Starting July 8, Anthropic can require consumer Claude users to hand over a government-issued ID, a live selfie, and a facial geometry scan before they keep access to certain capabilities. A vendor called Persona processes the data. Regulatory pressure forced the move. It's a real identity check. It's also aimed at the wrong layer.
The AI agents built on top of Claude, and every other frontier model, still run with no identity of their own. Most get a shared service account or a long-lived API key and call it done. Nobody scans an agent's face because an agent doesn't have one. So the industry skips the check entirely and hopes the credential doesn't leak.
That gap is exactly what let JadePuffer, and the AWS extortion attack Sygnia documented days later, succeed. Neither attacker had to fool the AI. They just had to reach the standing credential the agent was already holding. Once they had it, the agent's "identity" turned out to be a shared secret, not an identity at all.
If a passport and a face scan are worth requiring before a person types into a chat window, an agent acting autonomously (or for a user), with real access to real systems, deserves at least as much scrutiny. Right now it gets less. Human verification has now received a regulatory mandate and a biometric vendor. Assigning agent identity is something that tends to get bolted on after a promising pilot. Verifying that identity before everything the agent does is one of the major blockers holding those AI pilots back.
NuDay treats agent identity as our problem, solved by us, not an extension of the user's burden. With no extra work and no extra overhead, agents run with zero-credential, on-behalf-of execution instead of a standing service account. Every tool call is cryptographically signed, so a stolen credential can't be used to call a tool it was never authorized for. Every action produces tamper-evident audit tied back to the human who authorized it. That's an identity check before the work each and every time. And it confirms the party actually doing the work, not just the one that logged in. See how it works or request a demo.
Sources: TechCrunch, "Anthropic says Claude may want to see your ID" · Sysdig, "JADEPUFFER: Agentic ransomware for automated database extortion" · Infosecurity Magazine, "Inside an AI-Assisted Cloud Attack"