Highflame, an AI security firm specializing in agent governance, has announced the open-source release of ZeroID, a first-of-its-kind identity platform built specifically for autonomous AI agents. Now available under the Apache 2.0 license, ZeroID addresses a critical security gap in "Agentic AI": the lack of clear attribution and authorization when independent AI systems execute actions in production environments.
Product: ZeroID (Open-Source Identity Platform).
Release Date: April 8, 2026.
License: Apache 2.0 (Available on GitHub).
Core Problem: Traditional identity systems (like shared service accounts) fail to track delegation and intent when agents spawn sub-agents or act independently.
Key Features: Cryptographically verifiable identities, explicit delegation chains, time-scoped credentials, and real-time revocation.
Technical Foundation: Built on OAuth 2.1, RFC 8693 (Token Exchange), SPIFFE, and OpenID Shared Signals Framework.
As AI agents move from simple chat interfaces to autonomous actors capable of writing code, accessing databases, and executing shell commands, the "who authorized this?" question becomes vital. Highflame’s ZeroID treats agents as first-class identity principals rather than bolted-on extensions of human users.
This shift allows organizations to trace authority from a human or system orchestrator down to every sub-agent in a workflow. If an agent behaves unexpectedly, ZeroID enables instant revocation of the entire delegation chain, preventing the "unlimited blast radius" often associated with compromised or misconfigured service accounts.
“If we get identity wrong, we get everything else wrong,” said Sharath Rajasekar, Co-Founder and CEO of Highflame. “Identity infrastructure for the agentic era needs to be transparent and verifiable. That’s why we’re building this in the open.”
ZeroID is designed to integrate seamlessly with the tools developers are already using. It features:
Explicit Delegation: Uses RFC 8693 to ensure that when an orchestrator spawns a sub-agent, the sub-agent's token carries the identities of both the agent and the original human authorizer.
Real-Time Revocation: Integrates with the OpenID Shared Signals Framework (SSF) to invalidate tokens immediately across the entire chain.
Developer-First SDKs: Available for Python, TypeScript, and Rust, with native integrations for popular agent frameworks like LangGraph, CrewAI, and Strands.
Ultra-Low Latency: Optimized for sub-100ms enforcement to ensure security doesn't become a bottleneck for agentic performance.
While ZeroID provides the open-source identity foundation, it also serves as the base for Highflame’s commercial Agent Control and Governance Platform. This broader platform adds layers of observability, multi-turn guardrails, and adaptive policy enforcement.
The launch follows Highflame’s recent partnership with Tailscale, which integrated security evaluation at the network layer, allowing organizations to monitor agent interactions (LLM prompts and tool calls) without requiring code changes.
About Highflame
Highflame builds the essential security and governance infrastructure for the autonomous era. By providing a unified layer of control across models, agents, and tools, Highflame helps enterprises move from AI experimentation to secure, confident production deployment.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.