NO IDENTITY.NO BOUNDARIES.NO KILL SWITCH.

Your AI agents are running on borrowed trust.Fidea is the infrastructure to fix that.

AI AgentIdentity RegistryToken IssuerPolicy EngineAuth ProxyVaultTarget APIAudit Log

Built for teams using

The agentic
identity crisis

When the first AI agents needed to call an API, engineers did what they always do: grabbed an API key from the environment, or borrowed an OAuth token from the user who triggered the workflow.

That was the original sin of agent security.
Human OperatorAgent RegistryToken IssuerCredential ProxyTarget API

CREDENTIAL SPRAWL

One agent, 37 API keys, none expiring for 90 days. It was created for a one-hour task three months ago.

KEYKEYKEYKEYKEYKEYKEYKEY

INVISIBLE DELEGATION

Agent A calls Agent B, which calls Agent C, which accesses your payment system. Nobody approved that chain.

ABC$$

NO KILL SWITCH

You revoke the agent's token. But the 12 sub-agents it spawned still have active credentials.

XOKOKOK

IDC projects the market will reach 1.3 billionenterprise AI agents by 2028.

Today, only

0%

have dedicated agent credentials.

Gartner projects that by end of 2026,

0%

of enterprise apps will have task-specific agents —
racing toward Zero Standing Privileges.

Meanwhile,

0%

of organizations have reported a confirmed or suspected
AI-agent-related security event in the past year.

Sources: IDC Worldwide AI Agents Forecast 2024–2028; Gartner 2026; Industry survey 2025–2026

Why traditional IAM fails

The gap between human identity and machine trust is not a feature request.

HUMAN USERAI AGENT
AuthenticationOnce, at loginContinuous, per-action
Session durationHoursMilliseconds to weeks
Delegation modelExplicit consentAutomatic, chain-based
Credential lifecycleLong-lived, renewableShould be ephemeral, task-scoped
Identity sourceCorporate directoryCreated programmatically
Revocation speed neededHours (acceptable)Milliseconds (critical)
Audit granularitySession-levelAction-level
Spawn behaviorNeverFrequently, recursively

01RECURSIVE DELEGATION

Support agent calls a fulfillment agent, which calls a logistics API. Three levels of delegation, all using the original human's OAuth token. The logistics API has no idea an AI is involved.

02CREDENTIAL HOARDING

A coding assistant accumulates 43 active OAuth tokens across 12 services over six months. Its service account has more production access than any individual engineer. Nobody can enumerate the tokens.

03PHANTOM AGENTS

A test agent spawns sub-agents over the weekend. By Monday, seven autonomous processes are running under a single identity, all with database access, none of them intentional.

The trust layer

Four primitives. One infrastructure. Zero inherited credentials.

01

IDENTITY

Every agent gets a cryptographic identity. Not a borrowed human credential. Not a shared service account. Its own identity, issued at creation, revocable in milliseconds.

AGENT-ID0x7f3a...b29c

02

SCOPING

Credentials are scoped to exactly the task, the API, and the time window required. A token issued for "read order #4521" cannot access order #4522.

All APIsThis APIThis ResourceThis Action

03

DELEGATION

When Agent A spawns Agent B, the delegation is explicit, recorded, and scoped. B inherits a subset of A's permissions, never the full set.

AsubsetBsubsetC

04

REVOCATION

Any credential, any agent, any delegation chain — revoked in milliseconds. Not hours. Not "after the token expires." The kill switch works at machine speed.

Agent AAgent BAgent CSub-1Sub-2Sub-3

How they compose

Human Operator
Agent Registry

Identity: Agent receives unique ID

Token Issuer

Scoping: Token scoped to task + API + time

Policy Engine

Rules: Deny by default, allow by policy

Credential Proxy

Delegation: Agent never sees raw credential

Target API

Audit Service observes every step — cryptographic chain

Your agents never see raw credentials.

The credential proxy sits between agents and the APIs they access. When an agent needs to call Stripe, it doesn't receive a Stripe API key. It receives a scoped, ephemeral Fidea token. The proxy translates that token into the real credential at the gateway.

A compromised agent has nothing to steal. No credential to exfiltrate, no key to copy, no secret to leak. The blast radius is bounded by the scope and lifetime of its Fidea token.

Millions of AI agents access production databases, financial APIs, and infrastructure controls every day. They operate at machine speed and delegate authority to sub-agents no human ever approved.

They are using your employees' credentials. When something goes wrong, there is no kill switch that works fast enough. Fidea exists to fix that.

See the platformStart building

The platform

A suite of purpose-built services for managing the complete lifecycle of agent trust — from identity issuance to credential management to real-time monitoring.

AVAILABLE NOW

Agent Registry

Identity, metadata, lifecycle management, instant kill switch.

Core service

Token Issuer

OAuth 2.1 + PKCE, opaque tokens, on-behalf-of delegation, task-scoped.

Credential Proxy

Gateway-mode enforcement. Agents never see raw credentials.

Policy Engine

Embedded rules. Deny by default. Scope-aware. Time-windowed access.

Audit Service

Append-only cryptographic chain. Tamper-evident. Complete delegation trail.

Python SDK + CLI

pip install fidea. Three lines to authenticate. Full API coverage.

Request access

COMING NEXT

Agent SOC

Real-time anomaly detection, behavior baselines, threat response for AI agents.

2026

Agent DAST

Automated discovery of permission escalation paths and credential exposure in agent workflows.

2026

Federation

Cross-organization agent trust with verifiable identity and scoped delegation.

Exploring

Zero to authenticated agent
in five minutes.

Terminal
$
quickstart.py
1import fidea
2
3agent = fidea.Agent(
4 name="order-processor",
5 scopes=["orders:read", "shipping:read"],
6)
7
8token = agent.authenticate(task_id="order-4521")
9
10# Calls go through the credential proxy —
11# your agent never sees the real API key
12response = agent.proxy.get(
13 "https://api.stripe.com/v1/charges",
14 params={"limit": 1}
15)

SDK Reference

Full Python SDK docs. Types, methods, error handling.

View docs

CLI Tool

fidea-cli for local dev and CI/CD integration.

Install CLI

API Reference

OpenAPI 3.1 spec. Every endpoint, every parameter.

Browse API

Architecture Guide

How the components fit together. Sequence diagrams.

Read guide

Example Agents

Six examples from simple to multi-delegation chain.

See examples

GitHub

MIT license. Contribute, fork, or read the source.

View repo
Request a sandbox

Deep dives

NOW

  • Authentication
  • Identity
  • Credential Proxy
  • Audit Chain

NEXT

  • Security Operations
  • Dynamic Testing
  • Behavior Monitoring
  • Compliance Reporting

FUTURE

  • Federation
  • Intent-Based Access
  • Cross-Org Trust
  • Agent Marketplace Trust

The agent economy is here.

The question is whether access to your most sensitive systems is governed by infrastructure designed for agents — or by patches on systems designed for people who type passwords.