From Research Term to Funded Category

In late 2024, agent identity was a phrase in research papers. Within roughly a year it had become one of the most heavily funded and consolidated categories in enterprise security. The shape of the activity is unmistakable even before the dollar figures: established identity and security vendors acquiring agent-identity and non-human-identity startups, hyperscalers shipping dedicated agent-identity features into their directories, and standards bodies opening working groups specifically for agentic and non-human identity. The market decided, almost at once, that the identity model built for human users logging into applications does not extend to autonomous software acting on its own, and it began buying and building toward something else.

What that something else is, exactly, is the interesting part. Look past the branding and the credible vendors are converging, from different starting points, on the same set of properties: identity that is dynamic rather than enrolled once, scoped narrowly rather than granted broadly, and free of long-lived static secrets. They are feeling their way toward a destination none of them has fully reached.

Two Intermediate Stops the Market Has Settled On

Two mainstream approaches dominate the current agent-identity conversation, and both are intermediate stops rather than destinations. The first is decentralized identifiers paired with verifiable credentials. This model improves on centralized directories by letting a subject present cryptographically verifiable claims without a single authority brokering every transaction, and it is the direction the standards work leans. But it remains key-based: a decentralized identifier resolves to a document containing public keys, and the subject proves control by signing with the corresponding private key. The static secret has been relocated, not removed, and the post-quantum migration that threatens every classical signature threatens this model with it.

The second is non-human identity and token-scoping. This model treats each workload, service, and agent as a first-class identity that is issued short-lived, narrowly scoped credentials, often attested by the surrounding platform such as a cloud metadata service or a Kubernetes control plane. It is a real improvement: short-lived beats long-lived, scoped beats broad, attested beats self-asserted. But it remains issuer-based. Some authority, the cloud provider, the orchestrator, the secrets manager, mints the credential, and the agent's identity is only as available and as trustworthy as that issuer. Remove the issuer's reach, as a contested or disconnected environment does, and the identity has nothing to stand on.

The Destination the Convergence Implies

Both stops are steps along a single axis: away from static secrets, away from central authorities, toward identity that an agent can prove from its own ongoing activity. The endpoint of that axis is identity with no certificate authority and no issuer at all, where the credential is not stored or minted but computed. The keyless mechanism described across this body of work is that endpoint. Identity is an append-only chain of dynamic hashes advanced only by independently validated interaction, with a trust value that is a computed property of the chain rather than a stored score, entangled to the device so it cannot be lifted, and recoverable through a quorum of peers rather than through an issuer. There is no enrollment record whose compromise yields impersonation, because there is no static secret whose disclosure replays as authentication, and there is no issuer whose unreachability suspends the identity, because the proof is continuity the agent carries.

This is what the decentralized-identifier camp approximates without leaving keys behind, and what the non-human-identity camp approximates without leaving the issuer behind. The market is converging on a destination it has not named; the keyless primitive names it.

Timing and the Standards Pull

The convergence is also visible in the standards bodies. Working groups have formed specifically around identity management for agentic systems and open agent identity, and industry security alliances have begun publishing guidance on identity and access management for autonomous agents. The direction of all of this work is the same one the vendors are moving in: dynamic, scoped, attestable, less dependent on stored secrets. The keyless mechanism's priority predates the wave, with a filing date in late 2024 ahead of the consolidation and the standards activity that followed, which positions it not as a late entrant chasing the category but as a prior articulation of the destination the category is migrating toward. The point of this article is not that any particular vendor infringes; it is that an entire market, independently and from many directions, is walking toward an architecture that the keyless primitive already describes in full.

Disclosure Scope

The keyless identity mechanism described here, in which identity is a validated, append-only chain of dynamic hashes with a computed trust value, device entanglement, and quorum recovery, and which depends on neither a certificate authority nor a credential issuer, is disclosed in the identity filing (U.S. Application No. 19/388,580, published as US 2026/0126730 A1). This article situates that disclosed mechanism against the publicly reported convergence in the agent-identity market and the direction of the relevant standards work, and argues that the market's intermediate models, key-based decentralized identifiers and issuer-based non-human identity, are steps toward the keyless destination the filing describes. References to specific vendors, acquisitions, and standards efforts are to public reporting and published materials and are used for context only; no relationship, endorsement, or infringement is asserted.