Who Is Building Agent Identity Infrastructure
Identity and authentication for AI agents differs from human identity at three levels: agents act on behalf of principals (chained authorisation), agents call APIs at machine speed (rate-limit and abuse considerations), and agents need scope-limited credentials that can be revoked without breaking the principal's broader auth state. Startups building this layer split into incumbent identity vendors adding agent features and pure-play agent-identity newcomers. This page consolidates the landscape as of May 2026.
Incumbent Identity Vendors with Agent Extensions
| Company | Agent Capability | Status |
|---|---|---|
| Auth0 (Okta) | Agent-scoped OAuth flows, agent token issuance | Production; broad enterprise adoption |
| WorkOS | SSO + SCIM for agents; agent identity provider integrations | Production; B2B-developer focus |
| Stytch | Agent OAuth + delegated authorisation | Production; recent agent-specific feature launches |
| Curity | OAuth-for-Agents IETF draft support | Production; European market-leading |
| Frontegg | SaaS-customer-facing agent identity | Production |
| Descope | Agent flow management; passwordless extensions | Production |
Agent-Native Identity Startups
| Company | Funding | Focus |
|---|---|---|
| Stainless | ~$25M cumulative | SDK generation + agent-ready API surfaces; YC alumnus |
| Anrok | ~$50M cumulative | Tax compliance for agent-mediated transactions |
| Plaid (AI agent integrations) | Part of Plaid (post-IPO valuation) | Financial-data agent identity; verified principal flows |
| Persona | ~$200M cumulative | KYC / KYB for agent principals |
| Token2 / Token Security | ~$10M cumulative | Agent-specific authentication; identity-as-code |
| Pomerium | ~$20M cumulative | Zero-trust access for agents accessing internal services |
Six Things the Identity-Startup Landscape Tells You
- Incumbents are extending faster than pure-plays can launch. Auth0, WorkOS, Stytch, and Curity all shipped agent-specific features through 2025-2026, partially closing the window for pure-play agent-identity startups. Pure-plays need to differentiate sharply (vertical focus, novel cryptographic primitives, or AAIF-native positioning) to compete.
- The OAuth-for-Agents IETF draft is the consolidation event to watch. When the draft ships as an RFC, incumbent vendors get a standard to implement and pure-plays lose some of their differentiation surface. Working-group activity is heating up; expect movement late 2026 or 2027.
- Stainless is the surprise contender. Started as SDK-generation infrastructure (auto-generated client libraries for APIs); has expanded into agent-ready API surfaces and developer-experience infrastructure for agents. The thesis: clean SDK surfaces are an under-invested agent-readability primitive.
- KYC / KYB infrastructure is being adapted for agents. Persona, Plaid, and other identity-verification platforms now offer agent-principal verification flows that satisfy Visa TAP, OpenAI Verified Agents, and similar program requirements. The pattern reuses existing human-KYC infrastructure with agent-specific extensions.
- Zero-trust access is the enterprise-internal angle. Pomerium and similar zero-trust platforms now treat AI agents as a first-class principal type alongside humans and service accounts. Enterprise adoption of agentic AI requires zero-trust patterns or equivalent; expect category growth as enterprise agent deployments scale.
- The category is younger than observability. Most agent-identity-specific startups are pre-Series-B; total funding in the category is well below observability or durable execution. Expect rapid funding-round acceleration through 2026-2027 as agent deployments scale and identity-and-auth becomes a recognised distinct buyer.
What This Means for AI Visibility
Identity and auth startups themselves are small as a buyer category but disproportionately influential: every B2A product depends on solving authentication. Brands selling into developer tooling, enterprise security, or compliance should treat agent-identity-startup buyers as a focused but high-leverage segment. For brands building agents that need authentication-from-customers, integration with Auth0, WorkOS, or Stytch is the standard go-to-market path and gives downstream developer-visibility lift through their respective ecosystems.
Methodology
Funding and product data collected May 15, 2026 from Crunchbase, PitchBook, vendor websites, and recent product-launch press coverage. Incumbents' agent-specific feature timelines from vendor changelogs and release notes. Refreshed quarterly.
How Presenc AI Helps
Presenc AI tracks brand presence inside developer-tool buying communities, which is where agent-identity-startup procurement decisions are made. For brands selling into the identity layer or building products that integrate with these vendors, our instrumentation captures the developer-visibility lift from documentation, tutorials, and ecosystem placements.