AI Agent Identity Explained | Elacity
Most AI agents prove who they are by holding a secret, and a stored secret is one someone else can use. What AI agent identity should be: a key the agent uses at the moment of action and never holds.
AI Agent Identity, Explained: A Stored Secret Is Not an Identity
An AI agent's identity is how a system decides the agent is allowed to act, to read a file, move money, or call another service for you. Most agents prove that identity today by holding a secret: an API key or private key parked somewhere the agent can reach. That stored secret is the one thing an attacker needs to become your agent.
When a person's password leaks, the person might notice, and it is one impersonation. When an agent's key leaks, the attacker inherits a worker that runs every hour of every day, across whatever the key was allowed to touch. You do not get impersonated once. You get replaced.
The industry now has numbers for how common this is. In Gravitee's State of AI Agent Security 2026 survey of more than 900 practitioners, 88% reported confirmed or suspected agent security incidents, yet barely one in five treat their agents as identity-bearing at all. Nearly half still authenticate one agent to another with a shared API key.
What identity means for a machine
Identity is not a name. It is the answer to a narrower question a system asks before it acts: can this actor do this specific thing, right now, and can we prove afterward that it did? For a human we answer with something they are or hold, plus a log. For an agent, most stacks answer with a secret it carries, which collapses identity down to possession of a string.
That collapse is the bug. A string can be copied. Anything that can be copied can be stolen, shared, or left in a log, and once it is out, the system has no way to tell your agent from the attacker holding the same string.
Why a stored secret fails as an identity
A credential an agent holds fails in predictable ways. Name them and the fix becomes obvious.
- It is copyable: a key sitting where an agent can read it sits where malware, a prompt injection, or a curious insider can read it too.
- It is shared: when the same key authenticates many agents, one leak compromises all of them and no log can tell them apart.
- It is standing: the secret works at 3am whether or not the agent has any legitimate reason to act, so a theft has unlimited runway.
- It is unscoped: a key minted for one job usually carries far more authority than the job needs, so a small breach becomes a large one.
- It is unaudited: possession is not proof, so a stolen key produces a clean, trusted log of actions you never authorized.
We have walked through two halves of this before: how a single poisoned input can turn an agent's own authority against you in Ambient Authority, and why storing any secret at all is the weak point in Beyond the Seed Phrase. Agent identity is where both problems meet.
What an AI agent identity should be instead
Flip the model. An agent should be able to prove it may act without ever holding a secret it could lose. This is where Elacity starts. A key is never left sitting for the agent to keep. It is reconstructed for a split second inside a sealed sandbox, welded to one specific transaction, used to sign or decrypt or pay, then wiped. The agent gets the outcome it needed. It never gets the secret, so there is nothing to copy, leak, or reuse. Keys are used, never owned.
The underlying key does not sit whole anywhere either. It is split across an owned set of independent machines, a two-of-three quorum, and each machine re-checks your on-chain rights before it releases its share. No single operator, Elacity included, holds the key, and no share moves unless the rules on the ledger say the agent may act.
Around that, an agent gets no ambient power. It holds narrow, revocable, expiring permissions and nothing more. Revoke one and the action stops mid-flight, because the system fails closed. And humans and agents pass through the same gate. There is no separate, softer identity track for machines, which is exactly what you want when a machine can act a million times before you finish reading this sentence.
Be clear about what is built and what is coming. The hard primitive, a key an agent can use but never see, exists and runs today. The fuller agent product around it, wallets an agent controls under an owned approval and kill switch, is being built. The foundation is not a roadmap. The cockpit on top of it is.
AI agent identity: quick answers
Is an API key an AI agent identity?
No. An API key is a secret the agent holds, so it proves possession, not identity. Anyone who copies the key becomes the agent, and the log cannot tell them apart.
How do you authenticate an agent without a stored secret?
Reconstruct the key only at the moment of use, inside a sealed sandbox, bound to one transaction, then destroy it, and split the underlying secret across independent machines that each check on-chain rights first. The agent proves it may act without ever holding something stealable.
Do humans and AI agents need different identity systems?
No, and building two is the trap. A human and an agent should pass through the same capability gate: a narrow, revocable, audited permission to do one thing. One model to reason about is safer than a strict track for people and a lenient one for the machines acting on their behalf.
Identity is social architecture. It decides who may act, on whose behalf, and who can prove it later. More on how we think about that in Social Architecture.
The agents are already here, and most of them are carrying a secret they should never have been handed. Building the identity layer that fixes it is the work. Follow Elacity on X to watch it ship.