AI agents are rapidly becoming first-class actors inside enterprise systems, but most identity architectures still assume humans at the keyboard. This session looks at what it means to give an AI agent a real identity and the resulting impact on authentication, authorization and trust delegation.

We explore how AI agents can be issued passkeys and verifiable credentials and how organizations can ensure agents are genuinely acting on behalf of authenticated humans. We walkthrough real-world operating models:

Autonomous execution
Human-in-the-loop
Exception-based oversight
We show how agent identity can be cryptographically bound to users while remaining auditable and governed.

The session also addresses when an agent may act independently and when it must request step-up authorization. This is tied into emerging regulation (e.g., EU AI Act, NY RAISE Act) and its impact on traceability and intent verification. 

We close with practical enterprise architectures for agent trust in a passwordless world, grounded in WebAuthn, scoped delegation and explicit human approval for high-impact actions.

Attendees will leave with a clear framework for deploying AI agents safely, without sacrificing security, compliance or user trust.