Skip to main content

Why AI agents need passports

· 2 min read
Yaroslav Popov
Software builder writing about AI agents and trust infrastructure

AI agents need a way to prove what they are, who they represent, and which actions they are allowed to perform. User accounts and API keys are not enough once agents start acting across multiple tools, websites, local machines, and organizations.

Definition

An agent passport is a portable identity and trust document for an AI agent. It binds together an agent identity, a human or organizational principal, allowed capabilities, signed intents, claims, expiry, and revocation data.

The problem

Most systems today can identify a human account or a service credential. They usually cannot answer:

  • Which agent is acting?
  • Was this specific action approved by the user?
  • What capabilities were delegated?
  • Which claims about the agent are signed by someone trustworthy?
  • How can access be revoked across systems?

A practical model

A useful agent passport should be boring and implementation-friendly:

  1. stable agent identifier;
  2. owner/principal identifier;
  3. scoped capabilities;
  4. signed intents for high-risk actions;
  5. short expiry windows;
  6. revocation endpoint or registry;
  7. audit references.

Why signed intents matter

A signed intent turns “the agent said the user wanted this” into a verifiable statement:

{
"subject": "user:yaroslav",
"agent": "agent:writing-assistant",
"action": "publish_article",
"scope": ["domain:blog.popov.app"],
"expires_at": "2026-07-31T23:59:59Z"
}

The receiving system can verify the signature, scope, expiry, and revocation state before accepting the action.

Open questions

  • Should agent passports be closer to DIDs, OAuth clients, certificates, or package manifests?
  • How should claims be distributed and revoked?
  • Which actions require explicit signed intents instead of ambient capability grants?
  • How can this work for local-first agents without a centralized identity provider?