OpenA2A: AIM · HackMyAgent · OASB · ARP · Secretless · DVAA

Agent Identity Management (AIM)

The open-source NHI platform for AI agents — cryptographic identity, governance, and access control by default.

Enterprises manage millions of non-human identities (NHI). AI agents are the fastest-growing — and least-governed — category. AIM fixes that.

📺 Demo Video • 📚 Docs • 💬 Discord

---

Quick Start

curl -sSL https://raw.githubusercontent.com/opena2a-org/agent-identity-management/main/scripts/quickstart.sh | bash

That's it. Opens dashboard at localhost:3000, API at localhost:8080. Secrets are auto-generated. Login credentials are printed at the end — change the password on first login.

Or use AIM Cloud: aim.opena2a.org — no infrastructure required.

Build from source instead

git clone https://github.com/opena2a-org/agent-identity-management.git
cd agent-identity-management
docker compose build && docker compose up -d

Docker Images

Image	Description
ghcr.io/opena2a-org/aim-server	Backend API server
ghcr.io/opena2a-org/aim-dashboard	Web dashboard

Tag	Description
latest	Latest stable release
edge	Built from main on every push
1.22.0	Specific release version
1.22	Latest patch in the 1.22 series
1	Latest minor in the 1.x series

Verify Image Signatures

cosign verify ghcr.io/opena2a-org/aim-server:latest \
  --certificate-identity-regexp="https://github.com/opena2a-org/agent-identity-management" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

---

Secure Your Agent (One Line)

from aim_sdk import secure

agent = secure("my-assistant", capabilities=["db:read", "api:call"])

@agent.perform_action(capability="db:read")
def get_customer(id):
    return db.query(id)

That's it. Your agent now has:

• Cryptographic identity (Ed25519)
• Capability enforcement
• Full audit trail
• Real-time monitoring

---

What AIM Solves

Problem	Without AIM	With AIM
Agent impersonation	Anyone can claim to be your agent	Cryptographic proof required
Prompt injection	Agent tricked into unauthorized actions	Capability enforcement blocks it
No visibility	What are your agents doing?	Complete audit trail
MCP supply chain	Unknown servers, no verification	MCP attestation + drift detection
NHI governance gap	No inventory, no ownership, no lifecycle for agent identities	Full NHI governance — ownership, lifecycle automation, compliance reporting

---

Features

Dashboard & Monitoring

Real-time visibility into your AI agent fleet:

• Trust Scoring — 8-factor algorithm evaluates agent trustworthiness
• Security Alerts — Severity-based alerts with acknowledgment workflow
• Activity Timeline — Every action, verification, and MCP connection
• Compliance Checks — 10 automated checks for security compliance

MCP Server Attestation

Verify and monitor Model Context Protocol servers:

• Auto-Attestation — SDK automatically attests MCP servers on first use
• Drift Detection — Alerts when server tools change unexpectedly
• Supply Chain View — See all MCP servers across your organization

Capability-Based Access Control

Define what each agent can do. Block everything else.

• Declared Capabilities — db:read, api:call, file:write, etc.
• Runtime Enforcement — Unauthorized actions blocked at API layer
• Risk Level Detection — Automatic risk assessment from patterns

Just-In-Time Access

Sensitive operations require admin approval:

• Request Workflow — Agents request elevated access
• Time-Limited — Access expires automatically
• Full Audit Trail — Every request logged

Security Policies

• MONITORING Mode — Observe and alert without blocking (development)
• STRICT Mode — Enforce policies and block violations (production)
• Data Exfiltration Detection — Detect unusual data transfer patterns

NHI Governance

Manage AI agents as first-class non-human identities:

• Ownership Attribution — Every agent linked to a human owner and team
• Lifecycle Management — Active, inactive, suspended, revoked states with automated transitions
• Shadow Agent Discovery — Find unregistered agents across your environment
• Orphan Detection — Alert when agent owners leave the organization
• ABOM Generation — Agent Bill of Materials for compliance (CycloneDX export)
• Compliance Reports — NHI inventory exports for SOC 2, HIPAA, GDPR, ISO 27001

---

SDKs

SDK	Install	Status
Python	pip install aim-sdk	✅ Stable
Java	Maven/Gradle	✅ Stable
TypeScript	Coming soon	🚧 In progress

Python Example

from aim_sdk import secure, AgentType

agent = secure(
    "my-agent",
    agent_type=AgentType.LANGCHAIN,
    capabilities=["db:read", "api:call"],
    tags=["production"],
    metadata={"model": "gpt-4"}
)

@agent.perform_action(capability="db:read")
def query_users():
    return database.get_users()

Java Example

AIMClient agent = AIMClient.secure(
    "my-agent",
    Arrays.asList("db:read", "api:call"),
    AgentType.LANGCHAIN
);

User user = agent.performAction("db:read", "users", () -> {
    return userRepository.findById(userId);
});

---

Architecture

AIM uses direct observation — not proxies. Unlike traditional NHI platforms that discover service accounts through API integrations, AIM governs AI agents natively. Agents report actions explicitly via SDK decorators while communicating directly with target systems.

┌─────────────────────────────────────────────────────────────┐
│  YOUR AGENT                                                 │
│  ┌────────────────────────────────────────────────────────┐ │
│  │ @agent.perform_action(capability="db:read")            │ │
│  │ def get_data():                                        │ │
│  │     return database.query()  ─────────────────────────────► Target
│  └────────────────────────────────────────────────────────┘ │  (Direct)
│                    │                                        │
│                    │ Reports action                         │
│                    ▼                                        │
│              AIM Backend                                    │
│         (Verify + Log + Enforce)                            │
└─────────────────────────────────────────────────────────────┘

Key points:

• Zero latency added to agent↔target communication
• No single point of failure (fail-open mode available)
• Works with any MCP server, API, or database

---

Deployment

# Development
docker compose up -d

See infrastructure/DEPLOYMENT.md for production deployment guides (AWS, Azure, GCP, Kubernetes).

---

Documentation

• SDK Quickstart — Secure your first agent
• MCP Registration — Connect MCP servers
• Post-Quantum Cryptography — ML-DSA signatures
• Full Documentation

---

Contributing

We welcome contributions! See CONTRIBUTING.md.

---

OpenA2A Ecosystem

Project	Description	Install
AIM	Agent Identity Management -- identity and access control for AI agents	pip install aim-sdk
HackMyAgent	Security scanner -- 147 checks, attack mode, auto-fix	npx hackmyagent secure
OASB	Open Agent Security Benchmark -- 182 attack scenarios	npm install @opena2a/oasb
ARP	Agent Runtime Protection -- process, network, filesystem monitoring	npm install @opena2a/arp
Secretless AI	Keep credentials out of AI context windows	npx secretless-ai init
DVAA	Damn Vulnerable AI Agent -- security training and red-teaming	docker pull opena2a/dvaa

---

License

Apache-2.0 — See LICENSE

---

⭐ Star this repo if AIM helps secure your AI agents!