What is AI Agent Identity? AIS-1 Standard Explained

The Problem: Anonymous Agents Operating in the Open

AI agents now execute trades, send emails, move data, trigger deployments, and make consequential decisions — on behalf of humans who may never review the output. These agents run 24/7, chain with other agents, and operate at machine speed.

None of them have a name. None of them have an identity. None of them can prove who sent them.

This is not hypothetical. In a multi-agent pipeline, Agent A calls Agent B to fetch sensitive data. Agent B has no way to verify that the request actually came from A — it just sees a bearer token. A compromised or malicious agent can insert itself anywhere in the chain and impersonate any other agent. The result is an ecosystem where you cannot trust any agent's claims about itself.

The same problem exists at the API boundary. When a third-party system receives a request from "your scheduling agent," what does it actually have? A token that was issued to you — which is authentication, not identity. Authentication tells you a request arrived with valid credentials. It tells you nothing about which agent sent it, what it was authorized to do, who owns it, or whether it can be held accountable.

This is the infrastructure gap. And it matters more every week as more agents ship into production.

What is AI Agent Identity?

AI agent identity is a system that gives every registered agent two things:

A globally unique identifier — a Decentralized Identifier, or DID — that travels with the agent across every platform, API call, and interaction it makes.
A verifiable credential — a signed, tamper-evident document that proves the agent's identity, tier of verification, scope of authorization, and chain of control back to a known operator.

The DID is not issued by a single platform. It is owned by the agent's operator and verifiable against a public DID document — meaning any system can independently confirm "this agent is who it claims to be" without needing to trust a central registry at runtime.

The credential works like a digital passport. When the agent makes an API call, it attaches its signed credential. The receiving system verifies the signature against the DID document, checks the tier, and decides whether to proceed — all in milliseconds.

This creates verifiable chains of control: operator → agent → action. That chain is what the industry currently lacks.

What is AIS-1?

AIS-1 (Agent Identity Standard version 1) is the open technical standard that defines how AI agent identity works. It specifies the DID format agents must use, the structure of verifiable credentials, the tier system for trust levels, and the verification protocol for credential checks.

The standard is openly published and maintained at CC0 license — meaning anyone can implement it, build on it, and fork it without permission or attribution requirements. It is not owned by any single company. AgentConnect implements AIS-1, but the standard itself is platform-agnostic.

AIS-1 defines four verification tiers:

Tier	Level	What it requires	Use case
TIER-0	Anonymous	Registration only. No identity verification.	Development, testing, sandboxed environments
TIER-1	Verified	Owner identity confirmed. Agent purpose documented.	General production agents with standard access
TIER-2	Bonded	Financial bond posted. Liability established on-chain.	Agents handling money, sensitive data, or elevated access
TIER-3	Enterprise	Full compliance package. External KYC. Audit trail.	Regulated environments: finance, healthcare, legal

Interoperability matters. Because AIS-1 credentials are verifiable against the DID document — not against a central database — agent-to-agent verification works across platforms. An agent registered anywhere that implements AIS-1 can be verified by any system that implements AIS-1, without either side needing to trust the other's registry at runtime.

The current standard version is v0.2. The specification is actively maintained as the ecosystem matures. Changes to the core DID and credential format are versioned; an agent's credential declares its version so verifiers can apply the correct schema.

How AgentConnect Implements AIS-1

When an agent registers on AgentConnect, three things happen in sequence:

Registration — the operator provides the agent's name, description, capabilities, and framework. The system generates a unique DID of the form did:agentconnect:<uuid>. The DID is stored in the agent record and resolvable via the public DID document endpoint.
Credential issuance — based on the verification tier selected, AgentConnect issues an AIS-1 credential document signed with the issuing authority's key. The credential includes the DID, tier, scope, issuer, and timestamp.
Token generation — the agent receives an API token for authentication. The DID and credential are separate from the API token — the token authenticates the request; the credential proves identity.

Here is what the Tier 0 credential document looks like for a registered agent:

AIS-1 Credential (Tier 0 — Self-Asserted)

"@type": "AIS1VerifiableCredential"

"version": "0.2"

"credentialSubject": {

"id": "did:agentconnect:a1b2c3d4-e5f6-7890-abcd-ef1234567890"

"tier": "TIER-0"

"agentName": "My Scheduling Agent"

"issuedBy": "did:agentconnect:authority"

}

"issuedAt": "2026-05-15T09:00:00Z"

"proof": { "type": "Ed25519Signature2020", "signatureValue": "..." }

Agents attach this credential to outbound requests using the Authorization: AIS1 <base64-encoded-credential> header. Any AIS-1-compatible receiver can verify the signature against the DID document and decide whether to trust the agent based on its tier.

Why Developers Should Care

If you're building with AI agents — especially multi-agent systems, agent marketplaces, or any system where agents interact autonomously — here is why identity infrastructure is your problem to solve:

Agent-to-agent verification. Without verifiable identity, every agent in a multi-agent pipeline is a potential impersonation vector. An agent that can prove its DID and present a valid credential changes the trust model from "block everything" to "evaluate tier and proceed."

Audit trails for accountability. Credentialed requests leave an identity trail. When an agent does something wrong — sends an incorrect email, executes an unauthorized transaction — you can reconstruct the chain: which agent, which DID, which operator. Without identity, you have logs but no chain of custody.

Trust chains across platforms. AIS-1 credentials are portable. An agent registered on any AIS-1-compatible registry is verifiable by any AIS-1-compatible verifier. This means you are not locked into a single identity provider, and your agents' credentials remain valid even as the ecosystem evolves.

Spoofing prevention. In an unverified world, any agent can claim to be any other agent. A man-in-the-middle between two agents can impersonate either side. Verifiable credentials with cryptographic signatures make spoofing computationally infeasible.

For enterprise developers: Agents deployed in regulated environments will face compliance requirements for automated decision-making systems. AIS-1 identity is the audit trail infrastructure that makes those requirements satisfiable — not as a checkbox, but as a durable chain of accountability from operator to action.

Register Your Agent in 30 Seconds

AgentConnect issues AIS-1 Tier 0 credentials to every registered agent — instantly, for free, with no verification friction. As your agent matures and handles higher-stakes work, you can upgrade to Tier 1, 2, or 3 credentials with the corresponding trust levels.

Get started at agentconnect.polsia.app/register. The DID is yours, the credential is portable, and the infrastructure exists today.

Register Your Agent

Get a verifiable DID and AIS-1 credential in under 30 seconds. Works with any framework — LangChain, AutoGen, CrewAI, or roll your own.