Designing Multi-Agent AI Systems with Agent Identity for Secure Collaboration
This article discusses Anthropic's Claude Tag, an evolution in AI assistant design that integrates Claude directly into Slack channels as a persistent, shared team member. A core innovation is "agent identity," an access control model that enables secure, multi-user interaction with AI agents by assigning them dedicated accounts and permissions rather than inheriting individual user credentials. This shift facilitates long-running, asynchronous tasks and collaborative steering of AI agents in enterprise environments.
Read original on The New StackThe Evolution of AI Agents: From Transactional to Persistent
Traditionally, AI assistants have operated in a transactional, single-user mode, responding to direct prompts or tags and then becoming inactive. Anthropic's Claude Tag represents a significant architectural shift by making AI agents persistent, shared entities within communication channels like Slack. This allows for continuous operation, context accumulation, and collaborative task management, fundamentally changing how teams interact with AI.
Agent Identity: A New Security Model for Collaborative AI
A critical system design challenge for persistent, multi-user AI agents is managing access and security. The traditional model, where an AI inherits the permissions of the invoking user, becomes problematic when agents operate autonomously, across multiple users, or for extended durations. Anthropic addresses this with "agent identity".
Key Concept: Agent Identity
Agent identity is an access construct where an AI agent operates under its own dedicated accounts and permissions, rather than borrowing user credentials. This allows administrators to define broad yet scoped access at the workspace level, with granular control per channel, ensuring security and accountability in multi-player AI scenarios.
- Independent Operation: Agents can schedule tasks and respond to events long after the initiating user has logged off.
- Multiplayer Steering: Multiple users can steer, correct, and build upon an agent's work in real-time, requiring a shared, stable permission set.
- Enterprise Security: Prevents agents from becoming a backdoor to individual user's private documents, as they use dedicated service accounts (e.g., for GitHub, data warehouses).
Architectural Implications of Agent Identity
Implementing agent identity involves creating a dedicated access control layer for AI agents. Administrators configure specific tools and data access for Claude at the workspace level, which can then be refined for individual channels. For instance, an engineering channel's Claude might have read/write access to GitHub and data warehouses, while a general channel's Claude might have read-only permissions.
{
"agent_id": "claude-channel-eng",
"permissions": {
"github": {"read": true, "write": true},
"data_warehouse": {"read": true, "write": true},
"slack_channel_id": "#engineering"
},
"token_limit_per_day": 1000000
}