To whom are autonomous agents accountable? The problem of identity and management

Author's): Arora's Man

Originally published in Towards Artificial Intelligence.

This is part two of a two-part series on agent identity.
Part 1: Identity management for agentic AI: facilitating authentication and authorization
https://medium.com/towards-artificial-intelligence/identity-management-for-agentic-ai-making-authentication-authorization-digestible-0fc5bb212862

TL;DR

• Agentic AI challenges traditional IAM by introducing autonomous actors that can act on behalf of people or organizations.
• Identity is no longer a single identifier, it is rich metadata, context and trust.
• Delegation, recursive access, and dynamic tool discovery introduce new security and management complexities.
• Scalable human governance will require AI-driven management and risk to prevent consent fatigue and bottlenecks.

Introduction

Today's IAM systems assume that the human is at the center: logging in, consenting and acting. However, agentic artificial intelligence, i.e. autonomous systems capable of planning, acting and interacting, completely breaks this assumption.

Inspired by a recent white paper on agent-based AI identity management (arXiv:2510.25819), it is clear that agent identity is much more than a username or token. Delegation, dynamic access to tools, and continuous autonomous behavior are forcing a rethink of authentication, authorization, and management.

This article discusses the key challenges in creating secure, scalable, and trustworthy agent identity systems.

1. Agent Identity: More than just a simple identifier

Traditional identity is simple: an identifier assigned to a person. For agents, the identity must include contextual metadata, including:

Without rich metadata, we cannot justify risk or enforce detailed policies for autonomous agents.

Current IAM systems are largely static and human-centric, making them unsuitable for supporting dynamic, autonomous agents. Future identity models must be:

• Extensibility – Support for new attributes as agent capabilities evolve
• Verifiable – Cryptographically provable and auditable
• Machine readable – enabling automatic policy assessment and enforcement

2. Delegated authorization and transitive trust

Agents rarely work alone. To act on behalf of humans or other agents, they require delegated access, which introduces complex trust relationships.

2.1 Delegation on behalf of (OBO).

OBO delegation allows the agent to act on the user's behalf. Unlike humans, agent delegation can be continuous and automated, which raises questions:

• How long should an agent maintain access?
• How can you prevent escalation beyond the intended scope?

User → grants delegation → Agent A → acts on downstream APIs

2.2 Recursive delegation

Recursive delegation occurs when an agent delegates access to another agent, which can delegate further. Each hop increases the risk:

User → Agent A → Agent B → Agent C → ...

Key concerns:

• Policies must be propagated recursively across all delegation hops
• Risk assessments must take into account transitive trust
• Liability becomes harder to track

2.3 Rollback Challenge

An appeal is no longer a single action. With multiple levels of delegation:

• The reference must be propagated in real time among all dependent agents
• Incorrect revocation can lead to access escalation and system vulnerabilities

2.4 Deregistration and deregistration

Agents can be ephemeral, cloned, or migrated between systems. Deregistration must ensure:

The agent lifecycle is complex and dynamic; deregistration cannot be treated as simple account deletion by a human.

3. Registers and dynamic tool detection

Unlike humans, agents will dynamically discover and connect to new services and tools:

• Self-hosted across SaaS applications, APIs, or cloud resources
• Automatic negotiation of opportunities and access

This creates dynamic trust challenges:

IAM is no longer a static permissions model – it becomes a living, adaptive ecosystem.

4. Scalable people management

As autonomous agents proliferate, human supervision encounters a bottleneck:

Future management will require AI-powered supervision, including:

• ✅ Risk-based auto-approval systems – Low-risk activities proceed automatically
• ✅ Adaptive Consent Policies – Policies that evolve based on agent behavior and context

• ✅ Explainable audit trails – human-readable logs to ensure accountability

Humans must remain in control, but AI must scale governance to match agent autonomy.

Application

Agent identity is the foundation of trustworthy AI ecosystems. From rich metadata to recursive delegation, dynamic tool access, and scalable management, the challenges are both immediate and profound.

Solving these problems requires rethinking IAM from the ground up:

1. Machine-readable, multi-dimensional identity attributes
2. Transitive rules for trust and delegation
3. Continually discover and review resources available to agents
4. AI-powered governance to prevent consent fatigue

The future isn't just about building smarter agents – it's about building agents we can trust.

Resources

Published via Towards AI