Part of the security infrastructure for AI agents

Cryptographic identity for autonomous agents.

AIM gives every AI agent a unique Ed25519 identity, capability scoped authorization, and a continuous 8 factor trust score. Run it locally on your laptop or deploy AIM Server for cross machine fleet governance.

$npx opena2a-cli identity create --name my-agent
View on GitHubExplore the CLI

Open source. Apache 2.0. Self hosted or AIM Cloud.

Built for non human actors.

Agent Identity Management is the practice of creating, authenticating, authorizing, and governing digital identities for autonomous AI agents. Traditional Identity and Access Management was designed for humans logging in. Agents do not log in. They run continuously, take actions without review, and reconfigure themselves at runtime. They need a different identity model.

AspectTraditional IAMAgent Identity Management
Identity TypeHuman usersAutonomous AI agents
Decision MakingHuman in the loopAutonomous, no human review
BehaviorPredictable workflowsDynamic, emergent behavior
PermissionsFixed roles (RBAC)Capability based, context aware
LifecycleLong lived accountsEphemeral, dynamic provisioning
Trust ModelStatic trust after authContinuous trust evaluation

Six capabilities every agent needs.

Identity, authorization, trust, audit, attestation, and monitoring. Each one is enforced at runtime, signed cryptographically, and observable through the CLI or dashboard.

Cryptographic Identity

Every agent receives a unique Ed25519 keypair for unforgeable identity. No shared credentials. No API keys to rotate. Hybrid post quantum keying available for forward secrecy.

  • Ed25519 public key cryptography
  • Hybrid PQC keying (Ed25519 + ML-DSA-65)
  • Request signing and verification

Capability Based Access

Agents are restricted to explicitly declared capabilities. Principle of least privilege enforced at runtime, not at config time.

  • Explicit capability declarations
  • Runtime enforcement on every action
  • Escalation detection and denial

Continuous Trust Evaluation

An 8 factor trust score evaluates agent behavior on every authorization decision and adjusts permissions accordingly.

  • Behavioral analysis across 8 factors
  • Drift detection on capability use
  • Automated response to trust drops

Comprehensive Audit Trail

Every agent action is logged with cryptographic attribution for compliance and forensics. Append only by design.

  • Append only audit log
  • Cryptographic signatures on every event
  • SOC 2 and HIPAA ready

MCP Server Attestation

Automatic discovery and verification of MCP servers your agents connect to. Detect shadow tools before they exfiltrate data.

  • Shadow MCP detection
  • Tool capability inventory
  • Connection monitoring and revocation

Event Driven Monitoring

Complete visibility into your AI agent infrastructure. Dashboards, alerts, and a live tail of agent activity events.

  • Agent inventory and lifecycle
  • Security alerts on policy violations
  • Trust score trends over time

The 8 factor trust score.

Every authorization decision in AIM evaluates eight signals. The score is recomputed on each call and emitted as a span attribute on the authorization span. No black box. Every factor is queryable.

Verification status

Whether the agent has a verified Ed25519 identity registered with the server.

Uptime

Continuity of registration. Long lived agents with stable behavior score higher.

Action success rate

Ratio of allowed authorization decisions to denied decisions over a rolling window.

Security alerts

Open alerts from runtime monitoring, capability violations, or scope drift.

Compliance

Conformance with attached governance files (SOUL.md), capability policies, and signed configs.

Age

Time since registration. Newly created agents start with reduced trust until they accrue history.

Drift

Deviation between declared capabilities and observed behavior across the audit log.

Feedback

Operator feedback events from the dashboard or CLI. Manual trust signals weighted into the score.

$npx opena2a-cli identity trust my-agent

Read the live score.

Run it your way.

AIM works as a local only tool for individual developers or as a centralized server for teams managing fleets of agents. Start solo, upgrade to server mode when you need cross machine governance.

Solo Mode

Local. No server required.

Identity stored in ~/.opena2a/aim-core/. Audit log as a local JSONL file. Policies as YAML files. Zero infrastructure to manage. Ideal for individual developers securing their own agents.

npx opena2a-cli identity create --name my-agent
  • No dependencies or infrastructure
  • Ed25519 keypair generated locally
  • YAML based capability policies
  • Local JSONL audit trail

Server Mode

Centralized fleet management.

Deploy AIM Server, dashboard, and PostgreSQL via Docker Compose. Centralized identity management with a REST API, OIDC token endpoint, and a fleet dashboard for managing agents across machines.

docker compose up -d
  • REST API for identity and audit
  • OIDC based token issuance
  • PostgreSQL backed audit logs
  • Fleet dashboard for cross machine governance

See the deployment documentation for setup instructions.

Wired into the rest of the stack.

Identity is the substrate. HackMyAgent scan results, Secretless credential decisions, OASB benchmark scores, and SOUL.md governance checks all attach to the agent identity for a single audit trail and a single trust score.

scan
HackMyAgent
209 static plus 29 semantic plus 164 adversarial checks
protect
Secretless
Credential detection and brokering
benchmark
OASB
222 standardized attack scenarios
scan-soul
SoulScanner
Governance file analysis (ABGS)

Why this matters now.

AI agents are being deployed into production with shared credentials, blanket admin access, and zero audit trail. Every one of those decisions creates a new class of incident.

The problem

  • Agents deployed with shared credentials or no authentication
  • Blanket admin access granted without capability restrictions
  • Shadow MCP servers with zero visibility or governance
  • No audit trails for agent actions or decisions
  • Legacy IAM cannot handle autonomous, dynamic actors

The AIM response

  • Unique cryptographic identity for every agent
  • Capability based access with runtime enforcement
  • Automatic MCP server discovery and attestation
  • Complete audit logging with cryptographic proof
  • Purpose built for autonomous AI agents

Real world impact. ServiceNow AI vulnerability, January 2026.

ServiceNow disclosed what researchers called the most severe AI driven vulnerability to date. The disclosure described exposure of Fortune 500 customers through improperly secured AI agents with universal credentials, email only authentication, and unrestricted capabilities.

Read the full analysis

Frameworks we secure.

AIM secures AI agents across frameworks, platforms, and deployment models. The same identity flow works whether you are running a single LangChain script or an AutoGen multi agent system.

LangChain Agents

Secure LangChain and LangGraph agent deployments with cryptographic identity and runtime capability checks.

CrewAI Teams

Identity management for multi agent crews. Per agent identity with shared audit trail.

MCP Servers

Attest and monitor Claude Desktop and Claude Code MCP servers across every machine in your fleet.

AutoGen Systems

Govern autonomous multi agent workflows with capability scoped policies and trust scoring.

Open source. No lock in.

Unlike proprietary identity products from larger vendors, AIM is open source. Self host forever. Read every line of code. Fork it if the roadmap diverges from your needs.

Open source

Apache 2.0 licensed. Inspect, modify, and contribute to the codebase.

Self hosted

Deploy on your infrastructure. Your data never leaves your environment.

Zero cost

No licensing fees. No per agent pricing. No surprise bills.

Three ways to integrate.

Most developers start with the CLI. Library authors embed aim-core. Teams running fleets adopt AIM Server. The same identity model works across all three.

OpenA2A CLI

opena2a-cli identity

Create identities, calculate trust scores, manage governance, and view audit logs. The fastest way to get started with AIM. No server required.

npx opena2a-cli identity create --name my-agent

Use when

  • Getting started with AIM
  • Managing identity from the terminal
  • CI and CD pipelines
  • Scripting and automation

aim-core

@opena2a/aim-core

Embed identity directly into your application. Local only library with Ed25519 keys, capability policies, audit logs, and trust scoring. No server required.

npm install @opena2a/aim-core

Use when

  • Building your own agent framework
  • Embedding identity in application code
  • Custom trust scoring logic
  • No infrastructure to manage

AIM Server

opena2a/aim-server

Full server with REST API, dashboard, PostgreSQL backed audit logs, OIDC based identity, and centralized policy management across a fleet of agents.

docker pull opena2a/aim-server

Use when

  • Managing multiple agents
  • Cross machine fleet governance
  • Centralized audit and compliance
  • SSO and OIDC integration
Featureaim-core (local)AIM Server
Ed25519 IdentityLocal keypairServer issued plus OIDC
Audit LogJSON lines filePostgreSQL plus API
Capability PolicyYAML fileREST API plus dashboard
Trust Scoring8 factor, localReal time plus history
Multi AgentPer machine onlyCross machine fleet
InfrastructureNoneDocker or Kubernetes

Give your first agent an identity.

One command. No signup. Generates an Ed25519 keypair, registers the agent, and prints a starting trust score. Run it in any project.

$npx opena2a-cli identity create --name my-agent
Star on GitHubExplore the CLI

Open source. Apache 2.0. Self hosted or AIM Cloud.