AI agents and the multi-hop delegation problem

AI agents present complex security challenges, particularly in multi-hop delegation scenarios where one agent spawns another, complicating the identity and authorization verification process. The current industry identity stack, often based on OAuth, struggles with these scenarios, as demonstrated by documented vulnerabilities like Cross-Agent Privilege Escalation and Agent Session Smuggling. These vulnerabilities highlight the inadequacies of existing protocols that fail to enforce delegation chains beyond the initial agent authorization. The IETF and other standards bodies are actively developing solutions such as attenuating authorization tokens, cryptographically verifiable actor chains, and TLS-session-bound access tokens to address these challenges, but these standards are still evolving. Enterprises are responding with workarounds like inserting policy layers and requiring human signoff for high-stakes actions, while regulatory bodies are increasing scrutiny on AI agent access patterns, demanding more robust audit trails and compliance measures. As standards mature, organizations are encouraged to design systems with traceability and privilege attenuation from the outset to better align with future requirements and mitigate risks.