The Race to Build Identity Stacks for Agentic AI: Ping Identity, Saviynt, Dock Labs, and More Enter the Arena

Key Takeaways

Major vendors including Ping Identity, Saviynt, Dock Labs, and Wink/Vouched are launching dedicated identity stacks for AI agents
Traditional human-centric identity management cannot control or audit autonomous AI agents, leaving 91% of enterprises exposed to risk
E-commerce operators urgently need to adopt KYA frameworks and build scoped payment authorization mechanisms

Major Vendors Enter the AI Agent Identity Management Space

Vendors race to build identity stack for Agentic AI | Biometric Update

Vendors are racing to provide visibility, governance and real-time control so organizations can deploy autonomous systems safely.

On March 26, 2026, Biometric Update reported that the race to build identity stacks for AI agents has intensified. With this topic featured as a keynote theme at RSA Conference 2026, major vendors including Ping Identity, Saviynt, Dock Labs, Wink, and Vouched are rapidly deploying solutions. In an era where AI agents write code, execute payments, and interact with customers, a new identity management framework is needed to control in real time "who" authorized "what" and "to what extent."

Background and Industry Trends

Traditional identity authentication frameworks were designed on the premise that "humans log in, make decisions, and bear responsibility." However, autonomous AI agents generate new processes, chain actions, and automatically escalate permissions at machine speed. iProov has warned of the accountability gap created by this "decision-making without humans."

According to PYMNTS, the rise of agentic commerce demands a third authentication layer beyond traditional KYC (Know Your Customer) and KYB (Know Your Business): "KYA (Know Your Agent)." Payment gateways and fraud detection engines were built on the assumption that "a human is in the loop," making new approaches such as delegated authorization, programmable spending policies, and consent proofs essential for agentic commerce where AI agents act as "customers."

According to Saviynt research, 91% of enterprises are exposed to "blind risk" due to inadequate AI agent governance. Security teams cannot track the number of agents, what they access, or who approved their creation, while compliance teams cannot determine accountability when agents make incorrect decisions.

Comparing Approaches from Five Major Vendors

Ping Identity: Defining Industry Standards with Runtime Controls

Ping Identity announced general availability of "Identity for AI" on March 24. The solution comprises three components: Agent IAM Core (agent identity registration, authentication, and authorization), Agent Gateway (runtime enforcement and auditing), and Agent Detection (behavioral signal-based agent detection).

CEO Andre Durand stated, "In an era when agents operate autonomously at machine speed, continuous verification and enforcement are required at every decision point." Chad Veldhuizen of Deloitte & Touche LLP endorsed the approach, stating that "AI agents should be treated as first-class digital identities." The platform supports Model Context Protocol (MCP) and will begin global availability on March 31.

Saviynt: Industry-First Identity Control Plane for AI Agents

Saviynt announced the "industry's first identity control plane for AI agents." It detects, registers, and monitors agents across major ecosystems including Amazon Bedrock, Microsoft Copilot Studio, Google Vertex AI, and Salesforce Agentforce. The platform is built on three pillars: posture management (detecting shadow AI and excessive permissions), lifecycle management (clarifying ownership), and Agent Access Gateway (real-time blocking of unauthorized actions). It was developed in collaboration with Hertz, Auto Club Group, and UKG, and integrates external risk signals from security partners such as CrowdStrike, Zscaler, and Wiz.

Wink x Vouched: Biometric Authentication to Guarantee "Human Intent"

Wink and Vouched have integrated biometric-authenticated KYA (Know Your Agent) workflows. When users create or activate AI agents, Wink executes multimodal authentication using facial, palm print, and voiceprint biometrics along with liveness detection. Authenticated payment tokens are scoped to specific merchants, amounts, and purposes, enabling precise permission control for agents. All authorization events record biometric, behavioral, and intent signals, generating tamper-proof audit trails.

Dock Labs: Granting Verifiable Credentials to Agents via MCP Server

Dock Labs released an MCP server enabling LLM-based agents to directly issue and verify Verifiable Credentials and manage DIDs. Additionally, the company is building trust relationships between agents through the A2A (Agent-to-Agent) protocol and developing the AP2 (Agentic Payment Protocol) to cryptographically prove purchase intent. AP2 is based on open standards including W3C Verifiable Credentials, OID4VC, and DIF Presentation Exchange, establishing Dock Labs as an infrastructure provider for agentic commerce.

Impact and Strategies for E-Commerce Merchants

As agentic commerce proliferates, e-commerce operators should consider the following measures.

1. Evaluate KYA framework adoption. A mechanism to identify and authenticate AI agents accessing your site is essential. As Microblink points out, AI agent transaction patterns differ from human browsing behavior, characterized by speed and concurrency. Detection models need to be retrained to distinguish between malicious bots and legitimate AI agents.

2. Transition to scoped payment authorization. Rather than handing full credit card information to agents, token-based authorization scoped to specific merchants, amounts, and purposes is becoming the standard. The Wink/Vouched integration is an early implementation of this direction, and Microsoft also recommends the "principle of least privilege" as a fundamental design principle for agentic AI.

3. Automate audit trails. Since AI agents execute transactions at machine speed, human review inevitably becomes after-the-fact. Runtime monitoring and automated audit log generation capabilities offered by Ping Identity and Saviynt are becoming prerequisites for compliance.

4. Prepare for MCP compatibility. Model Context Protocol (MCP) is becoming the de facto standard for agent interoperability, with both Ping Identity and Dock Labs already supporting it. Preparing to expose your APIs and payment systems to agents via MCP ensures you don't miss the commercial opportunities of agentic commerce.

Conclusion

The race to build identity stacks for AI agents is proof that agentic commerce has transitioned from "technical concept" to "implementation phase." While Ping Identity's runtime controls, Saviynt's integrated control plane, Wink/Vouched's biometric KYA, and Dock Labs' Verifiable Credentials/MCP represent different approaches, the shared message is clear: "Tie human intent and responsibility to AI agent actions." For e-commerce operators, monitoring these technological developments while progressively advancing KYA readiness, scoped payment authorization, and MCP compatibility will form the foundation of competitiveness in the agentic commerce era.