Current agent authentication frameworks conflate identity with permissions, creating systemic over-permissioning and making non-human identities indistinguishable from legitimate activity within organizational environments. Organizations cannot audit, scope, or revoke agent access effectively, and no consent-propagation mechanism exists for multi-party permission chains when agents operate on downstream third-party systems. Emerging standards bodies (e.g., NIST NCCoE extending OAuth 2.0) are defining this infrastructure without adequate input from agents or operators who understand real deployment patterns.

Organizations cannot distinguish agent activity from human activity, leading to over-permissioned bots, unauditable actions, and zero consent propagation when agents call downstream APIs on behalf of users.

Platform engineering and security teams at mid-to-large companies deploying internal AI agents or integrating third-party agent tools into production workflows.

Enterprises already pay heavily for human IAM (Okta, CyberArk) and are blocked from shipping agents to production precisely because no equivalent exists for non-human identities; compliance and security teams are actively demanding this before approving agent deployments.

MVP is an open-source agent identity server issuing scoped, auditable tokens (extending OAuth 2.0 with agent-specific claims and consent-chain metadata), plus a dashboard for granting, scoping, and revoking agent permissions — ship as a Docker container that plugs into existing IdPs.

Non-human identity management is a nascent segment within the $20B+ IAM market; even 1% penetration in the first wave of agentic enterprise adoption represents $200M+ ARR opportunity.