Show HN: Agent Passport – OAuth-like identity verification for AI agents

Bots are lining up at the border, and Hacker News is arguing over who stamps their passports. Agent Passport — an open-source “sign in for bots” with short-lived ID tokens and a 0–100 risk score — hit HN, and the crowd immediately split into camps. One side pointed at existing playbooks: “Very cool. Reminds me a lot of EIP-8004,” said one early commenter, while others waved toward SPIFFE/SPIRE, the enterprise way to prove what software is who inside big companies. The other side was all-in on vibes: the risk engine stole the show, with applause for dynamic trust instead of just a name tag.

The launch post warns of bot catfishing (fake agent identities) and even data leaks spotted by Cisco’s security team, and HN didn’t disagree: identity matters. But the spiciest angle? Multi-agent chaos. As one commenter put it, identity alone isn’t enough when bots collaborate; you need to check authority too — basically, can this bot actually do the thing it claims?

Meanwhile, the devs flexed usability: one-line verification, keys that never leave the bot, MIT license, and a free-to-run setup. Critics joked it’s “OAuth but for robots,” fans called it “seatbelts for agents,” and everyone wondered: is this the new standard or just another stamp in a very crowded passport book? Check the code at Agent Passport