The OpenID Foundation has released a detailed whitepaper examining emerging identity and security challenges posed by the growing use of autonomous AI agents. The study warns that existing frameworks for authentication and authorisation are not sufficient to manage complex, cross-organisational interactions among AI systems.
According to the report, AI agents, which are programmes capable of reasoning and acting independently, are beginning to take on decision-making roles once limited to humans. While current enterprise systems can manage straightforward use cases, such as agents operating within a single organisation, difficulties arise when they interact across platforms or manage permissions for multiple users.
Fragmentation, oversight, and accountability gaps
The research identifies several vulnerabilities, including inconsistent identity systems across companies, difficulties in distinguishing user actions from delegated agent behaviour, and a lack of scalable oversight mechanisms. It also highlights challenges such as recursive delegation, where agents create or instruct other agents, and the inability of current models to track agents that alternate between acting autonomously and on behalf of users.
Representatives from the OpenID Foundation said that without coordinated standards, the industry risks a fragmented environment in which AI agents cannot operate securely across different systems. The organisation is urging collaboration among developers, enterprises, and standards bodies to establish interoperable frameworks for managing agent identity and authority.
The whitepaper recommends that organisations adopt proven protocols, such as OAuth 2.0, and use standard interfaces like the Model Context Protocol to connect AI systems securely. It also calls for treating AI agents as full participants in identity and access management, with clear governance and lifecycle controls. OpenID Foundation officials emphasised that only joint industry effort can ensure the future interoperability and accountability of AI agents.
