Enterprise identity used to have a fairly stable center of gravity. A user authenticated. An application received a token. The token carried scopes or claims. The backend enforced what that application was allowed to do. That model was never trivial, but it was legible. Agents are making it less so. An AI agent is not just another software client. It can plan, delegate, chain tools, invoke other agents, operate over time, and make decisions inside partially autonomous loops. It may act on behalf of a user in one moment, on behalf of a service in the next, and through a brokered protocol hop after that. It may hold authority briefly, derive narrower authority for a subtask, or preserve more authority than anyone intended. That is why the emerging identity problem in AI is not simply authentication. It is delegation. More specifically, it is the combined problem of agent identity, delegated authority, and protocol trust . That is where the next serious access-control failures are likely to come from.…