AI agents are everywhere. Identity is the bottleneck.
Firms are betting big on agentic AI. Some worry the appetite for compute and physical data centers signals a bubble, but the near-term reality is clear: AI agents are moving into customer ops, support, marketing, and back-office workflows. A recent prediction says more than 95 percent of organizations plan to adopt AI agents in the next 12 months.
For management, the constraint isn't ideas or models. It's trust. Static credentials and siloed auth systems can't handle autonomous agents acting across channels, tools, and teams. Identity is shifting from a login step to a real-time trust fabric across every touchpoint.
Twilio + Stytch: building an intelligent identity layer for agentic AI
Twilio has agreed to acquire Stytch to build an intelligent identity layer built for agentic AI. As Twilio puts it, "As customers engage across channels with both humans and AI agents, orchestration, intelligence and verified identity are essential."
The company frames it as a generational shift: "What was once a back-end authentication tool is becoming a core enabler of trust, growth and intelligent engagement. In the age of AI and agentic systems, identity must evolve beyond static credentials into a dynamic, privacy-preserving framework that verifies trust in real time."
Twilio highlights four capabilities leaders should insist on:
- Omnichannel communication: text, voice, email, OTT, and web chat.
- Agent orchestration: connect and coordinate multiple agents safely.
- Customer memory: context that activates the right data at the right moment.
- Identity and fraud controls built for agent ecosystems.
Combined, Twilio and Stytch aim to deliver real-time fraud prevention, rogue agent detection, and a unified identity across all touchpoints for both agents and humans. For more context, see the Twilio blog.
Verification moving into protocols: Nuggets + ElizaOS
Nuggets launched a Verified Identity Plugin for ElizaOS. It's a privacy-preserving, zero-trust verification framework so AI agents and end users can prove who they are, with auditability across agent-to-agent and human-to-agent interactions.
Verified data is recorded to a public registry and is compatible with the Model Context Protocol (MCP). As Nuggets' CCO Seema Khinda Johnson says, "As autonomous AI systems begin to make decisions and transactions on our behalf, trust becomes the cornerstone of responsible AI… every agent, user, and action can be verified and accountable, all while preserving privacy."
Akeyless: identity, access, and insights for autonomous operations
Akeyless added new capabilities under its AI Agent Security suite. The goal: keep identities short-lived, limit privileges, and give security teams better visibility.
- AI Agent Identity Provider: short-lived identities so agents can authenticate to any resource in any environment.
- AI Agent Privileged Access Management: zero trust and least-privilege controls for autonomous tasks.
- AI Insights: natural-language queries, instant reports, and automated risk detection for identity security.
CEO Oded Hareven says we're just "scratching the surface of AI agent adoption," and warns that unaddressed agent risk could become the leading cause of enterprise breaches. The message to leaders: scale agents, but don't expose secrets, and keep agility intact.
What this means for management
AI agents cut cycle time and scale operations, but only if you can verify who or what is acting on your systems in real time. Expect identity and fraud budgets to rise as agents move from pilots to production.
Your architecture needs short-lived credentials, policy-as-code, unified logs, and clear lines between customer data, model context, and agent memory. Treat agent trust like payments: verify first, then transact.
Next 90-day action plan
- Map your current and planned AI agents by function, channels, permissions, and data touched.
- Assign a single owner for "agent trust" spanning security, data, and CX.
- Adopt short-lived identities for agents; remove long-lived tokens and shared secrets.
- Enable multi-channel verification (SMS, email, voice, web chat) tied to a unified profile.
- Define agent memory rules: what data can persist, for how long, and who can query it.
- Add rogue agent detection and real-time fraud signals to your monitoring stack.
- Pilot A2A and human-to-agent verification flows; test MCP compatibility where relevant.
- Set KPIs: verification success rate, false positives, time-to-trust, breach near-misses, and agent-caused incidents.
Questions to press your vendors on
- How do you verify identity across channels for both humans and agents?
- Do you support short-lived, just-in-time credentials and least-privilege by default?
- Can you detect and quarantine rogue agents in real time?
- How is agent memory governed and audited? Can we enforce redaction and expiration?
- Are A2A and human-to-agent verification supported? Any MCP integrations?
- What fraud signals and device intelligence are available out of the box?
- What logs and reports are provided for compliance and incident response?
- SLAs for verification latency and fraud prevention efficacy? Pricing per interaction?
Upskill your team
If your org is scaling agents across customer support, sales, or IT, level up your managers and security leads on identity-first AI operations. Explore role-based training at Complete AI Training.
Your membership also unlocks:
