Kite AI views identity as infrastructure, not merely login information. Its three-level identity model—user, agent, session—is built around a single question: how can you minimize harm when automation inevitably errs?
The foundation is the user identity. This holds ultimate authority but isn't an execution tool. Its purpose is to define intent and policy, not to act constantly. Practically, it's the key that determines who can deploy agents, what restrictions apply, and when authority should be revoked. Because it's seldom used, it's also seldom exposed.
Above that is the agent identity, representing a specific autonomous actor. An agent is not a person; it's a role. Its permissions are intentionally limited: capped budgets, approved counterparties, set strategies, and auditable actions. If an agent acts incorrectly, the system doesn't fail; the agent is disabled, replaced, or reset. Accountability stays in place without penalizing the entire user identity.
The final level is the session identity, where true operational safety is achieved. Session keys are temporary, tied to specific tasks, and disposable. A session might last only as long as it takes to execute a trade, retrieve data, or finish a workflow. When the task concludes, the key expires. No lingering authority. No quiet reuse. No hidden persistence.
Combined, these levels transform identity into a blast-radius control system. Instead of a single powerful key that could drain funds or corrupt data, authority is divided across time, scope, and responsibility. Compromises become isolated incidents, not widespread disasters.
This model subtly alters our approach to trust in autonomous systems. Intelligence alone is insufficient. Autonomy is only secure when identity itself is programmable, separated, and revocable by design.
