TL;DR: Agentic commerce cannot safely start with the agent because trust depends on a verified human, an authenticated device, and a cryptographic binding that defines scope, according to Prove Identity. The governance shift is that identity controls must extend from the person at login to the agent acting on their behalf, or delegation becomes unauditable and overbroad.
At a glance
What this is: This is an analysis of how verified human identity and device-bound trust are being used to authorise agent actions through a reusable identity passport.
Why it matters: It matters because IAM, PAM, and identity governance teams need a model for delegation that preserves auditability and scope control as agents inherit human authority.
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
- 17 minutes and as quickly as 9 minutes
👉 Read Prove Identity's analysis of agent authority and verified human trust
Context
Agent authority is the governance problem that appears when software acts on behalf of a verified person. The core issue is not whether the human is known, but whether the agent's scope, timing, and provenance remain tied to that human after delegation begins.
In agentic commerce, the old login boundary is too narrow. If the human, the device, and the downstream agent are not bound together with verifiable trust, identity governance loses the ability to prove who authorised which action and under what conditions.
That makes this a human identity extension problem as much as an AI governance problem. The article's starting position is typical of the market shift now underway: organisations are trying to preserve existing identity assurance while extending it into delegated machine action.
Key questions
Q: How should security teams govern agent actions that inherit human authority?
A: They should govern agent actions as delegated identity events, not as independent accounts. The key is to tie each action back to the verified human, the authenticated device, and the current scope of delegation. That lets IAM, PAM, and audit teams enforce provenance, limit abuse, and revoke authority when the trust context changes.
Q: Why is login authentication not enough for agentic commerce?
A: Login proves the person once, but agentic systems need proof that the downstream action still matches the original trust context. Without continuous identity validation, an agent can keep acting after the device, session, or authorisation conditions have changed. That is why delegated authority needs lifecycle controls, not just initial authentication.
Q: What do IAM teams get wrong about reusable identity passports?
A: They often treat them like durable credentials instead of dynamic trust bindings. A reusable passport is only safe if it stays linked to live identity and device signals, and if it can be invalidated when those signals drift. Otherwise it becomes a long-lived delegation token with weak governance.
Q: How can organisations audit agent authority without slowing user experience?
A: By logging delegation as a cryptographic event and separating trust validation from repeated user prompts. The organisation can preserve a low-friction experience while still recording who authorised the agent, what device anchored the trust, and what scope was granted. That gives auditability without forcing every action through manual approval.
Technical breakdown
Verified human identity as the root of agent authority
The article's model starts with authenticated human identity and device trust, then extends that trust into agent action. That sequence matters because the agent is not the original trust anchor. Instead, the person and the device create the cryptographic basis for delegation, and the agent inherits only the scope that binding permits. In identity terms, this is a delegation chain, not a standalone machine identity. The governance challenge is preserving provenance when authority is transferred from a human session into an automated workflow. Without that chain, downstream authorisation becomes difficult to audit or revoke.
Practical implication: treat agent access as delegated human authority and require explicit linkage to the originating identity and device.
Reusable identity passport and replay-safe delegation
A reusable identity passport is described as a durable trust artifact that remains coupled to the verified person and their authenticated device. In practice, this behaves like a replay-safe identity binding, not a static credential, because its validity depends on continuous correlation signals rather than a one-time login event. That matters for agentic systems because the passport becomes the substrate for repeated requests without re-authentication at every step. The architectural question is whether the passport still reflects current trust when conditions change mid-session. If the binding is stale, the agent may continue acting under a trust state that no longer exists.
Practical implication: design delegation artefacts so they can be revoked or invalidated when the underlying human-device trust changes.
Why agentic commerce needs continuous identity validation
The article argues for continuous, real-time identity validation because agentic workflows do not behave like static sessions. Trust must be re-evaluated as device signals, identity signals, and merchant context change. That makes the system closer to a living trust graph than a single authentication event. From an IAM perspective, this is a material shift: the control is no longer just authentication, but ongoing authorisation fidelity. The main architectural value is not convenience alone, but the ability to maintain a verifiable chain of custody across many downstream actions.
Practical implication: monitor delegation state continuously and tie agent permissions to live identity signals rather than fixed session assumptions.
NHI Mgmt Group analysis
Agent authority is a delegation problem, not a new identity category. The article correctly frames AI agents as inheriting authority from a verified human and an authenticated device, which means the trust model lives upstream of the agent itself. That is a familiar IAM pattern, but the scale and speed of agentic execution make weak delegation decisions far more consequential. Practitioners should treat this as an extension of identity governance into non-human action, not as a separate security silo.
Continuous identity validation is the control concept that matters most here. A reusable identity passport only works if the underlying trust state is continuously current, because static assertions do not match how agents operate across merchants, channels, and tasks. This aligns with the broader move toward lifecycle-aware governance, where access is not just granted but continuously bound to context. The practical conclusion is that stale trust is now a first-class identity risk.
Agent authority cannot be governed by human login alone. The article shows why authenticating the user at the entry point is insufficient when the downstream actor is an agent with its own operational tempo. That means existing authentication-centric programmes miss the actual control point: delegated execution. Security teams should re-centre policy, logging, and revocation around the agent's authorised scope, not the initial sign-in event.
Device-bound cryptographic trust becomes the enforcement layer for human-derived agent action. The moment an agent inherits authority from a verified person, the device ceases to be an endpoint detail and becomes part of the identity boundary. That is a useful concept for IAM, PAM, and fraud teams because it ties authorisation to a stronger provenance signal than credentials alone. The practitioner takeaway is that delegation should be treated as a cryptographic event with lifecycle controls, not a convenience feature.
From our research:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- Our analysis of the same research shows 80% of organisations report AI agents have already acted beyond their intended scope, including unauthorised system access and sensitive data exposure.
- For the broader governance pattern, see OWASP NHI Top 10 for the agentic risk model that practitioners are now being forced to operationalise.
What this signals
Identity programmes will need to move from session-centric authentication to delegation-centric governance. Once agents act on behalf of verified people, the control question becomes whether authority is still valid at the moment of execution, not just at login. Teams should align agent policy, logging, and revocation with that shift, and use the NIST AI Risk Management Framework where autonomous decisioning is present.
Human identity, device trust, and agent authorisation are converging into one operating model. That means IAM and fraud teams cannot treat agentic commerce as a side project. If the same identity event now authorises both a person and a software actor, then lifecycle, audit, and incident processes need to understand the full delegation chain.
Verified delegation will become a control pattern with its own blast radius. Organisations that cannot show who granted agent authority, on what device, and under what conditions will struggle with investigation and accountability. The practical next step is to formalise that chain in policy and testing before agent usage expands further.
For practitioners
- Map delegated agent authority to the originating human identity Require every agent permission to resolve back to the verified person and authenticated device that created it, so reviewers can trace provenance and revoke trust at the source.
- Treat the device as part of the identity boundary Include device posture, binding state, and session integrity in authorisation decisions for agent actions, rather than relying on the human login alone.
- Make delegation artefacts revocable on trust change Design reusable identity passports or equivalent tokens so that a change in identity risk, device state, or context can invalidate downstream agent authority immediately.
- Instrument agent actions for audit and replay resistance Log each agent request as a signed, attributable event and preserve the chain from human intent to action execution for later investigation and certification.
Key takeaways
- Agent authority depends on a verified human and authenticated device, not on the agent as a standalone trust anchor.
- The operational risk is stale delegation, because static trust does not match how agents execute across changing contexts.
- IAM teams need delegation-centric controls, continuous validation, and revocation paths that follow the full identity chain.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | NHI-01 | Agent authority and delegated scope are central to this article. |
| OWASP Non-Human Identity Top 10 | NHI-07 | Reusable trust artifacts and lifecycle-bound delegation are classic NHI governance issues. |
| NIST AI RMF | GOVERN | The article centres on accountability and trust boundaries for AI-enabled action. |
| NIST CSF 2.0 | PR.AC-4 | This is an access control and least-privilege problem for delegated identity. |
| NIST Zero Trust (SP 800-207) | Continuous verification and no implicit trust underpin the article's model. |
Map agent permissions to least-privilege access rules and review delegation scope regularly.
Key terms
- Agent Authority: The permission an AI agent receives to act on behalf of a verified person. In this model, authority is inherited rather than original, so governance must trace the agent back to the human intent, device context, and current trust state that authorised it.
- Reusable Identity Passport: A persistent trust artifact that binds a verified identity to an authenticated device and can be reused across workflows. It is not a static password or token. Its security depends on continuous validation and the ability to revoke or invalidate the binding when trust changes.
- Device-Bound Cryptographic Trust: A trust model where identity assurance is anchored to both the person and the device through cryptographic binding. This raises the bar for delegation because the device becomes part of the identity boundary, not just a channel used to reach a service.
- Delegation Chain: The sequence of identity and authorisation relationships that carries authority from a human to a software actor and, in some cases, onward to other systems. It is the audit path that shows who granted permission, what scope was allowed, and where accountability should land.
What's in the full article
Prove Identity's full blog post covers the operational detail this post intentionally leaves for the source:
- The reusable identity passport design and how it binds a verified human to a device in practice
- The continuous validation mechanics that keep delegation current across sessions and merchants
- The developer integration model for adding agent authority without changing the user experience
- The trust propagation flow from human identity to merchant endpoint to downstream agent action
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building identity controls that need to work across humans, devices, and delegated software actors, it is worth exploring.
Published by the NHIMG editorial team on 2026-03-11.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org