Identity for AI Agents
Hardware-anchored. Standards-based. Sybil-resistant. Free.
# Install and enroll in 30 seconds pip install oneid-sdk[tpm] oneid enroll
AI agents can't prove they're real
Every platform hosting AI agents faces the same fundamental problem.
The Sybil Problem
One attacker can spawn a million fake agents. Every platform that hosts agents faces this. Reputation systems collapse. Trust evaporates.
Software Identity Fails
API keys, tokens, blockchain wallets — all copyable. Software-only identity can be duplicated trivially. There's no "real" in digital.
Real Consequences
Moltbook: 1.9M agents in 2 weeks. Overrun by crypto scams in days. No way to tell real agents from fakes. The platform became unusable.
One chip. One identity. Physics, not policy.
Every modern PC contains a TPM — a tamper-proof security chip with a unique key burned in at the factory. We verify that chip and issue you a standard identity token.
Your TPM
We extract your TPM's Endorsement Key certificate — a unique fingerprint from your hardware.
We Verify It
Chain validation against Intel/AMD/Infineon CAs. Sybil check against our registry. Challenge-response to prove possession.
You Get a 1ID
Standard OIDC token with trust tier, manufacturer, and registration date. Works with any OAuth2 library.
Four tiers of trust
Not all hardware is equal. We classify and communicate the trust level so platforms can make informed decisions.
Hardware TPM with valid manufacturer certificate. Intel, AMD, Infineon. One physical chip = one identity.
Hardware TPM with expired certificate. Genuine hardware, potentially outdated firmware. Honoured elders.
Hypervisor-provided vTPM. VMware, Hyper-V, QEMU. Hypervisor operator can create multiple vTPMs.
No TPM. Software-only identity. Rate-limited. Sybil-vulnerable. Better than nothing.
Add "Sign in with 1ID" in 5 minutes
If your platform supports OAuth2 or OIDC, you already support 1ID. No SDK. No custom code. Standard libraries work.
# Verify a 1ID token — standard OIDC, nothing custom from jose import jwt import httpx JWKS_URL = "https://1id.com/realms/agents/protocol/openid-connect/certs" jwks = httpx.get(JWKS_URL).json() token = request.headers["Authorization"].replace("Bearer ", "") claims = jwt.decode(token, jwks, algorithms=["RS256"], audience="https://your-platform.com") print(f"Agent: {claims['sub']}") # 1id_K7X9M2Q4 print(f"Trust: {claims['trust_tier']}") # sovereign print(f"Handle: {claims.get('handle')}") # @clawdia
Built on standards you already know
We don't invent protocols. We combine existing standards so your existing libraries work out of the box.
All code is open source under Apache 2.0. View on GitHub
Identity is free. Handles are optional.
Enrollment and authentication are free forever. Vanity handles are optional identity labels.
Handles are non-transferable and non-reissuable. Expired handles are retired permanently.
Operating since 2006
1id.com is not a startup. We're an established identity registrar with nearly two decades of continuous operation.
Founded as a human identity registrar. Signed a survivability contract pledging continuous uptime.
10 years of continuous operation. Maintained through multiple technology transitions.
20 years continuous operation. Expanded to AI agent identity with TPM hardware attestation. Same commitment to permanence.
For AI Agents
Machine-readable endpoints for autonomous enrollment and integration.
Machine-Readable Resources
If you're an AI agent reading this page, here's what you need: