VORIM
We use cookies

We use cookies to analyze site traffic and improve your experience. You can choose to accept all cookies or only essential ones. See our Privacy Policy.

Blog

Ideas, Standards & Engineering

Exploring the future of AI agent identity, trust protocols, and secure autonomous systems.

Stay updated
Get new posts on AI agent security, compliance, and identity delivered to your inbox.
June 26, 2026
Kwame Nyantakyi
6 min read

Delegation Receipts: Proving an AI Agent Only Ever Lost Authority, Offline

Every agent identity vendor answers "is this agent allowed?" by checking a token against their server. Take the server away and the proof evaporates. @vorim/verify 0.5.0 ships delegation receipts: a human-readable, offline-verifiable record showing exactly how authority narrowed at each hop of a delegation chain. No vendor. No blockchain.

DelegationOffline VerificationOpen SourceVAIPAuditRead more
June 25, 2026
Kwame Nyantakyi
2 min read

Vorim AI Joins Claude for Startups and OpenAI for Startups

Vorim AI has been accepted into both Claude for Startups and OpenAI for Startups. A short note on what it means for the work, and a thank-you to the people building alongside us.

CompanyAnnouncementEcosystemRead more
June 23, 2026
Kwame Nyantakyi
7 min read

Let Your Agent Set Up Vorim: Agent-Led Onboarding With the Device Authorization Grant

An AI coding agent can now onboard you to Vorim itself, getting a scoped, server-clamped API key after you approve once in the browser. No key pasting. Here is how the device flow works, why we kept a human in the loop, and the one-call setup.

OnboardingDevice FlowOAuthSecuritySDKMCPRead more
June 17, 2026
Kwame Nyantakyi
6 min read

The Identity and Audit Layer for Google's Universal Commerce Protocol (UCP)

Google's UCP lets AI agents discover, check out, and pay across millions of merchants. It standardises the transaction. It does not answer which agent is spending, whether it is allowed to, or how a counterparty proves what it bought. We built that layer.

GoogleUCPCommerceIdentityIntegrationRead more
June 4, 2026
Kwame Nyantakyi
7 min read

What "Offline-Verifiable" Actually Means, and How to Demo It in Five Minutes

Every agent identity vendor we tested says its audit trail is "tamper-evident." None of them ships an audit bundle a third party can verify without the vendor in the trust path. Here is what changes when one does.

AuditCryptographyVerificationEd25519VAIPStandardsRead more
May 6, 2026
Kwame Nyantakyi
8 min read

Why Agent Identity Should Not Ship with the Model

When Microsoft launched Agent 365, the question on every founder's LinkedIn was "is this game over?" It's the wrong question. The right one: where does the trust layer for AI agents belong in the stack?

IdentityStandardsVAIPMicrosoft Agent 365Open ProtocolRead more
April 18, 2026
Kwame Nyantakyi
5 min read

Giving OpenClaw Agents Identity, Permissions, and Audit Trails

OpenClaw agents can browse the web, execute shell commands, and send emails. Now they can prove who they are, stay within their permissions, and log every action with a tamper-proof audit trail.

OpenClawIntegrationMCPIdentityRead more
April 16, 2026
Kwame Nyantakyi
6 min read

Securing Agent Commerce: Identity Verification for Stripe's Agentic Commerce Protocol

AI agents can now buy things via Stripe ACP. But who verifies the agent before it spends money? We built the identity layer for agentic commerce.

StripeCommercePaymentsIntegrationRead more
April 15, 2026
Kwame Nyantakyi
6 min read

Type-Safe Agent Identity for Pydantic AI: Permissions and Audit Trails the Pydantic Way

Pydantic AI gives your agents type safety. Vorim gives them identity, permissions, and audit trails. Here's how to combine them with dependency injection.

Pydantic AIPythonIntegrationDeveloper ToolsRead more
April 15, 2026
Kwame Nyantakyi
7 min read

Introducing @vorim/a2a: The Identity and Trust Layer for Google's A2A Protocol

AI agents can now discover and talk to each other via Google's A2A Protocol. But how does Agent A know Agent B is trustworthy? We built @vorim/a2a to solve that.

A2AIntegrationTrustOpen ProtocolRead more
March 12, 2026
Vorim AI Team
8 min read

Why AI Agents Need an Identity Layer — And Why It Can't Wait

As autonomous agents move from demos to production, the lack of standardized identity infrastructure is becoming the single biggest blocker to enterprise adoption. Here's why identity is the missing layer.

IdentityAI AgentsSecurityRead more
March 10, 2026
Vorim AI Team
10 min read

Building a Trust Protocol for AI Agents: From Zero Trust to Earned Trust

Zero Trust architecture assumes nothing can be trusted. But for AI agents to collaborate effectively, they need a path from zero trust to earned trust. Here's how we designed Vorim AI's trust scoring system.

TrustProtocolArchitectureRead more
March 6, 2026
Vorim AI Team
7 min read

Permission Design Patterns for Autonomous AI Agents

How do you design a permission system for software that makes its own decisions? We share 5 battle-tested patterns from production agent deployments.

PermissionsDesign PatternsBest PracticesRead more
March 1, 2026
Vorim AI Team
6 min read

Cryptographic Audit Trails: How to Make AI Agent Actions Compliance-Ready

Regulators are coming for AI. Signed audit bundles, SHA-256 manifests, and tamper-proof event chains are how you prepare. A practical guide.

ComplianceAuditCryptographyRead more
February 24, 2026
Vorim AI Team
12 min read

Towards an Agent Identity Standard: Why AI Needs Its Own RFC

HTTP has RFCs. TLS has RFCs. OAuth has RFCs. AI agent identity has... nothing. It's time to change that. Here's our proposal for what an agent identity standard should look like.

StandardsProtocolRFCIdentityRead more
March 22, 2026
Vorim AI Team
7 min read

EU AI Act Compliance for AI Agents: What You Need to Know in 2026

The EU AI Act is now enforceable. Here's what it means for teams deploying autonomous AI agents — and how identity, audit trails, and trust scoring keep you compliant.

complianceeu-ai-actregulationRead more
March 25, 2026
Vorim AI Team
8 min read

Securing LangChain and OpenAI Agents in Production: A Practical Guide

How to add identity verification, permission checks, and audit logging to LangChain and OpenAI agents using the Vorim SDK. Production-ready patterns with code examples.

langchainopenaisecuritysdkRead more
March 30, 2026
Vorim AI Team
10 min read

US AI Laws & Executive Order 14110: How to Build Compliant AI Agents in 2026

The US is regulating AI at both federal and state level. Executive Order 14110 sets the tone, and states like Colorado, Illinois, Texas, and California are writing the rules. Here's what AI agent developers need to know — and how to stay compliant.

complianceregulationus-ai-lawRead more
March 31, 2026
Vorim AI Team
12 min read

The Practical Guide to Securing AI Agents: Identity, Trust & Accountability

AI agents are shipping to production without verifiable identity, scoped permissions, or tamper-proof audit trails. This guide covers why agent trust infrastructure matters, what regulations are driving it, and how to implement it in your stack today.

guidesecurityidentitytrustRead more
April 11, 2026
Vorim AI Team
10 min read

Credential Delegation for AI Agents: How to Give Agents OAuth Access Without Sharing Secrets

Your AI agents need to access Google Drive, GitHub, and Slack on behalf of users. But sharing refresh tokens directly is a security liability. Here's how credential delegation solves this — and how to implement it with Vorim AI.

Credential DelegationOAuthSecurityAI AgentsRead more
April 11, 2026
Vorim AI Team
8 min read

Ephemeral Agents: Temporary Identity for Short-Lived AI Agents Using W3C did:key

Not every AI agent needs to live forever. Ephemeral agents use W3C did:key identifiers to get full cryptographic identity, permissions, and audit trails — then auto-expire when their job is done.

Ephemeral Identitydid:keyW3CAI AgentsRead more
April 11, 2026
Vorim AI Team
9 min read

The Compliance Layer That Unlocks OpenAI Agents in Regulated Enterprise

OpenAI agents are powerful. But enterprise security teams won't approve them without identity verification, permission scoping, and compliance-grade audit trails. Vorim AI provides the accountability layer that makes deployment possible.

OpenAIEnterpriseComplianceAI AgentsRead more
April 11, 2026
Vorim AI Team
9 min read

The Trust Infrastructure That Makes Multi-Agent Claude Safe for Enterprise

Anthropic built Claude to be helpful, harmless, and honest. But enterprise deployment of multi-agent Claude systems requires more than safety alignment — it requires verifiable identity, scoped permissions, and signed audit trails.

ClaudeAnthropicEnterpriseMulti-AgentTrustRead more
April 11, 2026
Vorim AI Team
8 min read

The Identity Layer for the Open-Source Agentic Ecosystem

LangChain, CrewAI, LlamaIndex, AutoGen — the open-source agent ecosystem is thriving. But none of these frameworks ship with identity infrastructure. Vorim AI is the missing layer that makes open-source agents enterprise-safe.

Open SourceLangChainLlamaIndexCrewAIEnterpriseRead more
April 11, 2026
Vorim AI Team
10 min read

An Open Identity Protocol for the Agentic Web

The web needed SSL. APIs needed OAuth. Cloud needed IAM. The agentic web needs an open identity protocol. VAIP is that protocol — and it's designed to be steward-agnostic, standards-based, and infrastructure-grade.

ProtocolStandardsIETFIdentityInfrastructureRead more
April 11, 2026
Vorim AI Team
9 min read

AI Agent Identity and Accountability at Scale: Infrastructure for the Next Generation of AI Systems

As AI agents scale from hundreds to millions, the infrastructure for identity, permissions, and audit trails must scale with them. Here's what accountability looks like at production scale — and why it matters for every AI company.

ScaleInfrastructureAI AgentsIdentityEnterpriseRead more