Your logs show it was you. Your session, credentials, and IP address. You were in a meeting, though. You didn’t touch anything.
So who’s responsible?
You might think I am narrating a hypothetical scene. A fintech PM told me this exact story sometime back. Their AI assistant misinterpreted a cleanup request and wiped a customer’s transaction history. The audit trail was useless, and everything pointed to the user’s account. No way to tell if it was the AI, a bug, or something malicious.
Every auth system we’ve built assumes the person logged in is the person taking action.
Code assistants are merging PRs, and customer service bots are issuing refunds. This is all under your name and using your permissions.
Before we go deeper, here’s what’s been stirring in the world of AI.
Latest in Tech
Salesforce announces Agentforce 360 as enterprise AI competition heats up
This newer version of Agentforce includes new ways to instruct AI agents through text
Now, bringing it back to the question, what happens when half your users aren’t human anymore?
Agents Aren’t Copilots Anymore
A fundamental shift I noticed in the past year is that AI agents moved from being suggestion engines to autonomous operators.
These tools don’t wait for human approval. They’re actors making authenticated, auditable decisions on behalf of users.
Our identity systems were built for a world where 1 user = 1 session = one identity.
That model collapses the moment you have multiple agents operating under a single user’s authority, each with different permissions, timeframes, and intents.
The Identity Bottleneck
Most products I’ve reviewed in the past year use persistent user tokens that get reused by multiple agents. There’s no source of truth for “who” initiated an action, or was it an agent acting on their behalf?
In compliance-heavy industries like fintech and healthcare, audit logs become meaningless. When a transaction happens under a user’s token, but was executed by three different AI agents with conflicting instructions, who’s accountable?
In enterprise SaaS, IT teams can’t revoke access granularly. If you disable a user’s session, you kill all their agents too. If you want to disable just one agent, you can’t; there’s no differentiation.
That’s bound to happen when your infrastructure assumes humans are the only actors.
The Architecture Gap
The tools we’re using, OAuth2, JWT, and traditional permission scopes, weren’t designed for this. They fall apart when 1 user becomes five agents, each needing different access levels.
Quick comparison:
Traditional identity: One user, one session, long tokens, yes/no permissions Agent identity: One user, many agents, short credentials, intent-based access with full lineage
If your product has agents taking actions, you’re going to hit these limits.
When the New Infrastructure Layer Shows Up
Something new is forming to handle this, a layer that treats agents as real entities in your auth system.
This layer does three things:
Defines who can act. Not just which users have access, but which agents, under whose authority, with what autonomy.
Defines scope and duration. Agents get short-lived credentials tied to specific tasks. “Read invoices and send emails for 15 minutes” becomes enforceable, not just a comment in your code.
Makes everything traceable. Every agent action gets logged with full context, who gave it permission and whether that permission is still valid. You can kill one agent’s access without logging the user out.
If agents are handling sensitive data, you need this layer. Otherwise, you’re building on assumptions that don’t match reality anymore.
Some Teams Are Already Ahead
A few companies aren’t waiting for the industry to figure this out.
Scalekit is one I’ve been watching. They’re building identity infrastructure specifically for multi-actor systems, where humans and agents both need auth, but with completely different requirements.
What’s useful about their approach:
Instead of hacking tokens and scripts to make agents fit into human auth systems, you get infrastructure designed for both. You get auditability without the mess.
This infrastructure category exists now because the old way doesn’t work. PMs who understand this early will build better products (many are).
The challenge is finding solutions that deliver on all these fronts without eating up your development resources.
One sign of this shift: Scalekit just announced its General Availability and seed funding round. The company announced its seed funding of $5.5M, co-led by Z47 and TogetherFund, a strong signal that the industry sees Auth for AI apps as the next big infra layer.
If you’re integrating agents, keep these things in check:
Does your product assume all actions come from humans? Look at your auth and permissions. If they don’t distinguish between a user acting directly and an agent acting for them, you’ve got a gap.
Which actions will agents handle soon? It could be fewer than you think today. But project six months out. Which workflows are you automating? Those are where your identity system will break first.
Can your auth handle short-lived, scoped access? Can you issue credentials that expire after one task? If not, you’ll struggle as agents get more autonomous.
Study what already exists. Scalekit’s docs are a good start. Understand what this infrastructure looks like so you can design for it.
The New Interface of Trust
As AI becomes an actor, identity becomes the new interface.
The products that get this layer right will define the next decade of trust.
Agents are already acting autonomously in production systems. The infrastructure we built for human users isn’t sufficient anymore. And the gap between what our systems can handle and what agents need is only going to widen.
P.S. If this topic resonates, Scalekit is worth a try! They’re building the trust layer this future will run on. If you’re already wrestling with agent identity in your product, I’d love to hear about it. Hit reply and let me know what problems you’re running into. I read all the messages!
About last week
Product (Un)Conference 2025:
India’s biggest product event of the year is back 👀
📍 Bengaluru | 🗓️ Nov 15 | 🎟️ Invite-only
The wait’s over, the lineup is officially here, and it’s nothing short of iconic.
On November 15, Bengaluru will host 400+ founders, CXOs, and senior product leaders, the very people building, scaling, and redefining how India innovates.
This isn’t your typical conference. It’s where the top 1% of the product community meets to challenge ideas, spark real conversations, and reimagine what’s next.
We can already feel the energy building for this one.
Early Bird passes close in 4 days, and approvals are moving fast.
The second sprint of VibeSprint by The Product Folks x Emergent is now open, and this time, the theme is completely open-ended. Whether you’re building something fun, functional, or futuristic, now’s your chance to bring it to life.
📍Chennai, Tamil Nadu | 🎟️ Free (Invite-only) | 🗓️ Sat, Oct 25 | ⏰ 10 AM–1 PM Join PMs for a hands-on session with Arushi Ladha on designing agentic enterprise software. Network and sip chai while learning real-world approaches.
So happy to see this article...we have been telling folks that identity is dead, that it is not going to work for the agentic world that is coming. And yet Ping, PAN, Cloudstrike and the rest of the incumbents keep telling their customers that it's all good, and IAM will save the day...because that's where they have built their business.
So happy to see this article...we have been telling folks that identity is dead, that it is not going to work for the agentic world that is coming. And yet Ping, PAN, Cloudstrike and the rest of the incumbents keep telling their customers that it's all good, and IAM will save the day...because that's where they have built their business.