English

Agentic JWT: A Secure Delegation Protocol for Autonomous AI Agents

Cryptography and Security 2025-09-18 v1 Artificial Intelligence

Abstract

Autonomous LLM agents can issue thousands of API calls per hour without human oversight. OAuth 2.0 assumes deterministic clients, but in agentic settings stochastic reasoning, prompt injection, or multi-agent orchestration can silently expand privileges. We introduce Agentic JWT (A-JWT), a dual-faceted intent token that binds each agent's action to verifiable user intent and, optionally, to a specific workflow step. A-JWT carries an agent's identity as a one-way checksum hash derived from its prompt, tools and configuration, and a chained delegation assertion to prove which downstream agent may execute a given task, and per-agent proof-of-possession keys to prevent replay and in-process impersonation. We define a new authorization mechanism and add a lightweight client shim library that self-verifies code at run time, mints intent tokens, tracks workflow steps and derives keys, thus enabling secure agent identity and separation even within a single process. We illustrate a comprehensive threat model for agentic applications, implement a Python proof-of-concept and show functional blocking of scope-violating requests, replay, impersonation, and prompt-injection pathways with sub-millisecond overhead on commodity hardware. The design aligns with ongoing OAuth agent discussions and offers a drop-in path toward zero-trust guarantees for agentic applications. A comprehensive performance and security evaluation with experimental results will appear in our forthcoming journal publication

Keywords

Cite

@article{arxiv.2509.13597,
  title  = {Agentic JWT: A Secure Delegation Protocol for Autonomous AI Agents},
  author = {Abhishek Goswami},
  journal= {arXiv preprint arXiv:2509.13597},
  year   = {2025}
}

Comments

17 pages, 6 figures, 2 Tables

R2 v1 2026-07-01T05:40:53.454Z