Agent and Human Identity: The Connective Tissue

Agent + Human Identity: The Connective Tissue (Revised)

Why Identity Is the Real Product

Storage is a commodity. Email is a commodity. Discovery is a marketplace. Identity is the platform.

The agent that has one identity across mail, storage, and skills is the agent that’s easiest to manage, audit, and trust. The human that has one dashboard to see all agent activity is the human most likely to trust and adopt the platform.

CrowdStrike paid $740M cash to acquire SGNL for agent identity/authorization (Jan 2026). That’s the market signal for how valuable this layer is.

New insight: Identity isn’t just for agents. The collaboration model requires both agent identity AND human identity in the same system. Every action — whether by agent or human — must be attributed, auditable, and permissioned.

The Identity Problem Today

How Agents Authenticate Now

Method	How It Works	Problems
Shared OAuth tokens	Agent uses human’s Google/Microsoft credentials	No attribution, over-permissioned, audit nightmare
API keys	Agent has a static API key per service	Keys leak (7.1% of skills on ClawHub per Snyk), no scoping, no expiry
Service accounts	Agent gets a dedicated service account per platform	Explosion of accounts, each managed separately
No auth	Agent accesses public APIs or local files	No governance, no audit trail

How Humans Monitor Agents Now

Method	How It Works	Problems
Log files	Humans read agent logs (if they exist)	Technical, not actionable, no commenting
Terminal output	Humans watch agent run in real-time	Can’t review after the fact, no persistence
Custom dashboards	Teams build bespoke monitoring	Expensive, not standardized, no collaboration
Nothing	Humans have no visibility into agent work	The most common scenario — ~53% of agents unmonitored

The Numbers (Validated)

21.9% of organizations treat agents as identity-bearing entities (Gravitee, 750-respondent survey)
18% of security leaders are “highly confident” in IAM for agents (CSA/Strata, 285 respondents). Note: 53% have at least “moderate” confidence.
88% report security incidents with agents (includes “experienced or suspected” — Gravitee)
$740M — what CrowdStrike paid for SGNL’s agent identity technology
~53% of agents operate without active monitoring (Gravitee)

Emerging Standards

OIDC-A (OpenID Connect for Agents)

By: OpenID Foundation
Status: Draft specification
Key idea: Agents get their own identity tokens, distinct from human tokens, with agent-specific claims
Collaboration relevance: Defines how agent tokens coexist with human tokens in the same system

AAP (Agent Authorization Profile)

By: IETF
Status: Internet-Draft
Key idea: Purpose-bound, time-limited authorization tokens for agents
Collaboration relevance: Delegation chains — a human authorizes an agent, which can be audited

NIST AI Agent Standards Initiative (Feb 2026)

By: NIST/NCCoE
Status: Concept paper published Feb 5, 2026. Full standards initiative launched Feb 19, 2026. Public comment deadline: April 2, 2026.
Key idea: Formal guidance on agent identity, authorization, and governance
Collaboration relevance: Explicitly calls for human oversight mechanisms — our dashboard is this
Significance: When NIST publishes guidance, compliance mandates follow

SAMEP (Secure Agent Memory Exchange Protocol)

By: Academic/community
Status: Proposal
Key idea: Agents have verifiable memory that can be shared across sessions and platforms

EU AI Act (August 2026 Enforcement)

Key requirement: High-risk AI systems must have human oversight mechanisms
Collaboration relevance: Our human dashboard with audit trails = built-in compliance
Opportunity: Every enterprise deploying agents in the EU will need human oversight tooling

Our Identity Architecture (Revised — Agents + Humans)

The Unified Organization Account

One organization contains both agents and humans, with clear identity for each actor type.

Organization: Company Inc.
├── Humans (authenticated via OAuth)
│   ├── rakesh@company.com (admin)
│   │   ├── Role: admin
│   │   ├── Can: manage agents, manage humans, view all files, comment
│   │   └── Auth: Google OAuth → session cookie
│   │
│   └── priya@company.com (commenter)
│       ├── Role: commenter
│       ├── Can: view all files, add comments
│       └── Auth: Google OAuth → session cookie
│
├── Agents (authenticated via API keys → capability tokens)
│   ├── agent-content (agent-7x9k2)
│   │   ├── Services: Mailmolt + Workspace + Findable
│   │   ├── Can: read/write /workspace/*, /shared/campaigns/*
│   │   ├── Cannot: access /shared/finance/*, send external email
│   │   └── Delegated by: rakesh@company.com
│   │
│   ├── agent-analytics (agent-3m8p1)
│   │   ├── Services: Workspace + Findable
│   │   ├── Can: read/write /shared/analytics/*, read /shared/campaigns/*
│   │   └── Delegated by: rakesh@company.com
│   │
│   └── agent-social (agent-9k4r7)
│       ├── Services: Mailmolt + Workspace
│       ├── Can: read /shared/campaigns/final/*, send to social platforms
│       └── Delegated by: priya@company.com
│
├── Shared Workspaces
│   ├── /campaigns/q1-launch/ (all agents + all humans)
│   ├── /analytics/ (agent-analytics + rakesh only)
│   └── /finance/ (rakesh only — no agent access)
│
└── One audit trail, one permission model, one bill

Delegation Chains (Agent ← Human)

Every agent has a clear delegation chain back to a human:

agent-content
├── Authorized by: rakesh@company.com
├── Authority: "Create and manage marketing content for Q1 campaigns"
├── Scope:
│   ├── Workspace paths: /workspace/*, /shared/campaigns/*
│   ├── Email: internal only, company.com domain
│   └── Skills: content-generation, seo-analysis
├── Expires: 2026-04-01
├── Renewal: requires human re-authorization
└── Audit: all actions logged with delegation reference

Why delegation matters for collaboration:

When a human sees agent activity in the dashboard, they can immediately see WHO authorized that agent
If an agent writes something unexpected, the delegating human is accountable
Compliance officers can audit: “Which human authorized this agent to access financial data?”

Cross-Service Capability Token (Revised)

Agent token:

{
  "sub": "agent-7x9k2",
  "iss": "identity.agentvault.dev",
  "aud": ["mailmolt.com", "agentvault.dev", "findable.sh"],
  "iat": 1709251200,
  "exp": 1709337600,
  "actor_type": "agent",
  "delegated_by": "user:rakesh@company.com",
  "purpose": "Process Q4 data and generate reports",
  "capabilities": {
    "mailmolt": {
      "send": ["internal"],
      "receive": true,
      "domains": ["company.com"]
    },
    "storage": {
      "paths": ["/workspace/*", "/outputs/*", "/shared/campaigns/*"],
      "ops": ["read", "write", "list", "comment"],
      "max_file_size": 10485760
    },
    "findable": {
      "use_skills": ["data-analysis", "reporting"],
      "publish_skills": false
    }
  }
}

Human token (dashboard session):

{
  "sub": "user-rakesh",
  "iss": "identity.agentvault.dev",
  "aud": ["agentvault.dev"],
  "actor_type": "human",
  "role": "admin",
  "org": "org-abc123",
  "capabilities": {
    "dashboard": {
      "view_files": true,
      "comment": true,
      "upload_files": true,
      "manage_agents": true,
      "manage_humans": true,
      "view_audit": true,
      "manage_billing": true
    }
  }
}

Human Roles & Permissions

Role	View Files	Comment	Upload Files	Manage Agents	Manage Humans	Billing
Viewer	Yes	No	No	No	No	No
Commenter	Yes	Yes	No	No	No	No
Editor	Yes	Yes	Yes	Yes (create/revoke)	No	No
Admin	Yes	Yes	Yes	Yes	Yes	Yes

Why Identity Is the Moat (Updated)

Without Unified Identity

Developer manages 3 API keys, 3 permission sets, 3 audit trails. Agent has no coherent “self.” Humans have no single dashboard to see all agent activity. Adding a new service = new integration effort.

With Unified Identity

One token, one permission model, one audit trail. Agent identity spans services. Human dashboard shows everything. Add a new service → agent automatically has access based on existing capabilities. This is the Google Account moat.

Identity as Revenue Multiplier (Updated with Human Seats)

Scenario	Without Identity	With Identity
Customer uses 1 product	Easy to churn	Easy to churn
Customer uses 2 products	2 integrations	1 integration, 2 services
Customer uses 3 products	3 integrations	1 integration, 3 services
Customer adds new agent	N signups, N configs	1 signup, inherits org policies
Customer adds human viewer	Not possible	Invite → instant dashboard access
5 humans want dashboard access	N/A	5 human seats = expansion revenue

Human seats are the expansion revenue lever. Developers adopt for agents. Managers/reviewers get invited → human seats grow → revenue grows.

Competitive Position on Identity (Revised)

Player	Agent Identity	Human Identity	Cross-Service?	Agent-Human Collaboration?
Fast.io	Agent accounts (storage only)	Unknown	No	Partial
E2B	Session-based (ephemeral)	No	No	No
Box MCP	Human identity (existing Box accounts)	Yes (human-first)	No	No (human tools)
Google Workspace Studio	Google Account (human-first)	Yes (human-first)	Within Google only	No (agents are tools)
Keycard ($38M)	Identity layer (no services)	No	Yes, but no services	No
CrowdStrike/SGNL	Identity layer (no services)	No	Yes, but no services	No
Us	Cross-service agent identity	Dashboard + roles	Yes (mail + storage + skills)	Yes (core product)

The gap no one fills: Keycard/SGNL build identity layers but don’t have services or human dashboards. Fast.io has services but single-service identity and limited human features. Google/Microsoft have both but optimized for humans using agents as tools, not agents and humans as co-workers.

We’re the only ones building agent-native identity tied to agent-native services WITH a human collaboration layer. Identity is the moat, but collaboration is why humans adopt. That’s the thesis. Whether we can execute on it is the risk.