On-Chain Identity for AI Agents Executing Fiduciary Duties
On April 28, 2026, the FIDO Alliance formed an Agentic Authentication Technical Working Group with Google AP2 and Mastercard Verifiable Intent as foundational contributions, building interoperable standards for AI agents authenticating, acting, and transacting on behalf of users. Non-human identities already outnumber human identities by roughly 40 to 1 in large enterprises, and the decentralized identity market is projected at 7.4 billion dollars in 2026. The technical primitives for AI agent identity exist: DIDs (W3C decentralized identifiers), verifiable credentials, OAuth 2.0 Token Exchange under RFC 8693, and hardware-attested workload identities are deployed across Microsoft, Okta, AWS, and major cloud platforms. The question for a compliance officer is whether on-chain identity attestation becomes a legal precondition for AI agents executing fiduciary duties, and on what timeline.
The Falsifiable Claim
By end of 2027, any AI agent executing actions that meet the fiduciary standard — rebalancing assets, signing contracts on behalf of a principal, paying invoices that bind a fund, exercising governance votes on tokenized securities — will be required to present an on-chain identity attestation linking the agent to a named human principal, the scope of delegated authority, the expiration time, and the revocation mechanism. The claim is not that identity infrastructure will deploy (it already has). The claim is that fiduciary acceptance — by regulators, fund administrators, auditors, insurance carriers — will require on-chain attestation specifically because the alternative (off-chain logs and API tokens) cannot produce the evidentiary record fiduciary law demands.
What Must Be True
Three conditions must hold. First, the standards stack must consolidate. Today FIDO, W3C DIDs, W3C VCs, OAuth 2.0 Token Exchange, Google AP2, Mastercard Verifiable Intent, Anthropic MCP, and SPIFFE/SPIRE are all advancing in parallel. The April 28 FIDO announcement is a consolidation step. For fiduciary acceptance, the standards must produce a single delegation-chain artifact an auditor can verify against an agent's actions — not seven competing frameworks. Second, legal acceptance under existing agency law. The Restatement of Agency requires a principal have capacity to authorize an agent and that the agent act within scope. Mapping to AI agents requires either statutory clarification (years away) or fiduciary acceptance practices treating on-chain attestation as sufficient evidence (achievable within 18 months).
Third, audit trail completeness. A fiduciary action by an AI agent must produce evidence that survives in court: delegation chain, scope (action, dollar amount, counterparties), execution record (transaction hash, timestamp, oracle inputs), and revocation status. On-chain identity attestations bundled with verifiable credentials produce all four. Off-chain API logs produce only fragments.
The Enabling Primitive and a Real Example
EIP-7702, live with Pectra since May 2025, lets externally owned accounts execute smart contract logic without redeploying. Session keys allow scoped temporary delegation. Combined with a DID + VC stack, a fiduciary delegation looks like this: the principal (a treasury manager) issues a verifiable credential to the agent specifying "rebalance among BUIDL, OUSG, USDC, up to $5M notional, between 9 AM and 5 PM ET, expiring May 30." The agent's wallet uses EIP-7702 to execute while the VC and DID provide cryptographic proof of the delegation chain. Every transaction includes the VC reference; revocation flips a state in the DID document. Audit reconciliation reads the DID document, the VC, and the on-chain transaction record as a single evidence bundle.
Indicio's ProvenAI is one production reference implementing this for enterprise data access. Google AP2 and Mastercard Verifiable Intent push the model toward payment authorization. For the institutional fiduciary use case, the missing piece is the legal acceptance layer — fund administrators and auditors treating on-chain attestation as sufficient evidence under existing agency law without waiting for statutory clarification.
What Would Falsify This and the Skeptic's Case
The skeptic's strongest argument is that current AI agent identity infrastructure is built for enterprise SOC and IT use cases (refunds, support tickets, data access), not fiduciary execution. The leap from "60-second scoped token to refund $50" to "authority to rebalance $10M of fiduciary assets" requires more than identity primitives — liability acceptance by insurance carriers, audit-firm methodology, and case law. None of those exist yet for AI agent fiduciary actions. The thesis depends on legal acceptance running ahead of statutory change — which happened with electronic signatures (ESIGN Act preceded by industry acceptance), email contracting, and cloud audit reliance. It can happen again. But it is not foregone.
Three developments would invalidate the thesis. First, a major agent identity failure — stolen DID, prompt-injection-induced authority misuse, or VC issuance fraud — producing a prominent loss in a fiduciary context, with regulatory response slowing institutional adoption regardless of technical merit. Second, FIDO and W3C standards remaining fragmented through 2027, preventing the single delegation-chain artifact auditors need. Third, fund administrators and auditors deciding the safer course is human-in-the-loop for every fiduciary action, freezing AI agent execution at the advisory layer.
The monthly trackable signal is the count of production AI agent deployments executing fiduciary actions through on-chain identity attestation, broken out by use case (treasury rebalancing, payment authorization, governance voting). As that count rises into the hundreds and then thousands, the thesis is validating. The April 28 FIDO announcement was the most significant consolidation step in 18 months. The next 18 months resolve whether the legal acceptance layer catches up to the technical primitives.
For informational purposes only. Not an offer to buy or sell any security. Available only to accredited investors who meet regulatory requirements.
