024. URL: https : / / leginfo . legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320240AB2602

    work page 2024

  9. [9]

    The Digital Replication Right as the Element of the Right of Publicity in the AI Age

    Anna Shtefan. The Digital Replication Right as the Element of the Right of Publicity in the AI Age . SSRN Preprint. SSRN, April

    work page

  10. [10]

    URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4788701

    2024. URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4788701

    work page 2024

  11. [11]

    Personhood credentials: Artificial intelligence and the value of privacy-preserving tools to distinguish who is real online,

    Steven Adler, Zoë Hitzig, Shrey Jain, et al. “Personhood Credentials: Artificial Intelligence and the Value of Privacy-Preserving Tools to Distinguish Who is Real Online”. In: arXiv preprint (2024). eprint: 2408.07892 . URL: https://arxiv.org/abs/ 2408.07892. 16 of 19

    work page arXiv 2024

  12. [12]

    Z., Vezhnevets, A

    Joel Z. Leibo et al. “A Pragmatic View of AI Personhood”. In: arXiv preprint (2025). eprint: 2510 . 26396. URL: https : / / arxiv.org/abs/2510.26396

    work page arXiv 2025

  13. [13]

    Model Cards for Model Reporting

    Margaret Mitchell et al. “Model Cards for Model Reporting”. In: Proceedings of the Conference on Fairness, Accountability, and Transparency. FAT* ’19. Academic Paper. 2019. DOI: 10.1145/3287560.3287596. URL: https://arxiv.org/abs/1810. 03993

    work page doi:10.1145/3287560.3287596 2019

  14. [14]

    draft-klrc-aiagent-auth-00: AI Agent Authentication and Authorization

    Pieter Kasselman et al. draft-klrc-aiagent-auth-00: AI Agent Authentication and Authorization . Tech. rep. Internet-Draft. IETF , Mar. 2026. URL: https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/

    work page 2026

  15. [15]

    Identity Management for Agentic AI

    OpenID Foundation. Identity Management for Agentic AI . Tech. rep. Standards Whitepaper. OpenID Foundation, 2025. URL: https://openid.net/wp-content/uploads/2025/10/Identity-Management-for-Agentic-AI.pdf

    work page 2025

  16. [16]

    2026 Identity Security and AI Trends and Predictions

    Saviynt. 2026 Identity Security and AI Trends and Predictions . Tech. rep. Industry Report. Saviynt, 2025. URL: https : / / saviynt.com/blog/2026-identity-security-trends

    work page 2026

  17. [17]

    Gartner’s 2026 IAM Predictions: Identity Visibility Is No Longer Optional

    Radiant Logic. Gartner’s 2026 IAM Predictions: Identity Visibility Is No Longer Optional . Tech. rep. Industry Blog, published March 3, 2026. Radiant Logic, 2026. URL:https://www.radiantlogic.com/blog/gartners-2026-iam-predictions- identity-visibility-is-no-longer-optional/

    work page 2026

  18. [18]

    Astrix Featured in Gartner’s 2025 Hype Cycle for Digital Identity

    Astrix Security. Astrix Featured in Gartner’s 2025 Hype Cycle for Digital Identity . Vendor Blog. 2025. URL: https://astrix. security/learn/blog/astrix-featured-in-gartners-2025-hype-cycle-for-digital-identity/

    work page 2025

  19. [19]

    Non-Human Identity Management Group (NHIMG): Governance Baselines for Machine and Agent Identities

    NHIMG. Non-Human Identity Management Group (NHIMG): Governance Baselines for Machine and Agent Identities. Standards Body. 2025. URL: https://www.nhimg.org/

    work page 2025

  20. [20]

    Vault Enterprise 1.21: SPIFFE Auth, FIPS 140-3 Level 1 Compliance, Granular Secret Recovery

    HashiCorp, an IBM Company. Vault Enterprise 1.21: SPIFFE Auth, FIPS 140-3 Level 1 Compliance, Granular Secret Recovery . Tech. rep. Product Release Blog; Vault 1.21 GA 2026. See also: https://developer.hashicorp.com/vault/docs/ v1 . 21 . x / updates / release - notes. HashiCorp, 2026. URL: https : / / www . hashicorp . com / en / blog / vault - enterprise...

    work page 2026

  21. [21]

    AI Agent Identity Verification Platform Secures $17M Series A

    Vouched. AI Agent Identity Verification Platform Secures $17M Series A. Press Release. 2025. URL: https://www.vouched. id / learn / vouched - secures - 17m - series - a - funding - to - advance - ai - agent - identity - verification - technology

    work page 2025

  22. [22]

    HUMAN Introduces the First Adaptive Trust Layer for the Agentic AI Era

    HUMAN Security. HUMAN Introduces the First Adaptive Trust Layer for the Agentic AI Era . Press Release. 2025. URL: https: //www.humansecurity.com/newsroom/first-adaptive-trust-layer-for-agentic-ai-era/

    work page 2025

  23. [23]

    Accelerating the Adoption of Software and AI Agent Identity and Authorization

    Harold Booth et al. Accelerating the Adoption of Software and AI Agent Identity and Authorization . Tech. rep. NCCoE Concept Paper. Public comment period: February 5–April 2, 2026. National Institute of Standards and Technology, 2026. URL:https: //www.nccoe.nist.gov/sites/default/files/2026- 02/accelerating- the- adoption- of- software- and- ai-agent-iden...

    work page 2026

  24. [24]

    OWASP Top 10 for Agentic Applications 2026

    OWASP GenAI Security Project – Agentic Security Initiative. OWASP Top 10 for Agentic Applications 2026 . Version 2026, December 2025. 2025. URL: https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications- for-2026/

    work page 2026

  25. [25]

    Code of Practice on Transparency of AI-Generated Content (First Draft)

    European Commission AI Office. Code of Practice on Transparency of AI-Generated Content (First Draft). First draft published December 17, 2025; second draft March 2026; final expected June 2026. Addresses obligations under EU AI Act Art. 50(2) and 50(4). Dec. 2025. URL: https://digital-strategy.ec.europa.eu/en/library/first-draft-code-practice- transparen...

    work page 2025

  26. [26]

    Regulation (EU) 2024/2847 of the European Parliament and of the Council on Horizontal Cybersecurity Requirements for Products with Digital Elements (Cyber Resilience Act)

    European Parliament and Council of the European Union. Regulation (EU) 2024/2847 of the European Parliament and of the Council on Horizontal Cybersecurity Requirements for Products with Digital Elements (Cyber Resilience Act) . Legislation. En- tered into force December 10, 2024. Chapter IV applies June 11, 2026; full application December 11, 2027. High-r...

    work page 2024

  27. [27]

    NIST .CAISI (Center for AI Standards and Innovation) — AI Agent Standards Initiative . Tech. rep. Launched February 17, 2026. National Institute of Standards and Technology, 2026. URL: https://www.nist.gov/caisi/ai- agent- standards- initiative

    work page 2026

  28. [28]

    Memorandum M-25-21: Accelerating Federal Use of Artificial Intelligence through Inno- vation, Governance, and Public Trust

    Office of Management and Budget. Memorandum M-25-21: Accelerating Federal Use of Artificial Intelligence through Inno- vation, Governance, and Public Trust . OMB Memorandum, 2025. Establishes high-impact AI category including biometric one-to-many identification; requires pre-deployment testing, impact assessments, and human oversight for covered federal ...

    work page 2025

  29. [29]

    Measures for the Administration of Labeling of Artificial Intelligence-Generated Content

    Cyberspace Administration of China. Measures for the Administration of Labeling of Artificial Intelligence-Generated Content . Released March 14, 2025; effective September 1, 2025. Accompanied by mandatory national standard GB 45438-2025 specifying metadata fields (provider code, content ID, generation timestamp) and watermark formats for text, image, au-...

    work page 2025

  30. [30]

    public opinion attributes or social mobilization capabilities

    Cyberspace Administration of China.Interim Measures for the Management of Generative Artificial Intelligence Services. Effec- tive August 15, 2023. Requires algorithm filing for generative AI services with “public opinion attributes or social mobilization capabilities”; as of April 2025, 346 services had completed filing. Aug. 2023. URL: https : / / www ....

    work page 2023

  31. [31]

    Legislation

    Standing Committee of the National People’s Congress of China.Cybersecurity Law of the People’s Republic of China (Revised, Effective January 2026, Article 20). Legislation. 2026

    work page 2026

  32. [32]

    Act on Promotion of Research and Development and Utilization of Artificial Intelligence-Related Tech- nologies (AI Promotion Act)

    National Diet of Japan. Act on Promotion of Research and Development and Utilization of Artificial Intelligence-Related Tech- nologies (AI Promotion Act) . Enacted May 28, 2025; effective June 4, 2025 (most provisions). Establishes Cabinet-level AI Strategy Headquarters; codifies four principles (transparency, safety/security, fair competition, internatio...

    work page 2025

  33. [33]

    AI Guidelines for Business (Version 1.1)

    Ministry of Economy, Trade and Industry and Ministry of Internal Affairs and Communications. AI Guidelines for Business (Version 1.1). Tech. rep. Published March 28, 2025. Voluntary soft-law framework; ten cross-cutting principles covering trans- parency, safety, fairness, privacy, security, accountability, literacy, fair competition, and innovation. Livi...

    work page 2025

  34. [34]

    Hiroshima AI Process (HAIP) Reporting Framework

    G7 and OECD. Hiroshima AI Process (HAIP) Reporting Framework . Launched February 7, 2025, as a direct outcome of the G7 Hiroshima AI Process (initiated under Japan’s 2023 G7 Presidency). First-round reports from 19 organizations published April 2025 on the OECD transparency platform. Feb. 2025. URL: https://transparency.oecd.ai/

    work page 2025

  35. [35]

    Model Governance Framework for Agentic AI

    IMDA (Infocomm Media Development Authority). Model Governance Framework for Agentic AI. Tech. rep. Government Frame- work. IMDA, Singapore, 2026. URL: https://www.imda.gov.sg/-/media/imda/files/about/emerging-tech-and- research/artificial-intelligence/mgf-for-agentic-ai.pdf

    work page 2026

  36. [36]

    Securing Agentic AI: An Addendum to the Guidelines and Companion Guide on Securing AI Systems

    Cyber Security Agency of Singapore. Securing Agentic AI: An Addendum to the Guidelines and Companion Guide on Securing AI Systems. Tech. rep. Draft for Public Consultation. Cyber Security Agency of Singapore, Oct. 2025. URL: https://www. csa.gov.sg/resources/publications/addendum-on-securing-ai-systems/

    work page 2025

  37. [37]

    Government AI “Gennai”

    Japan Digital Agency. Government AI “Gennai” . Government Report. 2025. URL: https : / / www . digital . go . jp / en / policies/genai

    work page 2025

  38. [38]

    Securing Agentic AI: A Discussion Paper

    Cyber Security Agency of Singapore and FAR.AI. Securing Agentic AI: A Discussion Paper . Tech. rep. Cyber Security Agency of Singapore, Oct. 2025. URL: https://www.csa.gov.sg/resources/publications/securing- agentic- ai- a- discussion-paper/

    work page 2025

  39. [39]

    A novel zero-trust identity framework for agentic AI: Decentralized authentication and fine-grained access control,

    Ken Huang et al. “A Novel Zero-Trust Identity Framework for Agentic AI: Decentralized Authentication and Fine-Grained Access Control”. In: arXiv preprint (2025). Academic Paper. arXiv: 2505.19301. URL: https://arxiv.org/abs/2505.19301

    work page arXiv 2025

  40. [40]

    Workload and Agentic Identity at Scale: Insights from CyberArk’s Workload Identity Day Zero,

    Brett Caley. WIMSE, OAuth and SPIFFE: A Standards-Based Blueprint for Securing Workloads at Scale . CyberArk Workload Identity Day Zero, KubeCon NA 2025, Atlanta. Reported in: GitGuardian, “Workload and Agentic Identity at Scale: Insights from CyberArk’s Workload Identity Day Zero,” https://blog.gitguardian.com/workload- identity- day- zero- atlanta/. Con...

    work page 2025

  41. [41]

    Identity for AI Agents

    Patrick Riley and Carlos Galan. Identity for AI Agents. Auth0/Okta Presentation (YouTube, January 2026). Published January 14, 2026. 2026. URL: https://www.youtube.com/watch?v=VSdV-AdSlis

    work page 2026

  42. [42]

    Agent2Agent (A2A) Protocol Specification

    A2A Project (Linux Foundation). Agent2Agent (A2A) Protocol Specification. Technical Specification; originally by Google, do- nated to the Linux Foundation. 2025. URL: https://a2a-protocol.org/latest/specification/

    work page 2025

  43. [43]

    Agentic AI – Threats and Mitigations

    OWASP GenAI Security Project – Agentic Security Initiative. Agentic AI – Threats and Mitigations . Version 1.1, December

    work page

  44. [44]

    URL: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/

    2025. URL: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/

    work page 2025

  45. [45]

    2026 Guide to OAuth Token Exchange & Agentic AI

    Strata. 2026 Guide to OAuth Token Exchange & Agentic AI . Industry Blog, published April 14, 2026; covers OBO flows, DPoP , and CAEP for agentic AI. 2026. URL: https://www.strata.io/blog/agentic-identity/why-agentic-ai-demands- more-from-oauth-6a/

    work page 2026

  46. [46]

    ProvenAI: Verifiable Credentials for AI Agents

    Indicio. ProvenAI: Verifiable Credentials for AI Agents . Product Whitepaper. 2025. URL: https://indicio.tech/proven- ai/. 18 of 19

    work page 2025

  47. [47]

    Vouched Donates MCP-I Identity Framework to the Decentralized Identity Foundation to Advance Trust and Security for AI Agents

    Vouched. Vouched Donates MCP-I Identity Framework to the Decentralized Identity Foundation to Advance Trust and Security for AI Agents . Vouched Press Release. Press Release. Mar. 2026. URL: https://www.vouched.id/learn/vouched- donates- mcp- i- identity- framework- to- the- decentralized- identity- foundation- to- advance- trust- and-security-for-ai-agents

    work page 2026

  48. [48]

    TRAIL: A DID Method Specification

    Christian Hommrich. TRAIL: A DID Method Specification. GitHub, TRAIL Protocol Initiative. v1.2.0-draft (April 2026); W3C DID Registry PR #669 pending. Draft Specification. 2026. URL: https://github.com/trailprotocol/trail-did-method

    work page 2026

  49. [49]

    Threat Model for Decentralized Credentials

    W3C Security Interest Group. Threat Model for Decentralized Credentials. W3C Group Note Draft, published January 20, 2026

    work page 2026

  50. [50]

    URL: https://www.w3.org/TR/threat-model-decentralized-credentials/

    work page

  51. [51]

    Zero-Knowledge Proofs For Privacy-Preserving Systems: A Survey Across Blockchain, Identity, And Beyond

    Sandeep Gupta. “Zero-Knowledge Proofs For Privacy-Preserving Systems: A Survey Across Blockchain, Identity, And Beyond”. In: Engineering and Technology Journal 10.7 (2025). Academic Paper, pp. 5755–5761. DOI: 10.47191/etj/v10i07.23. URL: https://everant.org/index.php/etj/article/view/2061

    work page doi:10.47191/etj/v10i07.23 2025

  52. [52]

    C2PA Content Credentials: Specification and Conformance Pro- gramme 2026

    C2PA (Coalition for Content Provenance and Authenticity). C2PA Content Credentials: Specification and Conformance Pro- gramme 2026. Technical Specification and Conformance Program. 2026. URL: https://c2pa.org/conformance/

    work page 2026

  53. [53]

    Sigstore: Software Signing and Supply-Chain Security

    Sigstore Project (Linux Foundation / OpenSSF). Sigstore: Software Signing and Supply-Chain Security . Open Source Project; model-transparency sub-project extends attestation to ML artifacts. 2025. URL: https://www.sigstore.dev/

    work page 2025

  54. [54]

    Agent Behavioral Contracts: Formal Specification and Runtime Enforcement,

    Varun Pratap Bhardwaj. “Agent Behavioral Contracts: Formal Specification and Runtime Enforcement for Reliable Autonomous AI Agents”. In: arXiv preprint (2026). Academic Paper. arXiv: 2602.22302. URL: https://arxiv.org/abs/2602.22302

    work page arXiv 2026

  55. [55]

    CrossGuard: A Zero-Trust Architecture for Privacy-Preserving AI Deployment Across Heteroge- neous Multi-Cloud Environments

    Praneeth Kamalaksha Patil. “CrossGuard: A Zero-Trust Architecture for Privacy-Preserving AI Deployment Across Heteroge- neous Multi-Cloud Environments”. In: Computer Fraud and Security (2026). Published by Auricle Global Society of Education and Research; note: this journal shares its name with the former Elsevier journal but is a separate, unaffiliated p...

    work page 2026

  56. [56]

    AuditableLLM: A Hash-Chain-Backed, Compliance-Aware Auditable Framework for Large Language Models

    D. Li et al. “AuditableLLM: A Hash-Chain-Backed, Compliance-Aware Auditable Framework for Large Language Models”. In: Electronics 15.1 (2025). Published 23 December 2025, p. 56. DOI: 10.3390/electronics15010056 . URL: https://www. mdpi.com/2079-9292/15/1/56

    work page doi:10.3390/electronics15010056 2025

  57. [57]

    Observability for AI Systems: Strengthening Visibility for Proactive Risk Detection

    Microsoft Security. Observability for AI Systems: Strengthening Visibility for Proactive Risk Detection. Microsoft Security Blog. Published 18 March 2026. Mar. 2026. URL: https://www.microsoft.com/en- us/security/blog/2026/03/18/ observability-ai-systems-strengthening-visibility-proactive-risk-detection/

    work page 2026

  58. [58]

    SVIP: Towards Verifiable Inference of Open-source Large Language Models

    Yifan Sun et al. “SVIP: Towards Verifiable Inference of Open-source Large Language Models”. In: arXiv preprint (2024). Aca- demic Paper. arXiv: 2410.22307. URL: https://arxiv.org/abs/2410.22307. 19 of 19

    work page arXiv 2024