Ward Duchamps | Director of Strategy and Innovation CIAM, Thales
More About This Author >
Ward Duchamps | Director of Strategy and Innovation CIAM, Thales
More About This Author >
Literary giant Ernest Hemingway said, "The best way to find out if you can trust somebody is to trust them." But in the age of the Agentic Web, trust does not involve someone, but something. Trust has become an infrastructure, and right now, that infrastructure is starting to crack.
The rise of autonomous digital agents is changing how we live and work. These aren’t enhanced chatbots or digital assistants that wait to be prompted; they often act without human intervention and in a way that pushes the limits of what identity and access systems can cope with.
Take Google’s new AI Mode. It doesn’t just suggest outfits, it virtually tries them on for you, watches prices, makes purchase decisions, and pays. Think of it as a personal shopper, finance manager, and style coach, wrapped into one.
This is convenient, but it’s also a trust problem. How can you trust something that isn’t human, but acts like one?
Too Soon To Celebrate? The Identity Enigma
The industry is rushing to keep up with new tools, frameworks, and ways to “extend” existing IAM protocols to non-human identities. Some claim it’s just a matter of tweaking what we’ve already built. But that’s optimism bordering on denial.
It took over two decades to arrive at today’s human digital identity systems. Even these are riddled with friction, fraud, and fragmentation. Thinking we can nail non-human identity in two months, or two quarters, is hubris.
Worse, there’s no consensus on what “getting it right” even looks like. Vendors suggest incremental solutions. Academics warn that such tweaks could open the door to catastrophic failures. Somewhere between is the reality: the current IAM stack is not ready for autonomous agents acting at lightning speed in multi-agent ecosystems.
The Bigger Picture: Why Trust Matters Now
AI agents are increasingly embedded in our digital lives, from commerce and customer support to dating and social media. As their adoption accelerates, they challenge existing identity and security infrastructures in unprecedented ways.
Enterprises see the problem. 52% of respondents to the 2025 Thales Cloud Security Study indicated that AI security spending is eating into or taking over existing security budgets. Researchers, regulators, startups, and big-tech companies acknowledge the need, but have no time for building consensus.
Three Steps for Building Trust in Agentic Web
To build trust into the Agentic Web, we need to rethink how we define and manage identity, behavior, and accountability.
Agent Identity
We need to move beyond simple identifiers. Agents must carry attestable proof of their origin, training data, software dependencies, and guardrails. Think of it as a passport for AI: cryptographically verifiable and designed for auditability.
We must distinguish humans from machines, and know where the machine came from, what it learned, and who set it loose.
Agent Accountability
Actions by agents must be traceable back to a person, process, or organization. But that’s harder than it sounds. In human systems, proxying is already a pain. Parents act for children. Lawyers for clients. In the digital world, these relationships are brittle.
Multiply that by a network of AI agents with short-lived goals and ephemeral permissions. Centralized logging doesn’t cut it. We need decentralized ways to track intent and responsibility.
Agent Behavior
Regulations like the EU AI Act offer direction, but are not blueprints. We need to encode responsibility into agent behavior from the ground up.
We must design agents with incentive structures: compliance earns rewards, non-compliance has consequences. We must build adaptive systems: fixed policies for core rules, flexible ones for context. External policy engines, embedded monitoring. And interoperability between agents across organizations.
Building Interoperable Trust
Solving these problems inside one company is hard. Across a global ecosystem? It won’t be easy. But we’re committed to finding a way through. Trust cannot stop at enterprise boundaries. One entity must rely on another’s agent identity, accountability, and behavioral guarantees.
This means shared standards, interoperable protocols, and mutual recognition of credentials and attestations.
Without this, the Agentic Web becomes a fragmented web of suspicion. With it, we unlock a digital economy that is fast, smart, and secure.
Because if we get this wrong, we don’t just lose convenience. We lose control.