From Shared API Keys to Individual AI Agent Identities
As autonomous agents move from experiments into production workflows, a basic problem has surfaced: most systems still treat them like anonymous scripts. Teams commonly rely on shared API keys, inherited credentials, or persistent access just to let agents talk to each other and to business systems. That model ignores what the task actually requires and makes it impossible to say which agent did what and why. It also amplifies risk as agents gain autonomy, because a single over-permissioned key can let an agent delete data or exfiltrate sensitive information without anyone noticing until it is too late. The industry response is to treat AI agents more like individual users: each agent gets a unique identity, its own credentials, scoped permissions for each task, and detailed attribution for every action. Identity is becoming the foundation for AI agent safety, governance, and accountability.
Keycard Pushes Scoped Access for Multi-Agent Applications
Keycard is targeting this problem directly with its Multi-Agent Apps offering, which extends its identity and access platform to systems made up of many autonomous agents. Instead of one monolithic credential, every agent gets its own verifiable identity, and access is delegated on a session basis per task. That means agents operate with no standing privileges or static credentials, sharply reducing the damage a compromised or misbehaving agent can cause. Each action is fully attributable across agents, users, and systems, giving security teams an audit trail that resembles traditional user activity logs. For developers, the appeal is practical: they can deploy agents and tools into production without having to become identity experts, while still aligning with enterprise controls. In multi-agent architectures that span software development, operations, sales, and finance, this kind of scoped, per-task permissioning is becoming essential to keep autonomy from turning into chaos.
Idira Unifies Human, Machine, and Agentic Identity Security
Palo Alto Networks is approaching AI identity from the enterprise security stack outward with its new Idira platform. Idira sits as a control layer over human, machine, and agentic identities, so security teams can define and enforce consistent policies across employee accounts, service accounts, and autonomous AI agents. It brings together privileged-access management from CyberArk, visibility into AI-related assets from Koi, and AI-agent governance from Portkey. The goal is to give security operations a single place to see what each account or agent is allowed to do, grant temporary elevation when justified, and revoke access once a task is complete. With most organizations already running autonomous agents in production, the cost of slow privilege changes and weak revocation policies is rising. Idira reflects a broader trend: AI identity management is no longer a niche feature but a core part of enterprise security architecture.
Cloudflare and Stripe Show Agents Acting as Verified Customers
While Keycard and Idira focus on internal enterprise controls, Cloudflare and Stripe are demonstrating what happens when AI agents act as external customers. Their new protocol, available through Stripe Projects in open beta, lets agents create cloud accounts, start paid subscriptions, register domains, and deploy applications to production without a human manually copying tokens or entering payment details. The flow relies on Stripe as the identity provider: an agent checks a catalog of services, then uses the user’s Stripe identity to either trigger an OAuth flow for an existing Cloudflare account or automatically create a new one. Payment uses Stripe’s tokenization, and Stripe enforces a default spending cap of USD 100 (approx. RM460) per month per provider. The human still approves terms of service and payment methods, but from that point the agent handles provisioning end-to-end, showing how autonomous agent access control can extend beyond internal systems.
Scoped Permissions and Auditable Autonomy Become the New Baseline
Taken together, these moves signal a new baseline for AI agent identity security. Enterprises are adapting traditional identity and access management practices—unique identities, least-privilege access, temporary elevation, and detailed logging—to autonomous agents that can operate at machine speed. Scoped permissions for agents, whether via Keycard’s per-task sessions or Idira’s unified control layer, are replacing the era of broad, persistent credentials. At the same time, initiatives like the Cloudflare–Stripe protocol show that identity verification and spending controls can allow agents to transact safely with external services. The common thread is attribution: every action by an agent needs to be traceable to a specific identity, policy, and approval. Security teams are now designing playbooks, guardrails, and monitoring around these capabilities to prevent unauthorized actions, contain failures, and keep the benefits of autonomy without surrendering governance.
