Abstract
The Agent Identity Protocol (AIP) defines verifiable cryptographic identity, scoped delegation, and provenance for AI agents communicating over MCP and A2A. AIP introduces Invocation-Bound Capability Tokens (IBCTs) that fuse identity, authorization, and provenance in a single token chain. Two token modes — compact (JWT+EdDSA, single-hop) and chained (Biscuit+Datalog, multi-hop) — give agents fine-grained delegation with attenuating scope, depth limits, and per-token budget ceilings. This page walks through the protocol interactively: the 6-step verification flow, a sample token chain, and three classes of attacks AIP rejects.
Module 1 — 6-Step Verification Flow
Click any step in the diagram to expand its details.
Module 2 — Token Chain Viewer
A 3-block chained token. Each block is expandable. Watch how scope attenuates as the chain grows.
Module 3 — Attack Simulator
Three classes of attack against AIP. Pick one and watch the verifier reject it.