Descope’s launch of Agentic Identity Hub, designed to enable secure, standards-based AI agent connectivity, addresses a problem that has become a genuine blocker for enterprise AI adoption: organisations want to deploy AI agents that can act across multiple systems, but lack a consistent, secure way to authenticate those agents and manage their access without either over-provisioning trust or building custom integration code for every connection.
The standards gap is the central issue. Human identity has decades of mature protocols behind it — OAuth, OIDC, SAML — that allow a user to authenticate once and have that identity trusted across many connected applications. AI agents have had no equivalent. Each agent-to-system connection has typically required custom API keys, hardcoded credentials, or ad hoc authentication schemes, none of which scale safely as the number of agents and the systems they need to reach both grow. This is exactly the sprawl that non-human identity security practitioners have been warning about: credentials multiplying faster than anyone can inventory them, let alone govern them.
Descope’s framing around “standards-based AI agent connectivity” signals an attempt to bring the same rigour to agent identity that OAuth brought to human and application identity two decades ago — a common protocol that lets an agent prove who it is and what it’s permitted to do, verifiable by any system it connects to, without requiring bespoke integration work each time. For security teams, this matters because standards-based approaches are inherently more auditable and revocable than the patchwork of static API keys that currently underpins most agent deployments.
The connectivity emphasis also speaks to a practical enterprise reality: AI agents rarely operate in isolation. A single agent workflow might need to read from a CRM, write to a ticketing system, and query an internal knowledge base — each a separate trust relationship that needs to be established, scoped, and eventually revoked. Without a hub-based approach to managing these relationships, the operational burden of securing agent connectivity grows linearly with every new integration, which is unsustainable at the pace AI agent adoption is currently moving.
For CISOs and IAM practitioners, the emergence of dedicated agentic identity infrastructure — from Descope and others entering this space — should be read as confirmation that treating AI agents as a special case of “service accounts” is no longer adequate. Agent identity requires its own standards, its own connectivity model, and its own governance approach, distinct from both human IAM and legacy machine identity tooling.
Source: GlobeNewswire