TL;DR — Anthropic shipped Workload Identity Federation (WIF) for the Claude API. Your workloads now exchange a short-lived OIDC JWT from your IdP (EKS IRSA, GKE, AKS, GitHub Actions, Kubernetes, SPIFFE/SPIRE , Okta, Entra ID) for a short-lived sk-ant-oat01-... token via RFC 7523 jwt-bearer grant. Zero static secrets. But it's workload identity, not user delegation — and that distinction is where confused deputy bugs are about to start showing up. Why this matters (and why I'm writing a sequel) A few weeks back I wrote about draft-klrc-aiagent-auth — the IETF blueprint for agentic identity from engineers at AWS, Zscaler, Ping Identity, and Defakto Security. The thesis was straightforward: most teams securing AI agents with API keys are one breach away from disaster, and the fix is an 8-layer Agent Identity Management System (AIMS) built on SPIFFE for workload identity, WIMSE for proof tokens across proxies, OAuth Token Exchange for delegation, and Transaction Tokens for operation-scoped authorization .…