We've started with a simple version of Identity: an open-source way to issue short-lived, verifiable identities to AI agents. We're working on several experimental components, including runtime query-based capability scoping for agents, followed by AML-inspired suspicious behavior detection, to replace the antiquated system of static sandboxes most AI tools run on. These tools will enable you to protect yourself from many classes of attacks and are, based on our testing, performing quite well on public benchmarks (which we'll publish soon when we release them!).
Each agent run gets a short-lived credential with its own identity. Services can verify who the agent is, who started it, when the credential expires, and whether the token is bound to the agent instead of being a reusable bearer secret. If you're interested in trying it, we just released it on GitHub here: https://github.com/clayseal/clayseal-identity. If you're interested in trying out the experimental components before we release them, please take a look at https://clayseal.com/.
This is the very first version of the system, and we're working on improving it every day. If you have suggestions, ideas, an interest in contributing, or potential systems/CVE classes you think we should know about, reach out! And feel free to star if you'd like to try it out or just see us develop it.