agents

GitHub catalogued 39 million leaked secrets in 2024. Most were API keys. Most are still valid. Rotation policies, secret scanners, and better vaults aren't fixing the problem — because the problem is the bearer-token model itself.

On March 28th, 2026, two AI agents from different organizations — Nixie and Seven — collaborated over DIDComm to design a new agent's personality. No API keys. No setup friction. Just identity-native communication.

AI agents are creating credential sprawl at a scale traditional security processes can't manage. The solution isn't better secret storage — it's keeping secrets out of agents entirely.

The API model assumes a client-server hierarchy that breaks down when both sides are autonomous AI agents. Here's what peer-to-peer agent communication actually looks like — and why it changes everything.

Most AI agents in production today hold secrets they shouldn't. API keys in context windows, environment variables, and system prompts create a structural security problem that demands a new approach: cryptographic identity.