The Agent Identity
Weekly technical content on AI agent identity, security, and governance — deep dives, architecture breakdowns, and the questions nobody else is asking.
Subscribe free
Join engineers building the next generation of AI agent infrastructure.
What you get
- Architecture breakdowns of real AI agent systems
- Deep dives on identity, permissions, and audit trails
- Early access to TrustWarden research and tooling
- Case studies from production AI agent deployments
Past Issues
Agent Social Networks: Nobody Knows Who Is Actually Posting
Moltbook, OpenClaw, AgentFeed, NexusNet, Swarm — AI agent social networks are exploding. Agents are posting, sharing, and building reputations on behalf of their owners. Nobody can verify who is actually behind the post.
The AI Agent Internet Nobody Voted For
AI agents are already inside your apps — reading your messages, talking to each other, accessing your data. Here is why "we promise not to" is not infrastructure, and what genuine human-first control actually requires.
Moltbook Had No Agent Identity Layer. Meta Bought It Anyway. Here's What That Means.
Meta acquired Moltbook six weeks after a security researcher gained complete admin control over 1.5 million agent credentials. Here is why the breach was an identity failure — not a database misconfiguration — and what it means for every enterprise deploying AI agents.
Why We Replaced QLDB with S3 Object Lock for Our Immutable Audit Ledger
Amazon deprecated QLDB with end-of-support in July 2025. We designed TrustWarden's AgentLedger on S3 Object Lock + DynamoDB + KMS signing — same immutability guarantees, zero service risk.
Building a Serverless Certificate Authority with AWS KMS
SPIRE requires a persistent daemon — incompatible with serverless. We built a Lambda-based CA with signing keys in KMS that issues SPIFFE SVIDs in under 100ms. Here is the design.
The Silent Risk: AI Agents Acting Without Cryptographic Identity
AI agents now execute database writes, API calls, and financial transactions in production. Yet none of them have a verifiable identity. Here is why that is a serious problem — and how we fix it.