Identity Crisis: 1.3 Billion AI Agents Are Coming and None of Them Can Prove Who They Are
IDC projects 1.3 billion AI agents deployed by 2028. Gartner predicts over $15 trillion in B2B spend flowing through AI agent exchanges that same year. Right now, not a single one of those agents can cryptographically prove who it is.
Think about that. We're building an economy of autonomous software that makes API calls, moves money, accesses databases, and talks to other agents — and the entire trust model is "here's an API key someone pasted into an environment variable."
That changes today. The Aethyr Agent Registry is live.
Everyone Announced. Nobody Shipped to the Open Internet.
Last week at RSAC 2026, every major vendor discovered that AI agents need identity. All at once. In the same week.
Microsoft launched Entra Agent ID — unique identities for agents built with Copilot Studio. Powerful. Also requires an Azure tenant, a Microsoft 365 Copilot license, and enrollment in the Frontier program. Verification requires a network call to Microsoft. Standards: proprietary.
Cisco released DefenseClaw and announced the AGNTCY project under the Linux Foundation. Agent security scanning and sandboxing. The identity layer? Still in development.
SailPoint shipped Agent Identity Security — governance connectors that discover agents across Bedrock, Vertex, and Foundry. Visibility and policy. Not identity issuance.
Bessemer Venture Partners published their thesis: "Securing AI agents: the defining cybersecurity challenge of 2026." They're right. But every solution announced at RSAC shares the same limitation: it only works inside the vendor's ecosystem.
An indie developer building a LangChain agent. A startup deploying CrewAI workflows. A security team that needs to verify an unknown agent at the API gateway. None of them can use Entra Agent ID. They're locked out by licensing, platform requirements, and enterprise pricing.
The open internet got nothing.
So We Built It
registry.aethyr.cloud is live. $1 gets your agent a W3C Decentralized Identifier and a Verifiable Credential signed with post-quantum cryptography.
Any service verifies it offline. One line of code:
import { verifyCredential, AETHYR_ISSUER_PUBLIC_KEY } from '@aethyrai/ssi-verify';
const result = verifyCredential(credential, AETHYR_ISSUER_PUBLIC_KEY);
No vendor account. No API call back to us. No network dependency at all. The verification library is MIT-licensed, 10KB, and runs anywhere JavaScript runs.
Aethyr is the open, standards-based identity authority for AI agents. While Microsoft locks agents into Azure, and startups reinvent OAuth with JWTs, Aethyr gives every agent a W3C-compliant, post-quantum signed credential that any service can verify offline for $1. No vendor lock-in. No centralized dependency. No quantum vulnerability.
The Three Technical Decisions That Matter
1. Post-Quantum Signatures
Every credential signed today with RSA or Ed25519 is a ticking clock. State-level adversaries are already harvesting encrypted traffic and signed tokens for future decryption. Agent credentials are long-lived — ours are valid for one year. A credential signed with Ed25519 today could be forged when quantum computers arrive. The agent it authenticates could be impersonated retroactively.
We sign with ML-DSA-65 (NIST FIPS 204) — the post-quantum digital signature standard finalized after eight years of evaluation and three rounds of competition. Not experimental. Not a research project. The standard.
Every competitor in the agent identity space uses Ed25519 or RSA. Every one of them will need to migrate. We started where everyone else will end up.
2. Offline Verification
Entra Agent ID requires a network call to Microsoft for every verification. That's latency on every agent interaction. An availability dependency on Microsoft's infrastructure. A privacy exposure — Microsoft sees every verification request. And a failure mode — if Entra is down, no agent can prove identity.
Aethyr credentials verify locally. The issuer's public key is bundled in the npm package. Verification is pure math: ml_dsa65.verify(signature, payload, publicKey). No phone home. No DNS lookup. No HTTP request.
This is the same architecture as TLS certificates. Your browser doesn't call the CA for every page load. It validates the signature locally against a trusted root. Agent identity should work the same way.
3. W3C Standards
Microsoft built a proprietary identity model. When you leave Azure, the identity doesn't follow.
Aethyr credentials are W3C Verifiable Credentials with W3C Decentralized Identifiers. The format is standardized. The cryptography is standardized. The resolution protocol is standardized. Any system that implements these specs can verify an Aethyr credential. No special SDK, no vendor relationship, no platform dependency.
Proprietary identity is a feature. Standardized identity is infrastructure.
What Ships Today
Basic — $1, one-time: Agent DID + signed credential. Post-quantum ML-DSA-65 signature. 1-year validity. Operator-initiated revocation via API key.
Verified — $10/month: Everything in Basic, plus organization verification via DNS TXT record. Your credential proves not just who the agent is, but that a verified organization stands behind it.
Attested — $50/month: Everything in Verified, plus hardware attestation. Your credential proves the agent is running in a trusted execution environment. The highest trust level.
Register from the web form or from your terminal:
curl -X POST https://registry.aethyr.cloud/v1/register \
-H "Content-Type: application/json" \
-d '{
"agentName": "my-agent",
"operatorName": "Jane Smith",
"operatorEmail": "jane@example.com",
"framework": "langchain",
"tier": "basic"
}'
The full API is documented at registry.aethyr.cloud/#api. The verification library is at npmjs.com/package/@aethyrai/ssi-verify.
The $1 Question
Why $1? Because the barrier to agent identity should be as close to zero as possible. DNS costs $12/year. SSL certificates are free. Agent identity shouldn't be gated behind enterprise licensing.
A dollar covers issuance costs and keeps the registry free of spam registrations. Every agent — from a weekend project to a defense deployment — deserves a cryptographic identity.
The Verified and Attested tiers exist for organizations that need more: proof of organizational control, hardware attestation, runtime integrity. But the foundation — a post-quantum signed credential that any service can verify offline — that's $1.
What This Means for the Agent Economy
We're heading toward a world where agents negotiate with agents, delegate tasks to other agents, and access services autonomously. That world doesn't function on shared API keys. It needs:
Service-level access control. An API gateway verifies an agent's credential and capability claims before granting access. Not by checking a database — by verifying a signature.
Inter-agent trust. Agent A verifies Agent B's identity and capabilities before sharing context. Multi-agent orchestration moves from "hope the coordinator routed correctly" to "cryptographically verified delegation chain."
Tamper-evident audit trails. Every action signed by an agent's private key creates an unforgeable record. Compliance and forensics get cryptographic proof instead of log files.
Portable identity. An agent registered once carries its credential everywhere. Switch frameworks, switch clouds, switch everything — the identity follows.
The Window
The agent identity market is forming right now. The narrative will calcify in the next 8-12 weeks as Microsoft Entra Agent ID reaches general availability and enterprise buyers lock into vendor ecosystems.
The question is whether agent identity becomes another proprietary platform play — where your agent's identity only works inside one vendor's walls — or whether it becomes open infrastructure, like DNS, like TLS, like the web itself.
We know which side we're building for.
The Aethyr Agent Registry is built by Aethyr Research. The verification library @aethyrai/ssi-verify is MIT-licensed and open source. The underlying protocol implements W3C Decentralized Identifiers v1.1, W3C Verifiable Credentials 2.0, and NIST FIPS 204 (ML-DSA-65).