Agentic AI working groups ask what happens when we ‘give identity the power to act’

The pitch behind agentic AI is that large language models and algorithms can be harnessed to deploy bots on behalf of humans. That might mean executing a line of code, or it might mean booking a flight. What exactly it means to build “an internet that acts on our behalf,” however, is still in flux, as new intersections between agents, identity and infrastructure reshape fundamental concepts.

It’s going to take some thinking to work it all out. The first Agentic Internet Workshop (AIW1), held in October, set out to do just that. The event brought participants from 10 countries together for a session of what the blog Technometria describes as “rich conversations around the tools, architectures, and governance needed for the agentic internet.”

Author (and event participant) Phil Windley says that the U.S., Canada, Germany, Japan and Switzerland were “most represented” in the discussion on “what happens when we give identity the power to act.” That encompasses everything from the infrastructure of agentic browsers to legal frameworks to the outer limits of ethics, autonomy and “technical realism.”

“Throughout the day, a recurring theme was trust,” Windley says – “how it’s built, signaled, enforced, and sometimes broken in a world of interoperating agents.”

Joining the AIW1 team in their pursuit of answers on AI agents is the Trusted AI Agents Working Group at the Decentralized Identity Foundation (DIF). A statement on DIF’s website says the working group focuses on “defining an opinionated, interoperable stack to enable trustworthy, privacy-preserving and secure AI agents. These agents act on behalf of users or systems and require robust mechanisms for identity, authority, and governance.”

Trustfull integrates risk-scoring API into Dotfile agentic platform

Trustfull has announced a strategic partnership with Dotfile, an end-to-end business verification platform with AI agents for risk and compliance, to strengthen fraud prevention controls during customer onboarding for fintechs.

A release says the native integration of Trustfull’s risk-scoring API into Dotfile’s business verification platform will enable clients to detect synthetic identities and other suspicious accounts in real time. Trustfull’s suite of AI agents analyzes hundreds of open source intelligence signals from users’ phone numbers, emails, IP addresses and web domains, strengthening KYC, KYB, and AML workflows. It brings risk scoring, fraud prevention, ID verification, UBO mapping, AML screening and onboarding workflows into one environment.

The unified service is tailored for organizations onboarding customers digitally at scale, such as banks, online marketplaces, payment providers and crypto platforms.

“As the lines between AML compliance and fraud prevention continue to blur, financial institutions are increasingly looking for integrated solutions to help them stay ahead of risk without compromising user experience,” says Vasco Alexandre, CEO of Dotfile. “In Trustfull, we’ve found the ideal partner to meet that need. Our teams share a clear vision for secure, seamless onboarding and a deep commitment to customer-centricity, making our collaboration a success from day one.”

Marko Maras, CEO of Trustfull, says “getting onboarding right is non-negotiable for today’s digital companies. By integrating Trustfull’s risk scoring solution within Dotfile’s market-leading platform, we’re giving fintechs a single, integrated way to detect and stop synthetic identities and high-risk users at the first touchpoint with the customer, preventing fraud while protecting signup conversion in one single step.”

Keyfactor gives a robust identity to every agent

Keyfactor has announced a new capability that applies its PKI and certificate lifecycle management (CLM) product to secure agentic AI systems. Each agent is issued a unique X.509 certificate, which binds an identity to a public key using a digital signature, creating what a company blog calls “a verifiable, non-repudiable identity that cannot be forged or accidentally shared.”

“Unlike traditional software, agentic AI can act autonomously across critical systems, APIs, and cloud resources. Without strong identity controls, these agents risk becoming the weakest link in enterprise security. Even very short-lived agents launched to perform a single action deserve a unique, robust identity. By leveraging X.509 certificates, Keyfactor ensures every AI agent and every system it connects to is issued a verifiable, cryptographically backed identity, enabling enterprises to deploy AI confidently and securely.”

Ellen Boehm, SVP of IoT and AI identity innovation at Keyfactor, says that “with Keyfactor’s PKI foundation, AI agents gain the same strong, auditable identity as humans and devices, enabling enterprises to embrace AI safely and in line with Zero Trust principles.”

Keyfactor has a newly published whitepaper, Securing Agentic AI with Zero Trust, that provides practical implementation strategies for classifying AI agents, enforcing certificate-based access controls, automating enrollment, and scaling securely with Keyfactor PKI solutions.

Identity gives bad actors keys to live off the land: Rubrik Zero

A new survey from Rubrik Zero Labs and Wakefield Research declares that, in the age of agentic AI, “identity is no longer merely a control layer.” Rather, “it has become the primary attack surface, which threat actors weaponize to gain access to IT environments and ‘live off of the land’ over the course of an attack.”

Ninety percent of respondents to the survey agree that “identity-based attacks represent the single largest threat to their organizations.” And 58 percent believe agentic AI will drive half or more of the cyberattacks they expect to face in the coming year.

“Compromising identity grants attackers the ‘keys to the kingdom,’ allowing threat actors to live off of the land, abusing legitimate tools to conduct surveillance and exfiltrate data,” says the report. “It’s easy to see why a focus on identity has surged in popularity when evaluating the damage that can accomplished
with a single successful compromise.”

Article Topics

Agentic Internet Workshop  |  AI agents  |  Decentralized Identity Foundation (DIF)  |  digital identity  |  identity access management (IAM)  |  Internet Identity Workshop  |  Keyfactor  |  Rubrik  |  Trustfull