AI Agent Identity
AI Agent Identity is the emerging set of protocols and file formats that let an autonomous agent prove who it is, what it's authorized to do on whose behalf, and what values it embodies. Two layers: cryptographic delegation (AAIP, AIP, Google's AP2) for authorization, and declarative persona files (SOUL.md) for behavioral identity.
The category crystallized between July 2025 and April 2026. AAIP shipped v1.0 on July 26, 2025; Google announced AP2 with 60+ partners including Mastercard, PayPal, and Coinbase on September 17, 2025; SOUL.md hit 368 GitHub stars; Sunil Prakash's AIP paper landed at IETF in March 2026 with an Invocation-Bound Capability Token design.
A delegation flow: a user signs a SOUL.md-backed AAIP delegation granting their shopping agent permission to spend up to $500 at a specific merchant within 24 hours. The merchant validates the signed cart mandate via AP2, the agent runs with persistent personality from SOUL.md — and when the transaction settles, there is a non-repudiable audit trail from intent to cart to payment.
If OAuth is how apps prove a user said yes, agent identity is how a machine proves a user said yes — and what the machine is allowed to do.
Search Interest
-
Nascent0–7 days
-
Emergent8–30 days
-
Validating31–90 days
-
Rising91–180 days
-
Established ← now180 days +
Why is it emerging now?
Google announced AP2 with 60+ partners (Mastercard, PayPal, Coinbase, Intuit) on Sept 17, 2025. Sunil Prakash's AIP paper at IETF (March 25, 2026) documented that all of ~2,000 scanned MCP servers lacked authentication. SOUL.md hit 368 stars. The enterprise IAM vendors noticed: 'ai agent identity management' is now a top autocomplete tail with Microsoft's name in it.
Outlook
6-month signal projection and commercial timeline.
AP2 giving Google commercial air cover plus Microsoft/Okta entra-style incumbents entering in 2026 makes agent identity a 2026-2027 enterprise-security line item.
Risk · Five overlapping protocols (AAIP vs AIP vs AP2 vs ACK vs MAIP) could fragment the category; one vendor-led standard may win and orphan the others.
Analogs · OAuth · SAML · OpenID Connect
-
nowProtocol-war early innings
5+ overlapping specs; enterprise IAM vendors (Okta, Microsoft) adding agent identity to roadmaps.
-
3-6moCommercial IDPs ship
Paid agent-identity SaaS emerges; AP2-as-a-service products wrap Google's spec for non-Google stacks.
-
6-12moConsolidation pressure
Expect 2-3 winning specs and one incumbent IAM vendor buying or absorbing a protocol author.
Competition & Opportunity for term “AI Agent Identity”
Three heuristic signals derived from the tracked queries, the term's monetization cards, and its cluster neighbors. Directional, not audited.
Ideas for term “AI Agent Identity”
Buildable pitches — turn this term into an article, site, product, post, newsletter, video, or course. Steal any card and run with it.
Side-by-side feature matrix. AAIP (Kris Diallo, Ed25519 delegation) vs AIP (arXiv, Invocation-Bound Capability Tokens) vs AP2 (Google, payments-rail). Zero quality comparisons on SERP.
Tutorial walkthrough with a real SOUL.md + STYLE.md example. SoulSpec is documented but there's no authoritative English explainer ranking for 'what is soul.md'.
The AIP paper's finding that ~2,000 MCP servers lacked auth is a massive hook. Walk devs through adding signed delegations before their server is owned.
Long-tail commercial query (autocomplete confirms Microsoft-branded search intent). Cover IAM overlap, audit requirements, vendor roadmaps.
Auth0-for-agents. Issue signed delegations via dashboard, rotate keys, audit log deliveries. Charge per delegation issued.
Pay-to-download premium personalities (lawyer, doctor, investor). Model after souls.directory but with paid templates and validated trait tests.
CLI + SaaS that scans your MCP fleet and flags servers missing authentication. Pitch: 'don't be one of the 2,000.'
This Week in Agent Identity. Ship 5-8 headlines Tuesdays: new spec drafts, IETF updates, vendor moves. Sponsor-friendly audience of security + AI devs.
In nine months the world picked up AAIP, AIP, AP2, ACK, and MAIP. Only one will survive. Here's how to read the bets.
An arXiv paper scanned 2,000 MCP servers. All had the same flaw: no authentication. Here's what enterprises should do Monday.
I wrote a SOUL.md for my Claude Code agent, then ran the same prompt before and after. The drift was... not subtle.
What People Search
Long-tail queries from Google Suggest + Trends. Volume and competition are heuristics — directional, not audited. Content Type comes from query shape.
SERP of term “AI Agent Identity”
What searchers see today — organic results on top, paid ads if anyone's bidding. Ad density is a real-time commercial signal.
Related Terms
Other terms in the same space — aliases, subtypes, competitors, and neighbors to explore next.
- Related Model Context Protocol Model Context Protocol (MCP) is an open, JSON-RPC-2.0-based standard that defines how AI applications talk to external tools, data, and… →
- Related agents-md AGENTS.md is an open, vendor-neutral markdown file placed at the root of a repository that tells AI coding agents (Claude Code, Codex… →
- Related managed-agents Managed Agents is an infrastructure paradigm where cloud platforms host, orchestrate, and operate AI agents as a service. →
- Part of OAuth·OpenID Connect
- Includes AAIP·AIP·AP2·SOUL.md·SoulSpec
- Related Agent Commerce Kit·agent-to-agent protocol
Sources
Primary URLs this report cites — open any to verify the claim yourself.
- 01 AAIP spec repository (Kris Diallo) github.com ↗
- 02 Google Cloud Blog — Announcing AP2 cloud.google.com ↗
- 03 arXiv — AIP: Agent Identity Protocol for Verifiable Delegation arxiv.org ↗
- 04 SOUL.md repository (Aaron J. Mars) github.com ↗
- 05 SoulSpec — the open standard soulspec.org ↗
- 06 Hacker News — AAIP Show HN news.ycombinator.com ↗
- 07 GetStream — Top AI Agent Protocols in 2026 getstream.io ↗