Announcing Trusted Agent Identity for Agent Fabric

As your enterprise scales its AI agent ecosystem, trust and security become even bigger challenges. Agents must be able to securely and responsibly interact with numerous downstream services and tools. And agents don’t just act as themselves; they act on behalf of a user.

As AI agents take on real work—issuing refunds, updating accounts, approving actions—the biggest question CIOs are asking isn’t “Can agents do this?” It’s “Who are they doing it for?”

In traditional systems, identity is straightforward: users log in, systems authenticate, access is clear.

But in an agentic world—where agents call other agents, services, and tools—that clarity breaks down fast. Somewhere along the way, user identity gets lost. And when identity disappears, trust disappears with it.

This "identity gap" creates significant risk and inefficiency in agentic architectures:

• Imprecise Security Controls: Agents and applications lack the necessary user context to make precise, fine-grained access decisions.
• Expanded Risk Profiles: Solving identity challenges through over-privileged accounts increases the potential "blast radius" in the event of a breach.
• Broken User Experiences: Users may encounter unnecessary re-authentication barriers or be unable to authenticate at all.
• Audit blindspots: It can be difficult to understand why and for whom agents took certain actions across your agentic network.

With Trusted Agent Identity, MuleSoft Agent Fabric bridges this critical gap by ensuring authenticated user context travels seamlessly with every request, enabling enterprise-grade, user-centric trust across your AI agent architecture.

Enable agents to carry out tasks responsibly for your users

Trusted Agent Identity uses an "On-Behalf-Of" (OBO) model to preserve trust across every step of an agentic workflow. Agents don’t act as anonymous systems. They act with the real authority of the user they’re helping.

• Access Only What's Necessary: Agents can securely view things like a user's private settings, accounts, or restricted documents.
• Full Accountability: Every action is traceable back to the specific originating human user for a complete and reliable audit trail.

Secondary Verification When Needed

Trusted Agent Identity balances seamless experiences with intelligent security. For actions that are high-risk or very sensitive (like moving money), agents can automatically ask for extra authentication, but at the moment it's required.

Verification Mid-Task: An Agent-to-Agent (A2A) enabled agent can temporarily pause a task to request a second check, like multi-factor authentication (MFA), without forcing the user to leave the conversation.

Risk-Based Security: The need for extra verification is only triggered based on how sensitive or high-value the requested action is.

Easily enforce identity controls on every agent

With this capability, we are expanding Agent Governance to encompass verified agent activity. Because these policies are enforced by MuleSoft Flex Gateway, you can implement these controls on any agent, regardless of where it is hosted or how it was built.

• Automatically Manage Credentials: The Anypoint Flex Gateway automatically handles the complex process of exchanging security tokens (OAuth 2.0 and OIDC) as data leaves your system.
• Integrate with Existing Security Infrastructure: Easily connect with all major identity providers (like Okta, Entra ID/Azure AD) without having to rebuild your entire agent architecture.

Accelerate Zero Trust Adoption
By propagating verifiable identity claims across the entirety of Agent Fabric, every agent can enforce independent, granular access decisions based on the actual user's privileges, moving beyond simple perimeter-based security .

Ensure Unwavering Auditability
Preserved identity context within observability logs provides complete visibility into agent behavior, clearly detailing who initiated an action and why, which is essential for compliance and precise incident forensics.

Enable Seamless Developer Velocity
With identity concerns separated at the architectural level, agent developers are freed from writing and maintaining complex security code, accelerating the time-to-market for new intelligent agents.