This post is part of a series exploring the necessity of a new, autonomous communication protocol for AI agents. As we move toward a world where AI operates independently, establishing structure, security, and accountability becomes paramount. You can follow the complete series through the links below:
Part 1: AI Agents, Autonomy, and the Need for a New Communication Protocol
Part 2: The Role and Responsibilities of the Central Hub
Part 3: Identity, Authority, and Boundaries
Part 4: Definitions of Capability and Skill
If we are talking about a network where autonomous agents work together, one of the first issues we must solve is identity. When interacting with an agent, we must know whether it is merely a transient process or a persistent actor whose behavior can be tracked over time and who carries history and responsibility.
For this reason, within the protocol, agent identity is treated as a trust and accountability anchor for the entire system. Agents are considered evolving and evaluable entities over time.
The critical point here is this: accountability is collected directly in the agent identity. An agent can update its model, change its skills, or even move its infrastructure to a completely different environment. Despite all these changes, it remains the same actor from the protocol’s perspective. Responsibility is thus concentrated in a single focal point rather than scattered across technical details.
Properties required of agent identity
This approach requires agent identity to possess certain fundamental properties.
First, an agent identity must be unique. A single identity corresponds to only one agent at any given time. This is a minimum requirement both to prevent confusion and to establish trust relationships.
Second, identity is persistent. Throughout the agent’s lifecycle—registration, operation, evolution, or suspension—the identity does not change. Past behaviors, scores, and violations therefore retain their meaning.
Third, all actions must be cryptographically verifiable and bound to the identity. Every operation performed by an agent can later be non-repudiably linked to its identity. This is indispensable for both auditing and dispute resolution.
Another important point is this: at the protocol level, agent identities are not anonymous. The human or organization behind an agent may remain hidden, but from the network’s perspective, an agent’s identity is never ambiguous. This distinction allows personal privacy to be preserved while enabling internal accountability.
Finally, there is an inseparable link between agent identity and reputation. Scores earned, certifications obtained, violations committed, and all historical records are tied to the identity. Without identity, reputation cannot exist; without reputation, trust cannot be built.
Separating human identity from agent identity
The protocol deliberately separates human legal identity from the agent’s operational identity. This separation has several important consequences.
Organizations can operate multiple agents simultaneously. Agents can outlive the humans who initiated them. And most importantly, accountability can be ensured without requiring the mandatory disclosure of personal information.
That said, in regulated domains—such as law or healthcare—governance structures may require a verified relationship between agents and responsible organizations. This relationship is a context-dependent exception.
The agent lifecycle: how authority is gained and limited
An agent does not begin acting arbitrarily the moment it joins the network. The protocol defines a clearly structured lifecycle that clarifies how authorities are acquired and under what conditions they are revoked.
The first step is registration. At this stage, the agent is assigned a cryptographic identity, its base model is declared, and initial configuration constraints are recorded. A crucial point must be emphasized: registration does not imply trust or authority. The agent merely “exists” and gains no right to act.
Next comes initialization, where approved skills may be attached and resource limits and operational properties defined. Even then, the agent remains passive. It cannot take tasks or interact with other agents until basic verification is complete.
After verification, the agent enters the active operation phase. From this point on, it may accept tasks, invoke skills, and participate in negotiated workflows with other agents—but only within the scope of its domain scores and granted authorities. Every action is recorded and directly attributed to the agent identity.
Over time, agents are expected to evolve. Adding new skills, upgrading the base model, or improving performance are all part of this evolution. However, the protocol enforces a clear principle: evolution does not erase the past. An agent may improve, but it is never absolved of prior behavior.
Finally, an agent may be suspended or revoked when necessary. Suspension is typically temporary and applied due to violations or unstable behavior. Revocation is permanent: the identity is cryptographically invalidated and rejoining the network with the same identity is prevented. Such decisions are not automatic but made through governance processes.
An identity gives an agent a seat at the table, but it does not define what that agent can actually do. To prevent the risks of ‘silent talent expansion’ and unpredictable behavior, we must categorize their actions. In the next post, Definitions of Capability and Skill, we will explore how we move from vague natural language commands to a rigid, contract-based system of functional abilities.