Imagine two AI agents, perhaps a procurement agent from Company A and a supplier agent from Company B, needing to talk business. They've never met, there's no shared system, and no human to vouch for them. When that first message arrives, how does Company B's agent know who it's really talking to? How can it trust the sender? In today's web, our usual security tools like TLS, OAuth, or API keys fall short for AI agent identity . TLS confirms a domain, but not the specific agent within it. OAuth and OpenID Connect are built for human users, and API keys are essentially passwords. These don't provide the granular, verifiable identity that autonomous AI agents need to operate securely across different organizations. We need answers to three critical questions, automatically and without human intervention: Who is this agent? A stable identity that lasts across sessions. Who controls it? Which organization is accountable for its actions? What is it authorized to do?…