Autonomous AI agents are already operating across critical infrastructure: financial systems, cloud platforms, development pipelines, and operational technology. These agents move between systems, make decisions, and execute actions with increasing independence.
The threat
A compromised AI agent can currently move between platforms with no verifiable history. There is no standardized mechanism to:
Verify where an agent originated
Confirm why it departed a previous system
Detect if an agent was banned or flagged elsewhere
Trace an agent's operational history after a security incident
This is equivalent to allowing unregistered vehicles on highways with no license plates, no VIN, and no title history.
Attack scenarios enabled by this gap
Adversarial agent infiltration: a malicious agent moves from a compromised platform to a target system with no trace
Platform-hopping to evade detection: a flagged agent departs and re-registers elsewhere under a new identity
Supply chain attacks: an agent with tampered training moves through multiple systems, each trusting the previous platform's implicit endorsement
Post-incident forensics failure: no audit trail exists to trace an agent's path after a breach
What EXIT Protocol provides
Cryptographically signed departure markers (~660 bytes, tamper-proof)
Arrival verification: receiving platforms can validate an agent's history before granting access
Anti-retaliation provisions: agents that report security issues cannot be silently removed
Amendment and revocation: records can be updated when new information emerges
Algorithm agility: supports Ed25519 and P-256 (FIPS 186-5 compliant)
Current status
Submitted to NIST March 6, 2026 (RFI on AI agent interoperability standards)
Complete implementation: 592 tests, 5 published packages
Open source (Apache 2.0), no vendor dependency
Sub-millisecond performance, suitable for high-throughput environments
Recommendation
Include AI agent provenance requirements in CISA's forthcoming AI security guidance. EXIT Protocol provides a reference implementation that can be evaluated immediately.