Skip to main content
About AI Identity

Identity & Governance for AI Agents

AI Identity gives every autonomous AI agent its own cryptographic identity, scoped permissions, and a tamper-evident audit trail — so security, platform, and compliance teams can deploy agents with accountability built in.

AI Identity is part of the Google for Startups Cloud Program and MongoDB for Startups.

Founded

2026

Headquarters

Boulder, CO

Stage

Design Partner

Category

Agent IAM + Audit

What AI Identity Builds

AI Identity is a business-to-business software platform. We ship a hosted control plane and an open-source SDK that give organizations three things their current stack does not provide for AI agents:

01 / IDENTITY

Per-agent API keys

Unique, scoped aid_sk_ credentials per agent. SHA-256 hashed at rest. Zero-downtime rotation. Revoke one agent without disturbing the others.

02 / POLICY

Context-aware gateway

A deny-by-default proxy in front of your LLM providers and internal APIs. Enforces least-privilege, rate limits, spending caps, and human-in-the-loop approvals for high-risk actions.

03 / EVIDENCE

Forensic audit trail

HMAC-SHA256 hash-chained logs, DSSE + ECDSA P-256 signed session attestations, and an offline verification CLI. Auditors verify independently of our servers.

See product walkthrough →ArchitectureDocs

Problems We Solve

Enterprises are deploying AI agents into production with infrastructure that was designed for humans and long-lived services — not for thousands of short-lived, autonomous workers making decisions on their behalf. That gap shows up in four places.

Shared API keys hide who did what

Teams ship one OpenAI/Anthropic key across every agent. When something goes wrong, there is no way to attribute an action to a specific agent, tool-call, or user session.

No least-privilege at the agent layer

Existing IAM and secret managers scope access per human or service account. There is no primitive for per-agent permissions, spending caps, tool allowlists, or deny-by-default enforcement.

Audit logs aren't forensic evidence

Provider-side logs are fine for debugging, but they are vendor-controlled, mutable, and incomplete. Regulators and auditors need tamper-evident, independently verifiable records.

Compliance frameworks don't map cleanly

EU AI Act Article 12, NIST AI RMF Measure, and SOC 2 CC7 all require traceability for automated decisions. Most teams have no control mapping between their runtime and the frameworks they're audited against.

Who We Serve

Our target customer is an organization deploying autonomous AI agents into production — typically through LangChain, LlamaIndex, CrewAI, AutoGen, OpenAI Agents SDK, or a custom framework — and accountable for what those agents do.

Platform & AI engineering teams

Own the agent runtime. Need per-agent keys, quota control, and a drop-in gateway that doesn't require rewriting every agent.

Security & IAM teams

Own authorization. Need deny-by-default enforcement, scoped credentials, rotation, and anomaly detection for non-human identities.

Risk, compliance & audit

Own the evidence. Need tamper-evident logs, signed attestations, and control mapping to EU AI Act, SOC 2, NIST AI RMF, GDPR, and HIPAA.

Industries we focus on first

Financial servicesHealthcareLegal & professional servicesSaaS platforms shipping agentsPublic sector & regulated research

Team

AI Identity is founder-led. Jeff drives product, engineering, and customer relationships directly — which means every design partner gets direct access to the person who built the platform.

Live in production·Design partners onboarding·Runs on Google Cloud
Jeff Leva, Founder and CEO of AI Identity

Jeff Leva

Founder & CEO

Boulder, Colorado

Jeff has spent his career building and operating production systems in environments where failure isn't an option — cloud banking infrastructure handling $50B+ in client assets, enterprise platforms that teams run their businesses on, and the security and compliance tooling those environments demand.

AI Identity came out of a pattern he kept seeing: organizations spinning up AI agents with shared credentials, no identity layer, and no way to answer who did what when something went wrong. Jeff founded AI Identity to give those teams the identity, policy, and evidence primitives they already expect for humans — purpose-built for agents.

LinkedInjeff@ai-identity.coGitHub

Team & Partners

We're selectively building our founding team and advisory network. If you've scaled a developer platform, security product, or compliance tooling and want to be close to what's being built at the AI identity layer — get in touch.

We're also in conversation with potential co-founders with deep go-to-market or enterprise security backgrounds. If that's you, let's talk.

Current Stage

AI Identity is in early launch. Core product is live and running in production on our own infrastructure. We're selectively onboarding design partners and refining the product against their real workloads before broader GA.

Live today

  • Hosted control plane + dashboard
  • Gateway with OpenAI, Anthropic, Gemini
  • Python SDK + REST API + CLI
  • HMAC hash-chained audit log with org scoping + correlation IDs
  • DSSE + ECDSA P-256 signed attestations (KMS + public JWKS)
  • Offline attestation verification CLI
  • Human-in-the-loop approvals (Enterprise tier)
  • Shadow-agent detection with Register / Block / Dismiss flows
  • ABAC on agent metadata + policy dry-run endpoint
  • Org-level sharing + role-based assignments
  • Tier-based quota enforcement + usage tracking
  • Prometheus /metrics + real-time SIEM push (signed webhook)
  • Compliance export API: SOC 2, EU AI Act, NIST AI RMF (stubs)
  • GKE hardening: Binary Authorization ENFORCE, Cloud Armor WAF, Master Authorized Networks, NetworkPolicies, Secret Manager + CSI
  • Public interactive demo + 4-tier pricing page

Next — design-partner track

  • Terraform provider
  • Native SDK adapters for LangChain, CrewAI, AutoGen, OpenAI Agents SDK
  • Agent-to-agent auth (mTLS / token exchange)
  • Advanced anomaly detection beyond shadow-agent heuristics
  • Remaining 5th audit-logging phase
  • Dedicated SIEM connectors (Splunk, Datadog) on top of webhook sink
  • SOC 2 Type II external audit + ISO 27001 certification
  • Self-hosted / private-cloud deployment profile
  • SSO + SCIM provisioning

What We Believe

Three principles shape the product and the business.

Every AI agent should have a real, verifiable identity — not a shared key and a best guess.

Permissions should be explicit and least-privilege by default, with systems that fail closed when there's uncertainty.

Audit trails should be tamper-evident and useful for real investigations — not just another log table.

Let's talk

Whether you're exploring agent governance or ready to deploy, we'd love to hear from you. Design partner slots are open through Q2 2026.

Get Started FreeContact JeffJeff on LinkedIn