The Identity Problem Is Solved. The Trust Problem Isn't. There's a wave of new protocols solving agent identity. Agents get cryptographic keys, sign their requests, prove who they are without pre-registration or shared secrets. This is good work and it's needed — bearer tokens and API keys were never designed for autonomous software making decisions on your behalf. But here's what we keep seeing in production: an authenticated agent is not a trusted agent. Identity answers "who is this?" Trust answers "what should this agent be allowed to do, right now, with this amount, to this recipient?" If you're building a chatbot that calls APIs, identity is enough. If you're building an agent that moves money, it's not even close. The Gap: What Happens After Authentication Consider an agent that's been fully authenticated — valid cryptographic identity, signed request, proof-of-possession confirmed. The agent is who it says it is. Now it wants to initiate a $50,000 payment to a company in Dubai.…