What is agent identity?
Agent identity is the bundle of attributes — email, phone, fingerprint, credentials, history — that lets an AI agent show up on the web as a credible, persistent actor instead of a disposable bot. Identity is what unlocks authenticated workflows and what determines whether the agent gets blocked.
What is agent identity?
Agent identity is the bundle of attributes that lets an AI agent show up on the web as a credible, persistent actor — not a disposable bot. It is the answer to the question every authenticated website implicitly asks of any visitor: who is this, and should I trust them?
In its full form, an agent identity includes a real-looking name, a working email address, an SMS-capable phone number, a stable browser fingerprint, a credential vault holding passwords and TOTP secrets, and over time a believable behavioral history. Without identity, an AI agent can browse the open web — but it cannot sign up for services, log in to dashboards, recover from 2FA challenges, or do any of the work that lives behind authentication.
Agent identity is the single most important difference between a demo-grade browser agent and one that actually ships value in production. The 85% of the web that's gated behind login screens is unreachable without it.
The problem agent identity solves
Until recently, "automation" and "authentication" rarely appeared in the same sentence. Scrapers ran on public pages. Login flows were a manual setup step you did once and hoped to never touch again. The standard playbook was:
- A human opens the browser, logs in by hand, and exports the session cookies.
- The cookies get pasted into a script. The script runs until the cookies expire — typically days, sometimes weeks.
- When they expire, a human re-authenticates. A 2FA SMS goes to that human's phone.
This works for a single workflow run by a single team, and it shatters at any scale beyond that. It can't run unattended. It can't sign up for new services. It can't handle multi-account workflows. And it certainly can't be packaged as a deployed product where the user's AI agent needs to act on the user's behalf.
Three forces have made identity a first-class concern:
- Agentic products. Consumer AI assistants need to act on behalf of users — booking, paying, applying — which means logging into the user's accounts.
- Agent-friendly anti-bot. Sites are increasingly distinguishing between malicious bots and authorized agents. Agents with credible identities get through; ones without don't.
- 2FA everywhere. Almost every meaningful service now requires multi-factor authentication. Disposable email and burner phones don't survive contact with these flows for long.
Agent identity is the layer that makes autonomous web work possible at scale.
What's inside an agent identity
A complete agent identity has four parts:
- A digital identity. Name, address, date of birth, and the long tail of attributes a real user has — language preferences, timezone, profile picture. Digital identities need to be coherent: the timezone should match the address, the language should match the country.
- Communication channels. A dedicated email inbox the agent can read programmatically, plus an SMS-capable phone number. These power 2FA and MFA flows — the agent receives the code, parses it, and types it back into the form.
- A credential vault. An encrypted store holding passwords and TOTP secrets. The vault injects credentials directly into the browser at runtime so they never pass through the LLM context — see credential vaulting.
- A persistent browser environment. A consistent fingerprint (canvas hash, fonts, screen size, timezone), session storage that survives across runs, and a usage history that looks like a real user's.
Together, these primitives let an agent sign up, log in, recover lost passwords, and behave consistently across runs — all without human intervention.
How agent identity works in practice
Here's a minimal Notte example: create a digital identity, then run an agent that uses that digital identity to sign up for a service.
from notte_sdk import NotteClient
client = NotteClient()
# Create a persistent digital identity — email, phone, and an attached vault.
identity = client.Persona(create_vault=True)
print(f"Identity email: {identity.info.email}")
# The agent runs against this identity. When it encounters a sign-up or login
# form, it pulls credentials from the attached vault. When 2FA hits, the agent
# reads the verification code from the identity's email or SMS inbox and
# submits it — all without human intervention.
with client.Session() as session:
agent = client.Agent(persona=identity, session=session, max_steps=12)
response = agent.run(task="Sign up for an account at example.com.")Underneath that, four things happen:
- The cloud browser session inherits the digital identity's fingerprint, cookies, and storage state from previous runs.
- When the form asks for an email, the digital identity's dedicated address is filled. When it asks for a phone, the digital identity's number is filled.
- The 2FA SMS or magic link arrives in the digital identity's inbox. A side-channel reader fetches it and the agent submits the code.
- After the run, the new credentials are written back into the vault. The next run starts already authenticated.
When you need agent identity
Agent identity matters whenever your workflow touches a gated part of the web. The clearest signals:
- The flow includes a sign-up or log-in step.
- The site sends an SMS or email verification.
- You need the agent to act consistently as the same user across many runs (e.g., daily monitoring of a dashboard).
- You're shipping a product where the agent acts on behalf of your customer, not just internal data extraction.
- The target site has aggressive anti-bot defenses that single-out disposable identities.
You probably don't need full identity if you're scraping public pages, running short-lived test automations, or using a single shared corporate account that's set up manually.
Identity vs. fingerprinting vs. credentials
These terms blur into each other but they describe different layers:
| Fingerprint | Credentials | Identity | |
|---|---|---|---|
| Scope | Browser-level signals | Per-site secrets | The whole package |
| What it answers | "Is this a normal browser?" | "Is this the right user?" | "Is this a real, persistent person?" |
| Storage | Browser config | Vault | All of the above plus history |
| Owner | The browser | The user | The agent platform |
A perfect fingerprint without credentials gets you past anti-bot detection but not into a logged-in session. Credentials without a persistent fingerprint get flagged the second time you log in from a different "device." A complete identity bundles them so they're always coherent.
Key takeaways
- Agent identity is the layer that makes an AI agent a credible, persistent web actor — name, email, phone, vault, fingerprint, history.
- Without identity, agents are stuck on the public 15% of the web. With it, they can reach the gated 85%.
- A complete identity is a digital identity + communication channels + credential vault + persistent browser state.
- Identity is what makes 2FA and MFA solvable, what survives anti-bot heuristics, and what lets agents act on behalf of users in shipped products.
- Use it whenever your workflow hits a sign-up, log-in, or verification step — which is most useful workflows.
If you're shipping an AI agent that touches authenticated pages, credential vaulting and logging into authenticated websites are the next reads.