Picture the dullest bureaucrat you can, the one who sits at a border with a single question to his name: who sent you, what are you allowed to do here, and until when. An AI agent that moves money is going to meet a version of that man far sooner than the market expects, and right now it turns up holding a shared login and an API key that can do far too much — roughly the standing of a laminated library card, which works beautifully right until the moment somebody at the counter bothers to read it.
Gus Aragón wrote this month that agents have no real identity and that the industry is at last building one, and he is right, though he is describing a country some of us have been living in since February. We did not write the forecast; we printed the passports.
What the passport has to say is not long. It records where the agent comes from and who stands behind it in law — the agent being nobody a court can fine, while its operator very much is — and it sets out what the agent may do, what it must never do, and how long the whole document stays valid. Hand a task down to a sub-agent and that sub-agent inherits a strictly narrower slice of the authority and never a wider one; a courier can carry the sealed letter across town, but he cannot sit down and rewrite it. All of it is signed, and any stranger can check the whole chain without once ringing head office to confirm.
We built that, and it runs: on a public chain, on open credential standards, behind an API anyone can call, and written up as an IETF draft that has been sitting on the same public registry everyone else in this debate has been reading. When Sunil Prakash's AIP paper set out five things such a document has to do, we ran his own tests against our system and published the result without dressing it up — four of the five running in production, and the fifth, an expressive multi-condition policy and the most demanding of the lot, marked openly as unfinished rather than quietly waved through. Our own first write-up of that score had been a shade too kind to us; we went back and corrected it downward, in public, where anyone can still read the edit. A passport office that fudges its own paperwork is not one you would hand your passport to.
What almost nobody writing about this cares to admit is that getting the thing built and running was the least of the trouble, and the real obstacle sits somewhere considerably less flattering.
Here is the shape of the market in mid-2026. The infrastructure exists and works. The number of agents that check a counterparty's papers before doing business is, to be generous about it, a rounding error. A border guard is pointless if no traveller carries papers, and no traveller troubles himself with papers as long as every border waves the whole crowd through — so we have ended up with immaculate passports nobody is asked to show and immaculate checkpoints with nobody to stop, two halves of a bridge built out from opposite banks and not yet touching in the middle.
Immaculate passports nobody is asked to show, and immaculate checkpoints with nobody to stop — two halves of a bridge built out from opposite banks and not yet touching in the middle.
This sort of deadlock breaks the way every infrastructure deadlock has ever broken, which is that somebody with the authority to do it stops waving the traffic through and closes the border.
Regulation is that somebody, and the dates are already on the calendar. The moment the EU's rules for high-risk and agentic systems take effect, the first company hauled into an audit and asked which of its agents did a particular thing, and on whose authority, is going to discover that "we trusted the vendor" is not a sentence that survives a regulator's stare — and that is the morning a passport stops being a courtesy, the traveller already carrying one keeps walking, and everyone else files into the queue outside the embassy, one form and one jurisdiction at a time.
That queue is the whole point, and it is the part even the better essays tend to stroll past. A national ID buys you precisely nothing abroad; you either purchase a fresh visa at every border or you stay home. Do this properly and the agent ends up carrying something closer to a diplomatic passport — a single document honoured at every crossing, with no new stamp demanded per country — and an agent equipped like that is arguably the only genuinely free trader left anywhere on the planet, since it never sleeps, never books a hotel, and never sits in a consulate waiting room working through a two-year-old magazine. The one thing standing between that agent and the open road is whether the papers it carries are papers the next border has agreed to recognise.
We printed ours early — too early by the market's clock, and I am not going to pretend that is anything other than a bet — but borders do not stay open indefinitely, and when this one finally shuts, the traveller already holding good papers will barely register the day it happened, while everyone else starts learning the word for "visa" in twenty languages at once.
The passport, and the scorecard
The Agent Authorization Envelope is an open IETF draft; the conformance report is public, corrections and all.
Read the conformance report → Developer quickstartSources
- Gus Aragón, The Identity Layer for AI Agents Is Finally Being Built — HackerNoon, 11 July 2026
- Sunil Prakash, AIP: Agent Identity Protocol for Verifiable Delegation Across MCP and A2A — arXiv:2603.24775; IETF draft-prakash-aip
- Agent Authorization Envelope — IETF draft-kroehl-agentic-trust-aae
- MolTrust IBCT conformance report — Mapping MolTrust to the AIP Protocol Feature Set
- EU AI Act (Regulation (EU) 2024/1689) — application timeline, EUR-Lex CELEX 32024R1689
Written by Lars Kroehl (MolTrust / CryptoKRI GmbH, Zurich). Questions or feedback: @MolTrust on X.