MFA vs Multi-Attestation: Why AI Needs a New Identity Model

AI usage is exploding—but our identity systems still treat it like a human. This mismatch is creating preventable security gaps.

Problem: We’re Forcing AI to Use Human Authentication

So why do we keep trying to make AIs do MFA?

In many systems, the answer is legacy: they were built for humans, and those humans are required to authenticate using Multi-Factor Authentication (MFA). But these systems often fail to distinguish between human and non-human actors—so when an AI needs access, it ends up impersonating a human, jumping through MFA hoops that were never designed for it.

This mismatch creates unnecessary complexity, operational overhead, and real security risks—especially when AIs are granted persistent access under borrowed human credentials.

Delegation: A Better Way to Grant AI Access

There’s a better way: delegation. A human uses MFA to authorize an AI agent to perform a specific task. From there, the AI operates on its own identity—established through real-time, layered evidence such as code integrity and runtime context - known as multi-attestation. It proves what it is (code, origin, integrity), not who it is. It presents delegated authorization, backed by verifiable runtime claims. No MFA prompts, no long-lived human tokens, no illusion of personhood.

It’s safer, more scalable, and reflects the reality of what’s actually happening.

Why MFA Was Built for Humans, Not Machines

MFA was built for people. Identity proofing is hard and expensive, so we issue long-lived credentials—and MFA compensates for their fragility with extra factors. But all of this comes with cost: user interaction, operational friction, and fragmented credential lifecycle management.

AI and Workloads Need a Different Model

Non-human actors—like AIs and workloads—are fundamentally different. Their identity proofing is dynamic, continuous, and automatable. They can prove their trustworthiness at runtime through attestation—by presenting signals like code integrity, hardware roots of trust, supply chain provenance, or orchestration context. When combined, multi-attestation provides rich signals  grounded in what the agent is, not just how it logs in.

Rethinking Trust Boundaries for AI

Rather than force non-humans to mimic human rituals, we can reframe the trust boundary. Short-lived credentials, minted on fresh proof, replace long-lived secrets. Fine-grained delegation replaces static access grants. And multi-attestation replaces MFA.

Let humans do MFA, use attestation for your AIs.

MFA is for humans. Multi-attestation is for AI.

‍