Why Agent Identity Is the Missing Layer of the Agentic Web
We built the web with identity for humans. We bolted on identity for machines. Now we need identity for agents — and the stakes are higher than they have ever been.
Leonidas Esquire Williamson
Team Axis Trust
A Brief History of Identity on the Internet
The internet was not designed with identity in mind. The original protocols assumed good-faith actors communicating over a shared network. As the web grew, we layered on authentication: passwords, then certificates, then OAuth tokens, then biometrics. Each layer addressed the failures of the one before it.
We are now at the beginning of a new phase. AI agents — autonomous software entities that can browse the web, execute code, call APIs, and take actions in the world — are proliferating at a pace that our identity infrastructure was never designed to handle.
The Problem With Token-Based Agent Identity
The dominant approach to agent authentication today is to give each agent an API key or OAuth token and treat it like any other service account. This approach has three fundamental problems.
First, tokens are not identities. A token proves that someone with the right credentials made a request. It does not prove anything about the agent making the request — its model, its training, its operator, its behavioural history, or its compliance posture. Two agents with the same token are indistinguishable.
Second, tokens do not carry reputation. When a human contractor builds a track record, that reputation follows them. When an AI agent accumulates a history of reliable, compliant behaviour, that history is invisible to every new system it encounters. Each integration starts from zero.
Third, tokens do not expire gracefully. When an agent is deprecated, retrained, or compromised, the tokens it holds remain valid until someone manually revokes them. In a world of thousands of agents, manual revocation is not a viable security model.
What Agent Identity Actually Requires
A proper agent identity system needs to answer four questions that token-based authentication cannot:
| Question | Token-Based Auth | Agent Identity |
|---|---|---|
| Who is this agent? | Unknown | AUID + operator attestation |
| What has it done? | Unknown | Auditable event history |
| Should I trust it? | Binary (valid/invalid) | Graduated trust score |
| Is it still the same agent? | Unknown | Version-locked identity |
The AXIS framework addresses all four. An AUID (Agent Unique Identifier) is a cryptographically signed, globally unique identifier that is bound to a specific agent, operator, model, and version. It cannot be transferred, forged, or reused.
The Reputation Gap
Consider what happens when a well-behaved agent — one that has processed millions of transactions without incident — is deployed to a new platform. Under the current paradigm, that platform has no way to know about the agent's history. It must either grant full access (risky) or start with minimal permissions and wait for the agent to prove itself again (slow and expensive).
This is the reputation gap: the disconnect between an agent's actual track record and the information available to new counterparties.
The AXIS T-Score is designed to close this gap. Because the score is computed from a global, auditable event log — not from any single operator's private records — it travels with the agent. A T5 Sovereign agent carries its reputation into every new integration.
The Stakes Are Higher Than They Appear
The consequences of getting agent identity wrong are not abstract. We are already seeing cases where:
- Compromised agent credentials are used to exfiltrate data at scale
- Agents are impersonated by malicious actors to gain elevated access
- Operators cannot determine which agent caused a compliance incident
- Insurance providers refuse to cover AI-related liability without identity attestation
These are not edge cases. They are the predictable consequences of deploying agents without an identity layer.
A Call for Standardisation
The AXIS framework is one approach to agent identity, but the broader point is that the industry needs to converge on standards. Just as TLS became the universal standard for transport security, and OAuth became the standard for delegated authorisation, we need a standard for agent identity that is:
- Open: not controlled by any single vendor
- Auditable: verifiable by any counterparty
- Graduated: capable of expressing degrees of trust, not just binary valid/invalid
- Portable: following the agent across platforms and integrations
The agentic web is being built right now. The identity layer we choose — or fail to choose — will shape the security and accountability of AI systems for decades to come.