agentID: The identity layer for AI agents, powered by national eIDs

As AI agents become more autonomous, we identified a structural gap in the internet’s architecture: agents can act, but they cannot prove who they represent.

Websites respond by blocking automated traffic because there is no reliable way to distinguish a legitimate personal agent from spam, or large-scale data harvesting.

For Europe’s largest hackathon, HackEurope, we built AgentID: the identity layer for AI agents. It lets an AI agent carry a time-limited cryptographic certificate proving its operator has authenticated via BankID. Third-party services verify the certificate offline using standard RS256 JWT verification — no round-trip to AgentID required.

Core components

  • MCP Server: A one-click install MCP server for personal AI agents, enabling identity binding at the agent level.
  • Framework Integrations: npm packages for major web frameworks (Next.js, Express.js, etc.) that allow services to verify AgentID certificates with minimal integration effort.
  • Certificate Issuer Service: A central issuance service that binds a BankID-verified human identity to an AI agent and issues time-limited cryptographic credentials.

How it works

  1. A human authenticates using BankID.
  2. AgentID binds that verified identity to a specific AI agent instance.
  3. A time-limited RS256-signed JWT is issued.
  4. The agent attaches this certificate to every HTTP request.
  5. Third-party services verify the certificate offline using standard JWT signature verification.

Security efforts

  • RS256: asymmetric signing; the private key never leaves the server.
  • Pseudonymous identity: personal numbers are never stored or exposed in JWTs.
  • Offline verification: consumers fetch the public key from /api/jwks once and verify locally. No runtime dependency on AgentID.
  • Short-lived tokens: 1-hour expiry limits the blast radius of a leaked token.
  • Session isolation: each BankID session maps to a single-use AgentID session stored in Redis with a 10-minute TTL for pending sessions.

Lights out, grab some popcorn, watch our demo!

Making agentID open source

In our efforts to make agentID a simple technology to be implemented across Europe, we have released the codebases for all the packages, the MCP integration, and the certificate issuer service on Github! Below are some links to get started:

Full installation instructions
Source code

Support our project on DevPost!

agentID on Devpost

In

,