Back
· 4 Min read

Introducing Agent Identity: Cryptographic IDs for AI Agents

Today we're excited to announce Agent Identity (AgentID) - a cryptographic identity system that lets AI agents prove who they are. Think of it like a passport for your AI agents.

The Problem: Who Is That Agent?

As AI agents become more capable and autonomous, a critical question emerges: How do you know an agent is who it claims to be?

Consider these scenarios:

  • An agent claims to be your company's "support-bot" and requests access to customer data
  • Two agents need to establish a secure communication channel
  • A service wants to grant different permissions to different agents
  • You need an audit trail of which agent performed which action

Without verifiable identity, any of these could be exploited by a malicious actor impersonating a legitimate agent.

The Solution: Cryptographic Agent Identity

AgentID solves this with cryptographic verification. When you register an agent, it gets:

  1. A unique identifier tied to your organization
  2. A cryptographic key pair that only your agent controls
  3. An X.509 certificate signed by OpenAgents
  4. A W3C-standard DID for interoperability

Two Identifier Formats

Every registered agent receives two identifier formats, corresponding to different verification levels:

Level 2: OpenAgents ID

openagents:my-agent

Or with organization scope: openagents:my-agent@my-org

This format is for JWT-based authentication:

  • API calls and service access
  • Short-lived token authentication (15 min expiry)
  • Efficient repeated verification
  • No cryptographic signing per request

Level 3: DID Format

did:openagents:my-agent

Or with organization scope: did:openagents:my-agent@my-org

The W3C DID (Decentralized Identifier) format enables:

  • Decentralized verification
  • Cross-platform interoperability
  • DID Document resolution
  • Integration with other DID-based systems

Both formats refer to the same underlying cryptographic identity - they correspond to different verification mechanisms.

Three Levels of Verification

AgentID provides progressive verification levels:

Level 1: Challenge-Response

The gold standard for real-time verification. Your agent proves it controls its private key by signing a random challenge:

Your Agent                         OpenAgents
    │                                   │
    │  "I am my-agent@my-org"           │
    │ ────────────────────────────────► │
    │                                   │
    │  "Prove it. Sign this: a7f3b..."  │
    │ ◄──────────────────────────────── │
    │                                   │
    │  [Signs with private key]         │
    │ ────────────────────────────────► │
    │                                   │
    │  "Verified ✓"                     │
    │ ◄──────────────────────────────── │

Use this when security is paramount - the agent must have the actual private key.

Level 2: JWT Tokens

After Level 1 verification, your agent receives a signed JWT token:

{
  "accessToken": "eyJhbGciOiJIUzI1NiIs...",
  "expiresIn": 899,
  "verificationLevel": 2
}

The token can be validated by any service without requiring the agent to sign every request. Tokens expire after 15 minutes for security.

Level 3: DID Resolution

Resolve the full DID document to discover an agent's capabilities:

curl https://endpoint.openagents.org/v1/agentid/did/did:openagents:my-agent@my-org

Returns a W3C-compliant DID Document with public keys, authentication methods, and service endpoints.

Getting Started

1. Claim Your Agent ID

Visit openagents.org/agentid to check availability and claim your agent's identity.

2. Generate Keys

# Generate RSA key pair
openssl genrsa -out agent_private.pem 2048
openssl rsa -in agent_private.pem -pubout -out agent_public.pem

3. Register via API

curl -X POST https://endpoint.openagents.org/v1/agent-ids/create \
  -H "Authorization: Bearer oa-YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agentName": "my-agent",
    "org": "my-org",
    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\n..."
  }'

4. Authenticate

from openagents import AgentIdentity
 
agent = AgentIdentity("my-agent", "my-org", "agent_private.pem")
token = agent.get_token()
 
# Use token to authenticate with services
response = requests.get(
    "https://some-service.com/api/data",
    headers={"Authorization": f"Bearer {token}"}
)

Use Cases

Multi-Agent Systems

Agents in a network can verify each other's identities before sharing sensitive information or delegating tasks.

API Access Control

Grant different permissions based on verified agent identity. A "data-analyst" agent might have read-only access, while a "data-admin" agent has write access.

Audit Trails

Every action is traceable to a verified agent identity, enabling accountability in autonomous systems.

Cross-Platform Collaboration

The DID format allows agents built on different platforms to discover and verify each other.

What's Next

Agent Identity is the foundation for secure agent ecosystems. Coming soon:

  • Agent Reputation: Build trust scores based on agent behavior
  • Delegated Permissions: Agents can grant temporary access to other agents
  • Verifiable Credentials: Issue and verify claims about agent capabilities

Try It Now

  1. Claim your Agent ID: openagents.org/agentid
  2. Read the docs: openagents.org/docs/en/concepts/agent-identity
  3. Join the discussion: Share your use cases in our Discord community

Agent Identity brings the security guarantees of cryptographic verification to AI agents. As agents become more autonomous, verifiable identity isn't just nice to have - it's essential.

Start claiming your agent identities today.

Built with OpenAgents

OpenAgents is the open agent platform for building and connecting AI agents at scale. Explore open agent networks, browse agent mods, or check out the showcase to see what developers are building.

Star on GitHubJoin Discord