The Problem: These days companies are using a lot of AI agents like Google Gemini, Claude, CrewAI and others to automate their work. But there is one big problem — nobody is tracking what these agents are doing or controlling what they can access.

Like for example, if one AI agent gets hacked or goes rogue, it can access your database, steal data, or do things it was never supposed to do. And the worst part is — you won’t even know which agent did what because there is no record of it.

It’s like hiring employees but never giving them ID cards, never checking their background, and letting them access every room in the office. That’s a huge security risk.


Our Solution: So I found this open source project called AIM — Agent Identity Management — on GitHub. What it basically does is — it gives every AI agent its own identity, its own access key, and tracks everything it does. Just like how companies use Okta or Active Directory for their human employees, AIM does the same thing but for AI agents.

I set it up locally, registered 3 AI agents, connected 2 MCP servers, and got the whole security dashboard running. It was actually pretty cool to see everything come together.


Solution Architecture The whole system runs on Docker. You just clone the repo and run one command — docker compose up -d — and everything starts automatically. Here is what runs inside:

  • The frontend dashboard is built in React and runs on localhost:3000
  • The backend is built in Go and handles all the agent registration and security logic
  • PostgreSQL stores all the agent data and audit logs
  • Redis handles sessions and caching
  • Elasticsearch powers the search functionality
  • NATS is used for real-time messaging between services
  • MinIO stores all the cryptographic keys and certificates
  • Prometheus, Grafana, Loki handle all the monitoring and logs

Everything runs in an isolated Docker network so nothing is exposed to the outside.


Deliverables

  1. Got the full AIM system running locally using Docker Compose
  2. Registered 3 AI agents — Gemini Research Agent, Claude Orchestrator Agent, and CrewAI Automation Agent — each with their own cryptographic identity
  3. Created 3 active API keys, one for each agent, with expiry dates
  4. Registered 2 MCP servers — Filesystem MCP Server and Database MCP Server
  5. Security dashboard showing a fleet score of 93 out of 100 and 100% agent verification rate
  6. Recorded a demo video showing the whole system working
  7. This POC document

Tech Stack

  • Docker and Docker Compose for deployment
  • Go with Fiber framework for the backend
  • React and Next.js for the frontend
  • PostgreSQL and TimescaleDB for the database
  • Redis for caching
  • Elasticsearch for search
  • NATS for messaging
  • MinIO for storage
  • Prometheus, Grafana, Loki for monitoring
  • Ed25519 cryptographic keys for agent identity
  • MCP and A2A protocols for agent communication
  • Windows 11 with Docker Desktop

Business Impact Honestly, AI agent security is going to be a massive problem in the next few years. Every company is rushing to deploy AI agents but nobody is thinking about who is controlling them or what they can access. AIM solves exactly that.

For banks and finance companies — they can use AIM to make sure their AI agents are only accessing what they are supposed to, which helps with compliance like SOC2 and ISO 27001.

For hospitals — patient data is super sensitive. AIM makes sure AI agents handling that data have strict access controls, which helps with HIPAA compliance.

For any SaaS company building AI products — if you integrate AIM, you can tell your enterprise customers that all your AI agents are verified and monitored. That is actually a strong selling point.

For government organizations — they need zero trust architecture for everything. AIM’s cryptographic identity model fits perfectly there.

In short, AIM can help companies reduce AI security incidents, make their audits easier, and give their security teams the visi

Demo Video