eidos agi

Agent Identity

The security layer the governance stack depends on.

In Development

Agents need persistent identity so governance, memory, and trust can accumulate. Without identity, every session starts from zero.

The problem

Most AI agents operate under borrowed identity. They use the developer's API key, the team's service account, the company's OAuth token. When the agent acts, the system sees the human. When something goes wrong, the audit trail points to a person who wasn't there.

That worked when agents were copilots. It doesn't work when agents deploy code, send emails, and modify databases on their own.

Human PRINCIPAL Agent USES HUMAN'S KEY System SEES HUMAN Who actually did this?

The insight

Unix solved this 54 years ago. Every process runs as a user. The user has permissions. When something breaks, you check which user did it. AI agents need the same thing: their own accounts, their own credentials, their own audit trails.

What we're building

AID — Agent Identity Document — is a signed credential that establishes who an agent is, what it's authorized to do, and who delegated that authority. The human authorizes. The agent executes. The system knows the difference.

Human AUTHORIZES AID Token SIGNED SCOPE Agent EXECUTES System VERIFIES signs carries presents verifies

Hancock is the authorization layer that implements it: scoped capabilities, step-up authentication when an agent exceeds its boundaries, and instant revocation without touching the human's credentials.

AID is designed and documented. Hancock is in early implementation. This page describes the architecture — neither is shipped yet. The governance trilogy is shipped today; identity is the next layer we're building.

Related
EidosThe TrilogyContractsMemory