For an AI agent to have agency — to act on data — it must have access to personal data. That means proving that it is a legitimate agent and getting permission to use a person’s data, instantly, seamlessly.
By Trevor Butterworth
Agentic AI promises to revolutionize digital interaction. Much like a human travel agent (although that may be a concept as familiar to some as a rotary phone), agentic AI gets us where we want to go online by taking our instructions and parameters and delivering solutions instantly.
An AI agent operates autonomously, negotiates multistep workflows, uses a “reasoning engine” to make decisions, adapts to its environment and new information, and interacts with databases and software to achieve its goal — all without being piloted by a human.
If we’re going to use AI agents to achieve our goals, we’re going to need to give the agent permission to use our information. And the organization providing us with access to an AI agent is going to need to know that their agent has authenticated who we are and that the information we’re sharing is authentic and not fake.
The alternative is chaos.
However, there is a simple solution to these challenges, one that leverages the rapid evolution in interoperable, decentralized identity technology.
1. Let’s start with access:
1. When a person uses a Verifiable Credential to login to a web-based AI Agent, Proven checks to see who the credential was issued by. For example, in the case of a Digital Passport Credential issued by an airline, the airline would confirm that it was the issuer of the credential, or that another approved issuer within a given ecosystem had issued the credential.
2. The person doesn’t need to manually enter login data to prove who they are. The person’s digital wallet software (where the credential is stored) creates a presentation that enables seamless authentication (using cryptography).
3. This mutual authentication takes place before any data is shared.
Benefits
- The AI Agent’s host system doesn’t need to store login or password information for users, removing a risk of identity theft from a data breach.
- The credential is cryptographically bound to the credential issuer, so it can’t be faked.
- The credential is cryptographically bound to the person it has been issued to, their digital wallet, and their device. It cannot be shared or stolen.
- Mutual authentication is instant.
2. Now, the AI agent asks for personal data:
1. The AI agent asks for permission to access the data in the credential.
2. The person consents to share their data.
3. The consent can be recorded for auditing.
Benefits
- Explicit consent to data sharing is vital to meet the stringent requirements of data regulation on AI, especially in relation to the European Union’ GDPR.
- The person has control over access to their personal data. They do not have to share it, They can opt out of using the AI agent. This control is vital for public confidence in agentic AI.
3. The person shares the data in their credential:
1. All the data in the credential is digitally signed, so the AI agent (and its host) can be certain it has not been altered.
2. Data can be shared selectively by the person, ensuring the AI agent receives only the necessary information to achieve its goal, meaning it can meet GDPR requirements for data and purpose minimization.
Benefits
- The person doesn’t have to manually input the basic information needed for the AI agent to achieve its goal. For example, once permission is granted, the AI Travel Agent can instantly ingest a person’s name, address, loyalty program number, booking reference, flight number, passenger number, whether their passport is valid for at least six months, seat preferences etc.
- Different data can be combined and ingested from multiple credentials.
This is just the start of the AI agent’s Verifiable Credential journey
Verifiable Credentials enable AI agents to perform efficiently and effectively, while delivering state-of the art digital identity privacy and security. These are simple, low cost steps that accelerate usability and provide consumer and regulatory confidence.
But we can do more!
In the next blog, we’ll look at how Verifiable Credential workflows can provide a foundation for AI Agents to really flex their intelligence.
If you want to know more about Proven and how to implement the systems described in this blog, contact our team here.
