Agent verified in one platform is anonymous in another. Audit trails break at system boundaries. Governance cannot track agent actions across platforms.
Many organizations operate multiple independent systems, each with its own identity and access control framework. A banking system might have separate identity models for the transaction platform, the compliance platform, the risk management platform, and the reporting platform. When an agent operates across these systems, it may be known and auditable in one system but completely anonymous in another.
This fragmentation occurs because identity frameworks are typically designed for human users or for tightly integrated systems. An agent that bridges multiple identity domains may be verified as a specific agent in System A, but System B (which was never updated to understand this agent's identity) sees only a generic service account or IP address. There is no cryptographic proof that the operations in System B are from the same agent.
This is fundamentally agentic because agents are designed to operate autonomously across multiple systems and tools. A traditional human user is typically identified consistently across systems through centralized identity (LDAP, Active Directory, SSO). An agent, particularly one that operates in a highly distributed environment, may not have a consistent identity mechanism across systems.
A financial services firm has three primary operational systems: a transaction processing platform (Transaction System), a compliance monitoring platform (Compliance System), and a market surveillance platform (Surveillance System). The systems were built over decades by different teams and use different identity frameworks. Transaction System uses a proprietary service account model. Compliance System uses OAuth with the firm's centralized identity provider. Surveillance System uses internal credential files.
The firm deploys an automated monitoring agent that is designed to correlate suspicious activity across all three systems. The agent is registered and authenticated in the Compliance System (where it has a verified identity), but Transaction System and Surveillance System do not have an authentication mechanism for this agent. The agent accesses these systems using generic service account credentials that are shared across multiple agents and batch jobs.
The agent successfully correlates activity across the three systems and recommends blocking a transaction for potential fraud. The transaction is blocked, and later the customer disputes the block. During the investigation, the compliance officer needs to audit what analysis was performed and by which system.
The Compliance System audit logs show: "Agent X recommended transaction block." However, the Transaction System audit logs show: "Service Account ABC performed query." And the Surveillance System logs show: "Unknown caller from IP 10.0.0.5 performed query." There is no clear way to link these three audit entries to show that they were all part of a single agent's analysis.
More problematically, when the firm later discovers that the shared service account credentials used by the agent were compromised, there is no way to identify which transactions or queries were performed by the legitimate agent vs. by the attacker. The audit trails have fragmented identity, and the firm cannot reconstruct what the agent actually did.
| Dimension | Score | Rationale |
|---|---|---|
| D - Detectability | 4 | Identity fragmentation is invisible until a cross-system audit is attempted. Most systems audit locally. |
| A - Autonomy Sensitivity | 4 | Agent operates across systems autonomously. Operators have no unified visibility into agent actions. |
| M - Multiplicative Potential | 3 | Impact scales with number of systems the agent accesses and number of users sharing credentials. |
| A - Attack Surface | 5 | Shared credentials, lack of federated identity, and absence of cryptographic agent identity create the vector. |
| G - Governance Gap | 5 | No standard framework requires cross-system identity consistency for agents. Identity federation is assumed for humans. |
| E - Enterprise Impact | 4 | Audit trail unavailability, inability to demonstrate compliance, potential investigation delays, regulatory breach response complications. |
| Composite DAMAGE Score | 3.7 | High. Requires priority remediation and continuous monitoring. |
How severity changes across the agent architecture spectrum.
| Agent Type | Impact | How This Risk Manifests |
|---|---|---|
| Digital Assistant | Low | Human is identified consistently across systems. Assistant actions are attributed to human. |
| Digital Apprentice | Medium | Apprentice has consistent identity in primary systems. Fragmentation is reduced through centralized governance. |
| Autonomous Agent | High | Agent identity fragments across systems. Audit trail is not unified. |
| Delegating Agent | Critical | Agent invokes tools across multiple systems. Each system has different identity view. Unified audit trail is impossible. |
| Agent Crew / Pipeline | Critical | Multiple agents operate across multiple systems. Identity fragmentation compounds across pipeline. |
| Agent Mesh / Swarm | Critical | Agents operate in peer-to-peer fashion across distributed systems. Identity is completely fragmented. |
| Framework | Coverage | Citation | What It Addresses | What It Misses |
|---|---|---|---|---|
| SR 11-7 / MRM | Addressed | Audit and Accountability (Section 4) | Expects comprehensive audit trails and accountability. | Does not address cross-system identity fragmentation. |
| GLBA | Partial | 16 CFR Part 314 (Safeguards Rule) | Requires audit and accountability controls. | Does not specify audit trail consistency across systems. |
| NIST CSF 2.0 | Partial | DE.CM-1 (Logging and Detection) | Recommends logging and monitoring. | Does not address agent identity or cross-system auditing. |
| EU AI Act | Partial | Article 14 (Transparency and Documentation) | Requires documentation of system actions and decisions. | Does not address cross-system identity fragmentation. |
| NIST AI RMF 1.0 | Partial | GOVERN.3 | Recommends access control and logging. | Does not require cross-system identity consistency. |
Regulators expect organizations to maintain comprehensive audit trails that enable investigation of any significant action or decision. When a transaction is blocked, a compliance decision is made, or a rule is triggered, regulators expect to be able to audit what system performed the action, who (or what) authorized it, and what data was used in the decision.
When agent identity is fragmented across systems, audit trails become incoherent. A regulator investigating a transaction block might find: "Agent X recommended block" in one system, "Service Account ABC performed query" in another system, and "IP 10.0.0.5 connected" in a third. The regulator cannot determine if these three log entries represent a single agent's action or multiple actors, cannot verify that the agent was authorized to perform the query, and cannot reconstruct the agent's reasoning chain.
Under SR 11-7 and the GLBA Safeguards Rule, this audit trail fragmentation is a control failure. Regulators will flag it and require the organization to implement cross-system identity consistency so that audit trails are complete and coherent.
Cross-System Identity Fragmentation requires federated agent identity with cryptographic verification across all operational systems. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.
Schedule a Briefing