On-Chain Identity for AI Actors: Attestations vs Surveillance

At RSA Conference 2026 this week, Yubico and Delinea demonstrated hardware-attested authorization for AI agents. The integration links hardware-signed Role Delegation Tokens with runtime authorization, requiring a human sponsor to physically tap a YubiKey before an AI agent can execute a privileged action. Every high-risk automated decision gets a cryptographic proof tying it to a specific human approver. For an allocator evaluating the AI-agents-on-chain thesis, this demonstration makes the identity problem concrete: as agents begin transacting autonomously, every counterparty needs verifiable proof of who authorized the agent, what constraints apply, and where liability sits.

The Claim and What Must Be True

The falsifiable claim: AI agents on blockchain infrastructure will require cryptographically verifiable identity credentials — not to surveil them, but to make their actions auditable and their mandates enforceable. Without on-chain identity, autonomous agents are pseudonymous actors executing irreversible transactions with no attributable mandate. If centralized cloud credential systems prove sufficient across blockchains, or if agents remain confined to experimental scale through 2027, the on-chain identity layer is unnecessary.

Two conditions must hold for this to matter. First, AI agents must reach the scale where counterparties cannot manually verify each interaction. Gartner projects that over 40 percent of enterprise workflows will involve autonomous agents in 2026. A YouGov study found 42 percent of U.S. consumers would allow an AI agent to purchase on their behalf if it ensured the lowest price. Meanwhile, 86 percent of cybersecurity professionals surveyed by Keyfactor believe autonomous systems should have unique, dynamic digital identities. The demand signal is clear. The infrastructure is not.

Second, the identity system must be decentralized enough to work across multiple blockchains and jurisdictions. Centralized credentials from a single cloud provider do not offer the portability or composability required for agents operating across Ethereum, Solana, and private institutional chains simultaneously. This is the structural argument for on-chain identity over centralized alternatives.

The Constraint Today

The constraint is that no standard framework exists for AI agent identity on-chain. Agents currently operate through standard wallet addresses indistinguishable from human wallets. There is no protocol-level mechanism to prove that a wallet is controlled by an agent, that the agent operates under a specific mandate, or that a human authorized its deployment.

Emerging standards are addressing this. ERC-8004 ties departure records to on-chain identity and reputation, creating portable agent history. The W3C Decentralized Identifier standard provides self-sovereign credentials without central authorities. Attestation frameworks like the Ethereum Attestation Service allow third parties to cryptographically vouch for agent capabilities. But these are components, not a complete production-grade identity stack at institutional scale.

The Enabling Primitives

The on-chain primitive is the verifiable credential: a cryptographically signed attestation that an agent meets specific criteria — who deployed it, what actions it can take, what limits apply, when authorization expires — without revealing internal logic or model weights.

The enabling AI capability is Trusted Execution Environment attestation. Agents in TEEs like Intel SGX or AMD SEV generate proofs that their code matches an expected hash and their execution environment is genuine. These proofs are verifiable on-chain. For agents without TEE support, zero-knowledge proofs offer an alternative path to verifiable computation with complete privacy.

The combination creates Know Your Agent, analogous to KYC but for autonomous software. A KYA credential attests that an agent operates on behalf of a specific legal entity, follows defined constraints, and has a traceable authorization chain from human principal to machine delegate.

The Tension: Attestation vs Surveillance

The design choice that matters most is whether on-chain identity for AI agents enables selective disclosure or total transparency. An attestation model allows an agent to prove it is authorized to trade up to a specific value without revealing its strategy, its principal's identity to the counterparty, or its full transaction history. A surveillance model would record every agent action on a public ledger, creating a complete behavioral record that regulators, competitors, or adversaries could analyze.

The attestation model preserves the privacy properties that make decentralized systems valuable while adding the accountability that institutional adoption requires. The surveillance model would deter institutional participation entirely. Self-sovereign identity systems using DIDs and off-chain credential storage, where sensitive data lives in private wallets and only proofs are verified on-chain, represent the most credible architecture for threading this needle.

What Would Falsify This

If enterprise AI agent adoption stalls below meaningful transaction volume through 2027, the identity infrastructure has no demand driver. If centralized platforms like AWS or Azure build agent identity systems that work well enough across chains through proprietary APIs, the decentralized alternative loses its value proposition. And if regulators mandate full transparency rather than accepting attestation-based compliance, the privacy-preserving design becomes illegal.

The monthly progress signal to track is the number of on-chain agent identity registrations across ERC-8004, EAS, and W3C DID-compatible systems. When that number exceeds manual verification capacity, the infrastructure becomes necessary rather than theoretical.

For informational purposes only. Not an offer to buy or sell any security. Available only to accredited investors who meet regulatory requirements.

‍