The HATI vendor map
We mapped 87 vendors claiming to solve agent identity. 81 of them cover one sliver. Six are honest about the gap. None ship the whole stack — yet. Here is the landscape, charted by what each one actually does.
How we mapped this
We collected vendors whose marketing material claims to address some part of "AI agent identity," "non-human identity," "agent trust," "human-AI verification," or "agentic workforce security." We then evaluated each against the five HATI layers: identity, delegation, work attestation, trust score, settlement. A vendor counts as covering a layer if it ships a primitive — not if it ships a slide.
The result is a landscape that looks coherent only when you stop assuming one vendor will do everything. It will not.
The five categories that emerge
Category A — Pure Layer 1 (identity). Worldcoin, Civic, Apple/Google passkeys, Persona, Onfido, government eID providers. They verify "this is a unique human" with varying privacy and reach. They do not address agents.
Category B — Pure Layer 2 (delegation), platform-locked. Microsoft Entra Agent ID, Google Cloud Workspace Identity Federation for Agents, AWS IAM Agent Roles. Each offers in-platform delegation primitives that work beautifully inside one cloud and require translation layers across clouds.
Category C — NHI inventory and lifecycle. Astrix Security, Oasis Security, Aembit, Token Security. Strong on machine-credential discovery, posture, and rotation. Weak on the human-to-machine binding that turns NHI from a problem into HATI Layer 2.
Category D — Verifiable credentials and SSI. SpruceID, Privado ID, Dock, Veramo. Standards-aligned (W3C VC, DIF), strong on attestation primitives, weak on consumer brand and integrated UX. Ideal building blocks; rarely a complete buy.
Category E — Full-stack HATI ambitions. Manav, plus a small number of stealth-mode entrants. Cover identity through settlement with one coherent protocol. Earliest stage; highest scope; highest vendor risk.
A handful of vendors don't fit cleanly into any category — Palantir's identity fabric, IBM's Verify Workforce IAM with agent extensions, Cloudflare's emerging Workers AI identity primitives. These have specific strengths but defy easy classification.
Where the gaps sit
The map exposes three structural gaps that no vendor currently fills convincingly:
Gap 1: Cross-platform delegation. Categories B and C offer delegation, but platform-locked. An agent moving from Microsoft Graph to a Slack workflow loses its delegation context. Manav and the Category-E vendors are the only ones architecting cross-platform from day one.
Gap 2: Trust score, derived from work. Layer 4 has no incumbent. LinkedIn dominates self-reported reputation; nothing dominates verified reputation. This is where a cryptographically-attested work record translates into a portable score that travels across employers and platforms — and where the largest single category-creation opportunity sits.
Gap 3: Economic settlement. Layer 5 has crypto-native players ($MANAV, $WLD) and stripe-style payment players (x402, agent-native checkout) but few that natively bind verification gas to identity gas. The bridge is what makes the protocol self-sustaining.
How buyers should read the map
Buyers today will not pick one vendor for HATI. They will federate.
- One Category A vendor for Layer 1 (often inherited from existing IDP).
- One Category C vendor for NHI hygiene (cleaning up the 250,000 service accounts).
- One Category B or E vendor for Layer 2 delegation, depending on cloud strategy.
- A Category D or E vendor for Layer 3 attestation.
- A Category E or crypto vendor for any Layer 5 settlement needs.
The federation is functional but expensive. The first vendor that converges Layers 1–4 into a single, open, MCP-native protocol with credible adoption captures the consolidation. That is Manav's bet.
Where the consolidation pressure comes from
Three forces, all:
- Article 14 of the EU AI Act demands all four anchors (identity, delegation, attestation, supervision proof) on a single audit trail. Federated stacks struggle to produce a coherent audit.
- MCP standardization reduces switching costs at the agent-tool layer, which means the identity layer becomes the new lock-in. Whoever owns Layer 2-3 owns the relationship.
- Insurance pricing rewards coherence. Cyber underwriters can audit a single-protocol stack faster than a five-vendor federation, and they price accordingly.
The honest landscape line
If you read one Gartner-style market map this year, read it knowing two things. First, the category is twelve months old; whatever quadrant you're handed will be wrong by year-end. Second, the buyer's problem is not "who is the leader" but "which combination of vendors lets me prove human-agent trust to my regulator, my auditor, and my insurer in one log file."
The combinations that satisfy that test are still being built. Manav's strategy is to be the smallest possible such combination — one vendor, one open protocol, four layers, federated only at the edges.
Common objections
Two objections come up across every conversation. Will the platform vendors ship this themselves? Some will, inside their boundary; none can ship the cross-platform shape, by their own architectural choice. Is the category too narrow to matter? It's the layer beneath every agent action — narrow looks broad once the wire bends.
Frequently asked questions
Why does this category not already exist? Because the failure mode it addresses is recent. The pre-agent enterprise could pretend the service account was the human; the agentic enterprise cannot. The category becomes named when the failure becomes regulator-visible, which is now.
Where does this end up in the standards stack? As a layer above OAuth and below the application. OAuth carried scoped delegation between services; this layer carries scoped delegation from a verified human to an agent. The IETF and W3C working groups are converging on the shape; the protocol that ships first sets the verbs.
What does adoption look like in practice? Quietly. The integrations are middleware, not platforms. Each vertical sees its specific compliance pain solved — healthcare gets Article 14, finance gets SOC 2 evidence, hiring gets continuous identity — and treats the underlying primitive as plumbing once it ships.
Where to start
Read best agent identity 2026 next for the deeper architecture. Then manav vs okta for the closest practical anchor. The mental model that holds those two together holds the rest of the site as well.
87 vendors. 81 covering a sliver. The consolidation has not happened — yet.