PALO ALTO, Calif. – February 18, 2026 – StrongDM, the universal access management company, today announced StrongDM ID, a new identity layer designed for the agentic era. As AI agents and workloads increasingly operate inside production environments, organizations are relying on identity infrastructure built for people, not autonomous agents. StrongDM ID makes it easy for developers to issue verifiable identities to agents at scale and link them to a human sponsor, enabling enterprises to trace agent activity back to the human who authorized that activity.
AI agents are among the fastest-growing classes of identities, rapidly moving from experimentation into production systems across both consumer and enterprise environments. But traditional identity providers were built for people, not autonomous agents, and assume manual provisioning, approval workflows, and stable identity lifecycles.
Agentic systems invert those assumptions. They are programmatically created, can be short-lived, and may scale far beyond the number of human users. Yet many teams still secure agents using hardcoded API keys, shared service accounts, or credential forwarding into runtime environments – patterns that obscure human sponsorship and make it difficult to clearly trace who initiated or approved an agent’s actions.
“AI agents are no longer experimental. They’re operating inside production environments alongside employees,” said Tim Prendergast, CEO of StrongDM. “But identity still assumes a human is behind every action, and that assumption no longer holds. StrongDM ID brings verifiable identity and explicit human sponsorship to autonomous software, so organizations can clearly trace who authorized an agent to act.”
Unlike traditional identity systems that depend on IT-managed provisioning workflows, StrongDM ID is designed for how agents are actually created and used. Developers can register an agent, link it to a human sponsor at creation, and establish a clear delegation chain without relying on shared service accounts or long-lived credentials. Each agent identity is uniquely attributable to the individual who authorized it.
By making delegation explicit from the start, StrongDM ID supports secure agent-to-agent interactions and clear "on-behalf-of" context, ensuring that every agent action can be traced back to both the agent and its human sponsor. This approach helps organizations bring accountability to autonomous systems as agentic workflows scale.
StrongDM ID implements modern security mechanisms, including Demonstration of Proof-of-Possession (DPoP, RFC 9449), which binds tokens cryptographically to an agent's key. If a token is intercepted in transit, in logs, or from a compromised runtime, it cannot be used by anyone other than the agent to which it was issued. The service also supports OAuth 2.0 Token Exchange (RFC 8693), enabling on-behalf-of flows where an agent can carry verifiable delegation context from a specific human sponsor.
StrongDM ID also implements Shared Signals (SSF/CAEP), enabling organizations to propagate identity risk and session status changes across systems in near real time. This allows teams to quickly and consistently invalidate compromised or misbehaving agent identities across environments, without relying on long-lived secrets or delayed token expiration.
The rise of agentic AI changes the requirements for identity governance. As autonomous systems operate at machine speed in production environments, organizations need identity systems that make delegation explicit, preserve clear “on-behalf-of” context, and establish accountability for autonomous actions. StrongDM ID is designed to support this shift by enabling verifiable agent identity and traceable sponsorship, helping enterprises strengthen auditability and oversight across agentic workflows.
For more information about StrongDM ID, visit https://id.strongdm.ai.
About StrongDM
StrongDM is the universal access management company reimagining privileged access management. Built for enterprises managing explosive growth in both human and machine identities, StrongDM provides real-time authorization enforcement that governs privileged actions across infrastructure, applications, and cloud environments — not just initial access. The platform unifies traditional PAM capabilities with advanced authorization controls, evaluating identity, context, and policy to authorize or block every privileged operation. Security teams gain action-level visibility and control, while end users experience frictionless access. StrongDM enables organizations to evolve toward continuous, context-aware identity governance.
