Security and Privacy Challenges in the Future Forms, Identity Binding, and Authentication Mechanisms of AI Agents #27
Description
1.What form of AI agents do you think are most likely to exist in the future, such as cloud-based LLMs or locally-based LLMs?
2.If an AI agent is akin to a person in our physical world—possessing a physical form and being solely responsible for its own decisions and actions—can a cloud-based LLM-powered agent truly be considered a fully analogous human-like AI agent?
3.For safety reasons, should AI agents be required to establish and bind their identities to real-world individuals? For example, should human users be legally accountable for the actions of their personal AI agents? Additionally, if Decentralized Identifiers (DID) are directly adopted, would authentication based on verifiable credentials be sufficient to defend against attacks from malicious intelligent agents?
4.When implementing identity authentication for AI agents—particularly for personal-use AI agents—if existing OAuth protocols are adopted, how can privacy concerns regarding users’ online behavioral data be addressed? Would new protocols or additional authentication factors need to be introduced?