Highflame Launches ZeroID, an Open-Source Identity Platform for Autonomous AI Agents

SAN FRANCISCO--(BUSINESS WIRE)--Highflame, an AI security company building agent control and governance infrastructure, today announced the open-source release of Highflame Identity Platform called ZeroID, a purpose-built identity platform for autonomous AI agents.

AI agents are moving from experimentation to production—but when they act, it’s often unclear who authorized them. Highflame is open-sourcing ZeroID, its identity platform for autonomous AI agents, to address this gap.

Share

Available immediately under the Apache 2.0 license at https://github.com/highflame-ai/zeroid, ZeroID gives every AI agent a cryptographically verifiable identity, with explicit delegation chains, time-scoped credentials, and real-time revocation with human-in-the-loop escalation capabilities that traditional human/machine identity systems were never designed to support.

AI Agents Are Going to Production—Without a Way to Identify Them

As enterprises rapidly move AI agents from experimentation into production, a fundamental gap has become impossible to ignore: when an agent takes an action, it’s often unclear who actually authorized it.

Most organizations today rely on workarounds like shared service accounts or borrowed user credentials. Those approaches were sufficient when systems acted on behalf of humans in predictable ways. But AI agents operate differently—they run continuously, act independently, and can execute thousands of operations per minute. When something goes wrong, the lack of clear identity and accountability becomes a serious risk.

That risk is no longer theoretical. Across the industry, organizations are already seeing incidents in which coding agents have deleted large volumes of data in seconds, or in which delegated tokens remain active long after the task they were created for has finished. In some cases, a single compromised credential has triggered outages lasting weeks. IBM Research estimates that shadow AI incidents alone can add hundreds of thousands of dollars in breach-related costs.

At the same time, regulatory expectations are tightening. The EU AI Act will soon require demonstrable human oversight for AI systems, with significant financial penalties for non-compliance, while the SEC now mandates rapid disclosure of material AI-related incidents. Together, these pressures are forcing companies to rethink how identity and accountability work in an agent-driven world.

ZeroID Treats Agents as First-Class Identities, Not Bolted-On Extensions

Highflame’s ZeroID was built in response to this shift. Instead of treating agents as bolted-on extensions of human identities, it treats them as independent identity principals. Each agent can be issued its own persistent identity, along with credentials that are scoped, time-limited, and tied to an explicit chain of delegation. They can coexist with human identities, where a human may own one or more agents, or exist independently for truly autonomous tasks.

In practice, that means an organization can clearly trace how authority flows from a human or system to an orchestrator, and from there to downstream agents. If access needs to be revoked, it can be done instantly, invalidating the entire chain rather than waiting for tokens to expire.

Built for How Agent Systems Actually Operate

Highflame ZeroID is designed to support the range of ways agents are deployed today, whether they are fully autonomous, operate on behalf of a user, coordinate through orchestrators, or communicate service-to-service in the background. The system adapts to these patterns while maintaining a consistent model of identity, delegation, and control. Under the hood, the system builds on emerging standards such as OAuth 2.1, RFC 8693 token exchange, SPIFFE-style identity URIs, and the OpenID Shared Signals Framework. But the goal isn’t just standards compliance—it’s to make identity actually work in the way modern agent systems behave.

“If We Get Identity Wrong, We Get Everything Else Wrong”

“The identity layer for the agentic era is being written right now,” said Sharath Rajasekar, Co-Founder and CEO of Highflame. “If we don’t get this right, we’re going to end up with systems that are powerful but fundamentally unaccountable. Identity infrastructure needs to be transparent and verifiable. That’s why we’re building this in the open.”

ZeroID has already been used internally as the foundation for Highflame’s commercial Agent Control and Governance Platform, which adds enforcement, observability, and policy management on top. By open-sourcing the identity layer, the company aims to accelerate the development of shared standards and give organizations a foundation they can inspect, audit, and build on.

Available Now as Open Source

ZeroID is available today at: https://github.com/highflame-ai/zeroid
Launch Blog: https://highflame.com/blogs/introducing-zeroid-open-source-identity-for-autonomous-agents

About Highflame

Highflame builds security infrastructure for autonomous AI systems. Its platform provides identity, guardrails, and governance controls that help enterprises deploy AI agents safely and with confidence.

Learn more at https://highflame.com.