ZeroID: Open-source identity platform for autonomous AI agents
ZeroID is an open-source identity platform that implements an identity and credentialing layer specifically for autonomous agents and multi-agent systems.
The attribution problem
The core issue ZeroID targets is attribution in agentic workflows. When an orchestrator agent spawns sub-agents to carry out parts of a task, each sub-agent may call APIs, write files, or execute shell commands. Existing approaches offer limited traceability: shared service accounts carry no delegation trail, and standard OAuth 2.0 and OIDC flows were not designed for scenarios where agents operate asynchronously, spawn subordinates, or cross organizational boundaries without a human in the loop at each step.
ZeroID implements RFC 8693 token exchange to create verifiable delegation chains. When an orchestrator delegates to a sub-agent, the resulting token carries the sub-agent’s own identity, the orchestrator’s identity, and the original authorizing principal. Scope is automatically attenuated at each hop: a sub-agent cannot receive permissions the orchestrator does not already hold.
“The identity layer for the agentic era is being written right now. If we don’t get this right, we’re going to end up with systems that are powerful but fundamentally unaccountable. Identity infrastructure needs to be transparent and verifiable,” said Sharath Rajasekar, CEO of Highflame.
Revocation and real-time access evaluation
ZeroID integrates the OpenID Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP) to support real-time revocation. Revoking a token at any point in a delegation chain immediately invalidates all downstream tokens derived from it.
For services where a network round-trip per request is too expensive, ZeroID’s SDKs offer local JWT verification against a cached JWKS endpoint. That path does not check real-time revocation status; the tradeoff between latency and revocation immediacy is left to the implementing service.
Deployment and SDKs
ZeroID runs as a containerized service backed by PostgreSQL. A Docker Compose setup brings up the database and server locally. Highflame also operates a hosted version at auth.highflame.ai. SDKs are available for Python, TypeScript, and Rust.
Integrations with LangGraph, CrewAI, and Strands are listed as released. Planned additions include a CLI, Client-Initiated Backchannel Authentication for agents that need out-of-band user authorization mid-workflow, a human-in-the-loop approvals API, and a GitHub Actions OIDC upstream validator.
ZeroID is available on GitHub.
Must read:
- 40 open-source tools redefining how security teams secure the stack
- Firmware scanning time, cost, and where teams run EMBA
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!