What is Agent Identity?
Agent identity is the ability to attribute every agent action — in MCP deployments, every tool call — to the specific person or agent that initiated it. It requires per-person credentials and identity propagation through any intermediaries, so that audit logs, policies, and revocation all operate on individuals rather than an anonymous shared account.
WHY IT MATTERS
Most MCP setups start with shared credentials: one API key per server, distributed to the whole team. Upstream, every call then looks identical. When an incident review asks who deleted that table or whose session exfiltrated that file, the audit log answers "the key" — which is everyone and no one. Shared keys break attribution, make per-person access control impossible, and turn offboarding into a fleet-wide rotation.
Agent identity restores the link between calls and callers. It has three working parts:
- Issuance — each person or agent gets its own credential, typically a scoped token rather than a copy of a shared key.
- Propagation — intermediaries such as an MCP gateway must carry the caller's identity through to evaluation and logging, not collapse all traffic into one service account (the classic confused-deputy shape).
- Attribution — every tool call lands in the audit trail tagged with the identity behind it, so investigation, anomaly detection, and compliance reporting work at the level of individuals.
Identity becomes more demanding as agents multiply: a single person may run several clients and spawn subagents, all acting concurrently. Without per-caller identity, that activity is indistinguishable from a compromised credential — and shadow agents hide comfortably in the noise.
HOW POLICYLAYER USES THIS
PolicyLayer makes identity a property of the gateway rather than each upstream server. Every person or agent routes through with their own scoped token, so the gateway knows who is behind each tools/call even when the upstream server only sees a single service credential. Policies evaluate against that identity, and the audit trail records per-person attribution for every allowed and denied call.