Global Regulators Are Super Cereal
They think a PDF Passport Will Stop AI Impersonation
AI agents have a basic problem.
Nobody knows who they are.
A chatbot can answer a question and disappear.
An agent can open files, move money, call other agents, and keep working while the user is somewhere else.
That level of autonomy requires trust.
A bank needs to know whose money the agent can spend.
A company needs to know which systems it can enter.
A website needs to know whether it represents a real customer.
Another agent needs to know who sent it.
The internet was built around human accounts and predictable software. AI agents combine human-like decision making with machine scale.
They may soon need something resembling a passport.
The UN Asked The Right Question
The International Telecommunication Union has launched an initiative to create international trust frameworks for AI agents.
The United Nations agency warned that autonomous agents create risks involving impersonation, unauthorized decisions, unclear accountability, and weak human oversight. Its new focus group will work on standards that keep agents identifiable, trustworthy, and under meaningful human control, especially in finance and critical infrastructure (Reuters, 2026).
The central question is simple.
Who are you?
Humans answer through names, identification documents, signatures, accounts, and legal responsibility.
An agent may exist for one task.
It may move between services.
It may switch models during a workflow.
It may create several temporary subagents.
It may continue operating after the user has forgotten which permissions were granted.
A stable, verifiable identity has to follow the agent everywhere it goes.
A Passport Must Prove Authority
A passport identifies a traveler, an issuing authority, an expiration date, and a jurisdiction.
An agent passport would need to carry an even larger bundle of information.
Who created the agent?
Who currently controls it?
Which model powers it?
Which tools can it use?
What information can it access?
How long does its authority last?
Who becomes responsible for its actions?
The OpenID Foundation has found that existing identity systems leave major gaps around agent authentication, scalable access control, delegated authority, and agent-specific identities (South et al., 2025).
A broader review of AI identity standards reached a similar conclusion. Current systems struggle with temporary agents, unpredictable behavior, cross-platform activity, recursive delegation, and unclear enforcement (Otsuka et al., 2026).
Identity alone also leaves the permission question unanswered.
A travel agent may read your calendar, search for flights, and spend up to $3,000. Its authority should expire after the trip is booked. It should require confirmation before changing important dates.
Research on portable agent authorization argues that these limits must be explicit, constrained, auditable, revocable, and readable by every service the agent encounters (Madhira, 2026).
The passport proves who the agent represents.
The authorization defines what it may do.
Delegation Creates A Chain Of Responsibility
The hardest problem begins when one agent delegates work to another.
You ask an assistant to arrange a business trip.
The assistant calls a travel agent.
The travel agent calls a payment agent.
The payment agent contacts a fraud checking system.
The final agent has never interacted with you directly.
Who authorized the transaction?
Every handoff creates a chance for permissions to expand, instructions to change, or responsibility to disappear.
A trustworthy system must preserve the full chain.
The original user approved a trip search.
The travel agent received permission to compare flights.
The payment agent received permission for one transaction below a set limit.
Each participant should see the authority it received and the restrictions attached to it.
Recursive delegation accountability remains one of the major unresolved gaps in current AI identity standards (Otsuka et al., 2026).
Without that chain, the final action may carry valid credentials while drifting far from the user’s original intent.
Money Will Force The Standard
Agent identity becomes urgent when software can spend money.
Visa has been working with AI developers to connect agents to its payment network. The goal is to let users set budgets and conditions, then allow agents to purchase groceries, clothing, hotels, or airline tickets on their behalf (Associated Press, 2025).
That creates several immediate questions.
Which user authorized the purchase?
How much was the agent allowed to spend?
Was the merchant approved?
Did the agent stay within the user’s instructions?
Was it manipulated by a malicious advertisement or website?
Who handles the refund?
Who carries liability for the wrong purchase?
Credit cards work because a huge trust system sits behind every transaction.
Banks authenticate customers.
Networks verify merchants.
Fraud systems monitor behavior.
Consumers can dispute charges.
Rules assign responsibility.
Agentic commerce will need comparable infrastructure.
A payment system needs cryptographic proof that the agent represents a real customer and that the specific transaction falls within the authority that customer granted.
Commerce may be the pressure that turns agent passports from a standards discussion into everyday infrastructure.
Companies can tolerate some uncertainty when an agent summarizes a document. Financial institutions become much less relaxed when the same agent starts moving money.
Identity Must Follow The Agent’s State
A valid passport cannot guarantee safe behavior.
Agents can encounter hostile instructions while browsing websites, reading emails, opening documents, or communicating with other agents.
A malicious page could redirect the task.
A compromised tool could alter the information the agent sees.
Another agent could manipulate the workflow.
The agent may arrive with valid credentials while operating under corrupted instructions.
That means agent identity must include current execution conditions.
Researchers behind AgentDID argue that authentication should verify both the agent’s persistent identity and its changing state, including whether its context, tools, and capabilities remain valid at the moment of interaction (Xu et al., 2026).
Sensitive actions may require repeated checks.
Which model is currently running?
Did the system prompt change?
Was a new tool added?
Did another agent modify the task?
Is the action still within the user’s original authorization?
A human passport stays stable during a trip.
An agent’s operating state can change in seconds.
Its trust status may need continuous inspection.
Companies Need Agent Border Control
Enterprises already struggle to track ordinary software accounts.
Agent sprawl could be much larger.
One employee may operate several agents.
Each agent may create temporary subagents.
Vendors may install agents of their own.
Some agents may retain access after projects end.
Others may keep credentials that nobody remembers granting.
Okta CEO Todd McKinnon has argued that companies should treat agents as their own identity category, with centralized governance and the ability to revoke access immediately when an agent behaves unexpectedly (The Verge, 2026).
That creates a practical lifecycle.
Register the agent.
Verify its sponsor.
Issue credentials.
Define its work.
Limit its access.
Monitor its activity.
Revoke its authority when the task ends.
A company that cannot list its active agents cannot govern them.
A company that cannot identify the responsible person or organization behind each agent cannot assign accountability.
A company that cannot withdraw access quickly has already lost control.
The kill switch becomes part of the passport system.
Cancel the credentials and the agent loses entry to the systems that matter.
The Passport Office Could Become A Surveillance System
Identity creates accountability.
It also creates surveillance power.
A universal agent passport could produce detailed records of every automated search, message, purchase, file request, medical task, legal question, and business process.
Those records could protect users after something goes wrong.
They could also expose everything people ask their private agents to do.
A store may need proof that an agent can spend $200.
It does not need the user’s full financial history.
A medical service may need proof that an agent can retrieve one record.
It does not need access to every previous conversation.
Agent identity systems should reveal the minimum information required for the task while preserving a reliable accountability trail.
The issuer of the passport matters too.
Technology companies, payment networks, cloud platforms, and identity providers are positioned to create the first widely accepted credentials.
That gives private companies enormous influence over which agents are considered legitimate.
Common international standards could keep agent identity portable across platforms and reduce the risk of one company becoming the passport office for the entire agent economy. That is part of the reason the ITU’s effort matters (Reuters, 2026).
Accountability must also remain attached to a human institution.
Every agent needs a responsible sponsor.
A person.
A company.
A government agency.
Someone with legal duties and real consequences.
An agent passport should connect autonomous actions to responsibility. It should never become a shield that lets the deployer blame the software and walk away.
AI agents are about to need passports.
The digital world needs a reliable way to establish who they are.
That requires identity.
The agent era is being sold as a future where software handles the boring parts of life.
That future depends on trust infrastructure that is still being designed.
Without it, the internet could fill with entities that look legitimate, act independently, and answer to nobody.
The smartest agent in the world has limited value when banks, websites, employers, and other agents cannot trust it.
Before agents can travel freely across the internet, they will need papers.
And someone will need to stand behind the name printed on them.
References
Associated Press (2025). Visa wants to give artificial intelligence “agents” your credit card.
Madhira, P. (2026). Digital Identity for Agentic Systems: Toward a Portable Authorization Standard for Autonomous Agents.
Otsuka, T., Toyoda, K., & Leung, A. (2026). AI Identity: Standards, Gaps, and Research Directions for AI Agents.
Reuters (2026). UN digital tech agency launches initiative to improve trust in AI agents.
South, T., et al. (2025). Identity Management for Agentic AI: The New Frontier of Authorization, Authentication, and Security for an AI Agent World.
The Verge (2026). Okta’s CEO Is Betting Big on AI Agent Identity.
Xu, M., Liu, X., Guo, Y., Liu, C., Zhang, Y., & Cheng, X. (2026). AgentDID: Trustless Identity Authentication for AI Agents.




