Episode 153 - GluuFederation/identerati-office-hours GitHub Wiki
Title: AI Agents and the Layers of Trust: From Confusion to Decentralized Machine Identity
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Nicola Gallo, Co-founder / CTO Nitro Agility
Channels
Description
Lately there has been a lot of discussion about the “trust” of AI agents. At a high level, the real challenge is that integration and security are often conflated. MCP essentially addresses integration—an orchestration layer—but it does not solve the problem of trust. The first step is to clearly separate security from integration and coordination.
When implementing integration, orchestration can work, but it may introduce a single point of failure. Even with redundancy, state and tokens still need to be persisted, and if every AI agent in every security domain handles this in the same way, we risk drifting toward an “Internet of Shared Credentials.” An alternative is choreography, where coordination is distributed and transactions can be built across peers.
Take the simplest distributed transaction: two workers exchanging a single message. Passing a token in the message may look simpler, but it is really just a compromise: it avoids a central orchestrator yet still leaves weak guarantees—tokens can be replayed, lost, or detached from the actual executor. A more sustainable path is to anchor trust in the verifiable identities of the executors themselves, enabling decentralized chains of attested actions. Without this, impersonation models that lack strong binding to executor identity risk leaving the true actor unclear, making trust fragile and harder to govern.