Epoch 5 (2023–): Identity in the Age of AI #

The first four epochs of digital identity share a hidden assumption: behind every credential, there is a human. The user account, the federated login, the social identity, even the decentralized self-sovereign wallet — each was designed for people authenticating, authorizing, or asserting attributes about themselves.

That assumption has broken.

Generative models can produce text, voice, video, and code indistinguishable from human output. Autonomous agents — software that perceives, plans, and acts — increasingly initiate transactions on behalf of humans without those humans being in the loop for any individual action. The number of non-human actors transacting on the internet now grows faster than the number of human users.

Three problems converge.

Workload Identity for Agents #

When an AI agent calls an API, who is calling? The human who deployed the agent? The model that generated the request? The orchestration layer that scheduled the call? Existing identity stacks have no good answer.

Service-to-service identity (mTLS, SPIFFE/SPIRE, workload certificates) was a step in this direction, but agents are not services. They are dynamic, ephemeral, and act with delegated authority that needs to be expressible, scoped, attestable, and revocable.

A new primitive is required: an identity for the agent itself, bound to the human or organization on whose behalf it acts, with policy attached.

Proof of Humanity #

If a website cannot tell whether a request comes from a person or a model, the cost of distinguishing them shifts from the platform to the user. CAPTCHA-as-a-pricing-model has run out of room.

Approaches now under exploration include cryptographic personhood credentials, biometric liveness attestations, government-issued mobile IDs (mDLs, eIDAS 2.0 wallets), and decentralized proof-of-personhood schemes. None has won. All are needed in some form, for different contexts.

Provenance and Impersonation #

Identity is also about content. A voicemail that sounds like a CEO, an email written in a colleague’s exact style, a video of a public figure saying something they never said — these are now cheap to produce and hard to refute.

The defense is content provenance: cryptographic signing of capture devices, attribution chains for AI-generated material (C2PA, watermarking), and verifiable receipts for delegated agent actions.

Why this is one problem, not three #

Workload identity, proof of humanity, and content provenance are usually treated as separate fields. They are not. Each is asking the same question — what entity is this, and on whose authority is it acting? — for a different actor in the same system. Solving one without the others leaves the system broken.

The bet IDv4 is making is that the next decade of digital identity will be defined by integrating these three threads into a single plane: an identity layer for an internet where humans, agents, and AI-generated content all interact, and where each can be told apart with confidence.

Where we are starting #

Of the three, agent identity is the most urgent and the most tractable. Enterprises are deploying agents into production today, with no consistent way to authenticate them, scope what they are allowed to do, or audit what they have done. Without a control plane, regulated industries cannot adopt agentic AI at all.

That is what we are building first.

→ Aegis — IDv4’s runtime control plane for AI agents, live at idv4.ai.

References #

• SPIFFE — Secure Production Identity Framework For Everyone
• Model Context Protocol (MCP)
• C2PA — Coalition for Content Provenance and Authenticity
• W3C Verifiable Credentials Data Model
• eIDAS 2.0 — European Digital Identity Framework
• NIST SP 800-63 — Digital Identity Guidelines