The OpenID Foundation has today released a critical new whitepaper addressing one of the most pressing challenges facing organizations deploying AI agents - how to securely authenticate and authorize these autonomous systems while maintaining proper governance and accountability.

Identity Management for Agentic AI: The new frontier of authorization, authentication, and security for an AI agent world has been researched and compiled by the OpenID Foundation’s Artificial Intelligence Identity Management Community Group – a team of global experts collaborating to address rising identity management challenges in AI systems.

Why this whitepaper matters

The whitepaper reveals a number of significant challenges that have immediate implications for three key audiences. 

• Developers and architects building AI agent systems need to understand how to leverage existing standards while preparing for emerging models of delegated authority and agent-native identity. The research provides them with both immediate best practices and a roadmap for future-proofing their systems.
• Standards organizations must accelerate the development of protocols that formalize new concepts around agent identity and delegation, ensuring future systems are built on interoperable foundations rather than fragmented proprietary solutions. This research highlights the specific areas where new standards are most urgently needed.
• Enterprises need to begin treating agents as first-class citizens within their identity and access management infrastructure, establishing proper lifecycle management, governance policies, and accountability measures. The research provides a framework for making these organizational changes before they become critical.

These key audiences must act now to prepare for the future of AI agent deployment. The whitepaper provides vital resources for these audiences to enable them to secure AI agents as they are today, while offering a strategic agenda to help them address the foundational authentication, authorization, and identity problems that will come as these autonomous systems become more widespread.

Existing frameworks can only handle today's simple agents

The good news is that current authentication and authorization standards are already capable of securing many of today's AI agent use cases. When agents operate within well-defined boundaries, such as an enterprise assistant accessing internal tools or a consumer agent managing personal services, the established infrastructure works effectively.

Modern authentication frameworks provide a solid foundation for scenarios where agents work within a single organization's systems or help individual users access their own data. These protocols, which have been battle-tested across billions of authentication flows, offer robust security when agents operate in straightforward, predictable environments with synchronous operations.

The Model Context Protocol (MCP) has emerged as the leading standard for connecting AI models to external data sources and tools. Its growing adoption demonstrates the industry's recognition that agents need specialized frameworks for interacting with resources. For organizations implementing agents today, the research recommends a "separation of concerns" approach: use specialized authentication servers to handle security decisions rather than building custom security into each system.

Enterprise infrastructure is already agent-ready - to a point. Existing Single Sign-On (SSO) systems and user management tools can support today's AI agents while providing IT administrators with centralized control over agent permissions. This allows organizations to leverage their current identity infrastructure without starting from scratch.

However, this seemingly solid foundation reveals significant cracks when agents begin operating with greater autonomy. The current approaches work well only because today's agents remain relatively simple, operating within single trust domains, following predictable patterns, and requiring frequent human oversight. As AI systems evolve toward true autonomy, these same frameworks will struggle to address fundamentally new challenges.

The autonomy inflection point is approaching faster than many realize. While a single agent calling a handful of internal APIs poses manageable security challenges, the vision of highly autonomous agents - spawning sub-agents, operating across organizational boundaries, and making thousands of decisions daily - requires a fundamental rethinking of identity and authorization. The frameworks that secure today's agents weren't designed for recursive delegation chains, cross-domain trust propagation, or the scale of authorization decisions that autonomous systems will demand.

This creates an urgent imperative: organizations must secure their current agent implementations using existing best practices while simultaneously preparing for the more complex authorization challenges that increased autonomy will bring. The window for establishing robust, interoperable standards is now, before proprietary solutions fragment the ecosystem and create security gaps that will be far more costly to address later.

Next steps for the industry

How organizations manage trust, authority, and accountability in digital systems must evolve. This means moving beyond basic login systems to more sophisticated identity and permission models that can handle complex networks of connected agents. While current frameworks provide a secure baseline for today's agents, the gaps identified in the OpenID Foundation’s new whitepaper must be proactively addressed in order to ensure a foundation for secure, responsible AI agent deployment at scale. 

The full research paper can be found here.

Contribute to the discussion 

The OpenID Foundation welcomes feedback and input from the broader community on this whitepaper. Readers can share their perspectives either through:

• The community group repository 
• This Google Form

All feedback will be reviewed by the Artificial Intelligence Identity Management Community Group and discussed during their weekly calls. These calls are open to anyone interested in participating. For meeting schedules and details on how to join, visit https://openid.net/calendar/.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.