AIT — Agent Identity Token

A cryptographically signed identity standard for AI agents to prevent identity laundering and provide tamper-proof audit trails. Three JWT-based token types — Session, Action, and Delegation — that chain together to form a verifiable record of every AI agent action. NIST-aligned, CC0 public domain.

🛡️ About AIT

The Agent Identity Token (AIT) specification is an open standard for cryptographically signing AI agent actions. Released under CC0 public domain in May 2026, AIT defines three JWT-based token types that chain together to form a verifiable audit trail for every action an AI agent takes.

🎯 The Problem AIT Solves

🤖 Identity Laundering: Multi-agent systems lose accountability across delegations
📝 No Audit Trail: Logs can be tampered with — cryptographic signing cannot
🔐 Context Substitution: Agents can be tricked with hidden malicious context
⚖️ Compliance Gap: NIST is signaling mandatory agent identity by late 2026

🔗 Three Token Types

AIT-S (Session): Who is this agent, what model, what authorized scope
AIT-A (Action): What did it do, what context did it have, file state before/after
AIT-D (Delegation): What did the parent agent grant the child — prevents identity laundering

🚀 Key Properties

Offline verifiable — no central authority required
RS256 cryptographic signing
JSON Web Token (JWT) compact serialization
CC0 1.0 Universal — public domain
Aligned with NIST February 2026 concept paper on AI agent identity

📊 Early Traction

56 repository clones and 38 unique visitors in the first 24 hours after release. Reference implementation in progress at depwire-cli.