Vendors race to build identity stack for Agentic AI

Individuals and businesses are turning to autonomous AI agents. Driven by machine-learning models, giving them the semblance of artificial intelligence, the agents are steadily getting more powerful. It was a big theme of the RSA Conference 2026, with a keynote on the topic.

These AI agents are creating a new class of identity challenges that enterprises are not prepared for. The agents can write code, move money, approve transactions and interact with customers. They do all of this at machine speed.

They also do it without the natural friction that comes from a human logging in, reviewing a task or making a conscious decision. The result is a growing gap between what organizations think they control and what their AI systems are actually doing, identity firms are warning.

Traditional identity frameworks were built for people. They assume a human is present, making a choice, and taking responsibility for the outcome. They were never designed to track autonomous systems that can spawn new processes, chain actions together or escalate privileges on their own.

This gap is becoming more visible as enterprises scale their use of agentic AI. Security teams often cannot see how many agents exist, what they can access or who approved their creation.

Compliance teams struggle to determine who is accountable when an agent makes a mistake. Risk teams warn that machine‑speed workflows can amplify small errors into major incidents.

These pressures are now driving a wave of new identity solutions built specifically for AI agents.

Vendors are racing to provide visibility, governance and real‑time control so organizations can deploy autonomous systems without losing oversight. Ping Identity, Wink, Vouched, Saviyint and Dock Labs are some of the companies developing a variety of solutions.

Ping Identity launches framework to govern autonomous agents

Ping Identity has announced the general availability of Identity for AI. Identity for AI is a new framework designed to manage and control the behaviour of AI agents operating inside large organizations.

The company says the rise of autonomous agents requires a shift from traditional identity management to real‑time enforcement of what those agents are allowed to do.

“Identity is foundational,” says Andre Durand, Ping Identity’s CEO and founder. “Agents acting autonomously at agentic scale and speed against systems of record will require continuous verification and enforcement at every decision.”

The new offering includes three core components: Agent IAM Core, Agent Gateway and Agent Detection. Together, they establish agent identities, enforce delegated authority at runtime and monitor agent activity.

Ping argues that conventional identity systems were built for login and access, not for autonomous systems making continuous decisions. As AI agents begin executing tasks independently, organizations must be able to detect when agents are active and enforce permissions moment by moment.

That requires explicit delegation rather than extending human credentials to AI systems. Under the model, humans remain accountable, and agents operate only within tightly scoped, continuously authorized boundaries. Several partners echoed the need for stronger controls.

“AI agents should be treated like first-class digital identities: authenticate them, authorize what they can do, and audit what they touch to close governance gaps across the identity lifecycle,” said Chad Veldhuizen of Deloitte & Touche LLP. Kyle Krum of Cloudflare added that organizations need “a holistic view of agent activity and strong guardrails to enforce least privilege and protect sensitive data, [which is] critical in the AI era.”

Ping’s new system allows enterprises to treat AI agents as their own identity class and issue delegated tokens instead of shared credentials. At the moment of action, least-privilege access is enforced and external AI agents are detected via behavioural and bot‑authentication signals. The Agent Gateway also supports secure integrations using the Model Context Protocol (MCP).

By shifting identity enforcement into runtime, Ping says organizations can deploy AI agents safely while maintaining strict boundaries around what those agents can do. The company plans further enhancements to expand governance and visibility as enterprises scale up their use of autonomous systems.

Identity for AI will be available globally by March 31. A webinar on the new model is scheduled for April 7.

Wink, Vouched bring biometric human consent to AI‑driven transactions

Wink and Vouched have announced a strategic integration that embeds Wink’s proof‑of‑personhood technology directly into Vouched’s digital identity and Know Your Agent (KYA) workflow.

The companies say the partnership creates a verifiable, biometrically-anchored chain of human consent for agent transactions, tackling risks in agentic commerce. Under the new integration, when a user creates or activates an AI agent inside Vouched’s workflow, Wink’s multimodal biometric system verifies both identity and intent. Wink’s system includes face, palm and voice biometrics with real‑time liveness detection.

Wink then retrieves the user’s bound credentials and inserts them into the agent’s authorization context. These can include government‑verified identity, loyalty accounts, membership status or payment tokens scoped to a specific merchant and transaction amount.

The companies say this ensures an AI agent receives only the authority its human owner intended. Every authorization event is logged with biometric, behavioral and intent signals, creating a tamper‑evident audit trail designed to satisfy compliance teams and regulators as multi‑agent architectures scale.

A key feature of the integration is scoped payment authorization. Instead of giving an AI agent broad access to a payment method, users can authorize a parameterized payment token at the moment of agent creation. This limits the agent’s authority by merchant, amount and use case.

The integration is available now for enterprise customers and development partners. Merchants and platforms interested in deploying human‑authorized agentic commerce can request demonstrations from either company.

Saviynt rolls out identity security platform for AI agents

Saviynt has launched a new identity‑security solution designed to give enterprises full visibility and control over autonomous AI agents.

Saviynt Identity Security for AI adds continuous monitoring, lifecycle governance and real‑time authorization for AI agents alongside human and traditional non‑human identities.

Saviynt’s platform discovers, registers and monitors agents across major ecosystems including Amazon Bedrock, Microsoft Copilot Studio, Google Vertex AI, ServiceNow AI and Salesforce Agentforce.

The system embeds governance across three pillars: posture management to detect shadow AI and over‑privileged access; lifecycle management to ensure every agent has a responsible owner; and a real‑time Agent Access Gateway that evaluates and blocks unauthorized activity.

Saviynt developed the platform in partnership with design customers including Hertz, The Auto Club Group and UKG. CEO Sachin Nayyar called the release the company’s “most significant,” adding that Saviynt now offers real‑time access enforcement, privilege management and fine‑grained entitlements in a single AI‑speed control plane.

The platform supports pro‑code, low‑code and no‑code teams, and integrates external risk signals from partners such as CrowdStrike, Zscaler, Wiz and Cyera. Saviynt says this gives security teams a unified view of AI‑related risk as autonomous agents move deeper into core business operations.

Dock Labs launches MCP Server for credential‑powered agents

Dock Labs used a recent webinar to lay out its roadmap for agentic identity, a model that brings verifiable credentials into the emerging world of AI agents.

The session coincided with the release of the company’s new Model Context Protocol (MCP) server, which allows organizations to issue and verify credentials, manage decentralized identifiers (DIDs) and generate presentation requests directly through LLM‑powered agents.

The MCP server is designed to give enterprises tighter control over what AI agents can access and authorize, while enabling those agents to handle credential storage and credential presentation natively. Dock Labs says this is a critical step toward making autonomous agents safe for real‑world workflows.

During the webinar, the company highlighted two open protocols it is developing to support agent‑to‑agent trust and commerce. The Agent‑to‑Agent (A2A) protocol defines how agents discover each other, communicate and collaborate. The Agentic Payment Protocol (AP2) focuses on transactions, creating a verifiable way for agents to represent a user’s intent to purchase or act.

Dock Labs argues that today’s AI agents lack a standard method to signal their involvement in a transaction, prove that a human authorized the action or limit what an agent is allowed to spend. AP2 aims to solve this by using Verifiable Credentials as a mandate layer.

These credentials act as cryptographically signed, tamper‑evident records of exactly what a user has approved an agent to do. Three credential types cover the full transaction lifecycle, and the protocol is built on open standards including W3C Verifiable Credentials, OID4VC and DIF Presentation Exchange.

By combining the MCP server with A2A and AP2, Dock Labs is positioning itself as an early infrastructure provider for agentic commerce. The company says its goal is to ensure that AI agents can operate autonomously while remaining anchored to provable human intent and auditable authorization.

Related Posts

February 5, 2026

August 4, 2025

November 14, 2025

February 5, 2026

January 15, 2026

January 8, 2026

Article Topics

agentic commerce  |  AI agents  |  biometric authentication  |  biometrics  |  digital identity  |  Dock  |  identity access management (IAM)  |  identity security  |  Ping Identity  |  Vouched  |  Wink

Latest Biometrics News

 

Mar 29, 2026, 5:13 pm EDT

By Henry Patishman, Executive Vice President Identity Verification Solutions, Regula Apple has introduced age checks for iCloud users in the…

 

Mar 28, 2026, 9:29 am EDT

The tremendous commercial opportunity for biometrics is shown in a major provider merger and growing demand from airports to the…

 

Mar 27, 2026, 2:49 pm EDT

In developing and defining generative AI, humankind has implicitly positioned itself against the emerging Other. For all the dreaming, computers…

 

Mar 27, 2026, 2:31 pm EDT

Education is a lifelong process, and emerging technology applications like biometrics payments are often challenging for older people to understand….

 

Mar 27, 2026, 12:07 pm EDT

After more than a decade, the International Civil Aviation Organization ICAO has launched an updated version of its e-passport verification…

 

Mar 27, 2026, 12:00 pm EDT

The European Parliament has voted in favor of delaying certain rules of the EU AI Act related to high-risk AI…