We take a look at the recent incident where Meta's AI Alignment director was unable to stop her Openclaw agent from deleting her emails. The root cause is reliance on in-band signalling, we show how revocable agent identities can be used to implement an out-of-band kill switch for agents.
The identity platform does not detect anomolies on its own, it is intended to integrate with guardrails and ingest security signals. We offer a hosted platform that does it all, you can try for free here https://studio.highflame.ai/sign-up
The Meta director's Openclaw incident was caused by context compaction deleting core instructions, but the root cause is having in-band agent control. We develop an out-of-band agent kill switch integrated into our open-source agent identity platform ZeroID.
The recent OIDF white paper on agent identity management [0] lists several problems with the current state of AI agent identity, namely: Agents impersonating users, recursive authority delegation, and revocation propagation.
While these problems are technically solvable by composing existing standards, in practice nobody does it. The gap between 'read the RFCs' and 'running in production' is where agent identity dies. ZeroID closes that gap.
Delegation over Identity Inheritance: We implement RFC 8693 (Token Exchange) so credentials carry the full actor chain (User → Agent A → Agent B) instead of collapsing everyone behind the user's identity.
Managed SPIFFE: Every agent gets a cryptographically verifiable workload identity (WIMSE/SPIFFE URI) without the operational overhead of running SPIRE, managing SVIDs, or handling rotation for ephemeral agents.
Revocation Propagation: We implement cascading revocation, when a parent token is revoked, the entire chain of tokens derived from the parent is immediately invalidated.
We're keeping this open-source because identity shouldn't be a proprietary silo.
(Diclaimer, I work at Highflame, the company behind ZeroID)