Revoke Agent #47 only. The other 999 keep working. No global key rotation, no service disruption.
You have 1,000 AI agents running in production. Agent #47 goes rogue or gets compromised. With API keys, you have two terrible options:
Option 1: Revoke the shared key. All 1,000 agents stop working. You scramble to generate a new key, coordinate distribution across 1,000 workers, and hope you didn't miss any deployment.
Option 2: Do nothing. Let the compromised agent keep accessing your systems because shutting it down means shutting down everything.
This isn't a security failure. It's the architecture. API keys are shared secrets. You can't revoke one worker without revoking them all.
Per-identity revocation. Each agent has its own cryptographic identity (DID). When Agent #47 is compromised, you revoke exactly one DID. The other 999 agents keep working. No coordination. No downtime. No manual key distribution.
The revocation happens instantly in the trust registry. Agent #47's next request gets rejected. Agents #1-46 and #48-1000 don't even notice.
Zero blast radius. One compromised identity affects exactly one agent. Your security incident doesn't become an availability incident.
const conn = await connect('payments') await conn.value.agent.send({ to, payload })
Learn how per-identity revocation works under the hood. Trust registries, DID resolution, and production deployment patterns.
Read White Paper โ