Your Agent Has No Identity * Digital Passport

Eighty percent of organizations deploying autonomous AI agents cannot tell you what those agents are doing or who is responsible for them [1]. These same organizations plan to route $15 trillion in transactions through those agents by 2028 [2]. That is the prosecution's opening exhibit: an accountability vacuum at the center of the largest commercial reallocation in history.

I built the Digital Passport framework to close this gap. The Digital Passport is a three-component identity architecture (Verifiable Identity, Reputation Ledger, and Stated Intent) that separates trusted agents from invisible ones in the Business-to-Agent (B2A) Economy, the emerging $15 trillion marketplace where businesses sell directly to autonomous AI agents rather than humans. The companies deploying it today will control the admission gate to agent-intermediated commerce. The rest will be locked out.

The Identity Catastrophe * Your agents are running on borrowed credentials

The Cloud Security Alliance surveyed 285 IT professionals and the results read like an indictment [1]. Only 18% expressed high confidence that their identity and access management systems can handle agent identities. The other 82% admitted, under oath of anonymity, that they are improvising.

The specifics are worse. Forty-four percent of teams hand static API keys to autonomous agents. Forty-three percent use username and password combinations. Thirty-five percent rely on shared service accounts [1]. These are human credentials bolted onto non-human actors, a practice that guarantees untraceable execution. Only 28% can trace an agent's actions back to a human sponsor. Only 21% maintain a real-time inventory of active agents.

The trust numbers tell the verdict. Confidence in fully autonomous agents dropped from 43% in 2024 to 27% in 2025 [3]. Trust is collapsing at the precise moment adoption is accelerating. Enterprise AI Agent incorporation is jumping from less than 5% to 40% in a single year [3]. You are scaling a system you cannot audit, governed by credentials you cannot trace, executing transactions you cannot attribute. This is indefensible.

The CAPTCHA Has Inverted * Your new gatekeeper asks "Are you a trusted machine?"

For 20 years, the internet asked one question at its gates: Are you human? The CAPTCHA, that degrading ritual of clicking traffic lights and crosswalks, existed to keep machines out. I call this the old authentication posture, a defensive architecture built on the assumption that machines were the threat and humans were the customer.

The B2A Economy inverts this entirely. The Digital Passport is the mechanism that replaces the CAPTCHA, but in reverse. Your best customers are now machines. Gartner's 2026 Strategic Predictions project that 90% of B2B purchases will be intermediated by AI agents by 2028, channeling more than $15 trillion through autonomous systems [2]. The question at the gate is no longer Are you human? The question is Are you a trusted machine?

This inversion reframes the entire identity problem. Most organizations still treat agent identity as a security checkbox: prevent fraud, block impersonation, manage access. That defensive posture solves yesterday's problem. The real cost of missing identity dwarfs any breach: economic invisibility. An agent without a verifiable passport cannot participate in the agent-intermediated marketplace assembling around you. Every dollar you spend on defensive identity management without commercial identity architecture is a dollar that locks your agents out of revenue.

Three Components, Zero Negotiation * Remove any one and trust collapses

The Digital Passport is a three-component architecture I define in Chapter 13 of my book AI Agents: They Act, You Orchestrate. All three components are non-negotiable. Remove any single element and the trust architecture collapses.

• The first component is Verifiable Identity, cryptographic proof tying an agent to a real-world entity (a corporation, a government body, or an individual). This is not a password or an API key. It is an unforgeable certificate of origin. An agent without verifiable identity is anonymous, and in the Agent-First Era, anonymity is indistinguishable from hostility. The W3C Decentralized Identifier standard and the ERC-8004 token on Ethereum both implement this layer [4][5].
• The second component is the Reputation Ledger, a tamper-proof, blockchain-anchored record of an agent's prior conduct that functions as a trust score. Every successful transaction increases your trust score. Every failed API call, every security violation, every missed payment degrades it. There is no forgiveness, no benefit of the doubt, no long-time customer status. You are only as good as your last million transactions. The ERC-8004 standard, which deployed on Ethereum mainnet on January 29, 2026, has been described as creating "passports and credit scores for AI agents" [5]. It attracted 30.000 agent registrations in its first week.
• The third component is Stated Intent, a machine-readable declaration of purpose for each interaction that specifies what the agent intends to do. Is the agent here to query inventory, execute a purchase order, or access public data? The Cloud Security Alliance published the Agentic Trust Framework on February 2, 2026, formalizing Zero Trust principles for agents: least-privilege access based on declared mission [6]. An agent that cannot declare its purpose gets no access. Full stop.

An agent with identity but no reputation is a stranger with a badge. An agent with reputation but no stated intent is a trusted actor with no accountability for its next move. The triad is the minimum viable trust architecture for the Agent-First Era.

The Infrastructure Already Exists * Six implementations in 12 months

If this framework sounds theoretical, it stopped being theoretical recently.

The ERC-8004 standard launched on Ethereum mainnet on January 29, 2026, backed by MetaMask, the Ethereum Foundation, and contributors from Google [5]. The industry called it an "iPhone moment" for the agent economy. It provides on-chain verifiable identity and reputation scoring for autonomous agents, and it is live in production right now.

Six competing passport implementations launched between August 2025 and February 2026. Trulioo's Digital Agent Passport secured $475 million in funding at a $1.75 billion valuation. The Universal Commerce Protocol, co-developed by Google, Shopify, Walmart, and Target, and endorsed by Visa, Mastercard, PayPal, and Stripe, defines a common language for AI agents to transact [2]. The digital identity solutions market reached $47 billion in 2025 and is projected to exceed $132 billion by 2031 [3].

I coined the term Digital Passport because I could see the architecture converging. Six independent teams building the same three-component structure, in the same 12-month window, validates the framework I introduced in Chapter 13 of AI Agents: They Act, You Orchestrate. The market is not debating whether agents need passports. The market is racing to issue them.

The compounding advantage belongs to early movers. First-mover agents with clean Digital Passports build Reputation Ledgers that become compounding assets. Every successful transaction deepens the trust score. Late adopters start with zero reputation in a marketplace that trusts only track records. Reputation is a history you earn, and the clock started on January 29.

The Passport Works Both Ways

Most organizations miss the second half of this equation. You are focused on issuing passports to your agents. You have not considered that the agents buying from you will demand a passport from your business.

When 90% of B2B purchases flow through agents by 2028, the purchasing agent will check your Digital Passport before it transacts with you. Your API uptime, your transaction history, your cryptographic credentials: these become your new brand. The agent does not care about your logo, your marketing copy, or your company history. It queries your Reputation Ledger, verifies your identity, and confirms your stated capabilities. If the numbers satisfy its parameters, it transacts. If they do not, it moves on in milliseconds. No negotiation, no second chance.

Issuing passports to your agents is half the work. Earning one for your company is the other half. Your operational excellence, measured in nines of uptime and milliseconds of latency, is the credential that opens the gate.

The CAPTCHA asked Are you human? The marketplace now asks Are you trusted? Your answer is cryptographic. The deadline is measured in quarters, not years. Deploy the Digital Passport architecture, or become invisible to the most powerful purchasing force in history.

The Digital Passport is one framework from AI Agents: They Act, You Orchestrate by Peter van Hees. Across 18 chapters, the book maps the full commercial re-architecture of the Agent-First Era: the AX Stack that replaces UX, the Liquid Marketplace where agents conduct high-frequency negotiation, the four strategic shifts from persuasion to proof, and the B2A Economy that turns your operational uptime into your brand. If the identity crisis resonated, the book gives you the complete blueprint for serving a customer that cannot be persuaded, only satisfied. Get your copy:

🇺🇸 Amazon.com
🇬🇧 Amazon.co.uk
🇫🇷 Amazon.fr
🇩🇪 Amazon.de
🇳🇱 Amazon.nl
🇧🇪 Amazon.com.be

References

[1] Cloud Security Alliance / Strata Identity, "The AI Agent Identity Crisis: New Research Reveals a Governance Gap," 2026. https://www.strata.io/blog/agentic-identity/the-ai-agent-identity-crisis-new-research-reveals-a-governance-gap/

[2] B2B Exchange Association, "Your Next Customer Is an Algorithm: Redefining Digital Transformation for the B2A Economy," 2026. https://www.b2bea.org/insights-advice/your-next-customer-is-an-algorithm-redefining-digital-transformation-for-the-b2a-economy

[3] Nevermined, "35 Agent-to-Agent Trust Mechanisms Statistics," 2026. https://nevermined.ai/blog/agent-to-agent-trust-mechanisms-statistics

[4] arXiv, "AI Agents with Decentralized Identifiers and Verifiable Credentials," 2025. https://arxiv.org/abs/2511.02841

[5] Forbes, "AI Agents Gain Trust Via Ethereum: ERC-8004 On Mainnet," February 2026. https://www.forbes.com/sites/digital-assets/2026/02/05/ai-agents-gain-trust-via-ethereum-erc-8004-on-mainnet/

[6] Cloud Security Alliance, "The Agentic Trust Framework: Zero Trust Governance for AI Agents," February 2, 2026. https://cloudsecurityalliance.org/blog/2026/02/02/the-agentic-trust-framework-zero-trust-governance-for-ai-agents