The Identity Problem Hiding in AI Agent Deployments

AI agents deployed in organizations need access to sensitive systems, but current OAuth tokens (standardized digital credentials that verify identity and permissions) cannot properly track both the agent's identity and the user it represents, making it impossible to enforce proper access controls or detect misuse. The problem grows as agents become more autonomous and can act on behalf of multiple users, invoke other agents, and operate without human oversight. OAuth tokens were designed for single-principal scenarios (one actor), but AI agents operate in complex multi-principal situations that the industry has not yet standardized.