Trusted Identities for AI Agents: Leveraging Telco-Hosted eSIM Infrastructure
Sebastian Barros
TL;DR
This paper addresses the need for secure, auditable identities for autonomous AI agents operating across distributed enterprise and industrial environments. It proposes a telecom-grade identity architecture in which mobile network operators host secure elements (e.g., eUICC/HSM) and expose an Identity Gateway to provide hardware-backed, non-exportable agent identities, decoupled from physical devices. The authors detail a secure profile management and remote authentication workflow, a trust framework with attestation and delegation policies, deployment models, and practical use cases spanning enterprise automation, financial services, and industrial edge AI. They also analyze standards gaps in GSMA/3GPP, compare against alternative identity mechanisms, and outline a path toward standardized, telecom-federated identity for software agents with potential real-world impact on security, scalability, and compliance in the agent economy.
Abstract
The rise of autonomous AI agents in enterprise and industrial environments introduces a critical challenge: how to securely assign, verify, and manage their identities across distributed systems. Existing identity frameworks based on API keys, certificates, or application-layer credentials lack the infrastructure-grade trust, lifecycle control, and interoperability needed to manage agents operating independently in sensitive contexts. In this paper, we propose a conceptual architecture that leverages telecom-grade eSIM infrastructure, specifically hosted by mobile network operators (MNOs), to serve as a root of trust for AI agents. Rather than embedding SIM credentials in hardware devices, we envision a model where telcos host secure, certified hardware modules (eUICC or HSM) that store and manage agent-specific eSIM profiles. Agents authenticate remotely via cryptographic APIs or identity gateways, enabling scalable and auditable access to enterprise networks and services. We explore use cases such as onboarding enterprise automation agents, securing AI-driven financial systems, and enabling trust in inter-agent communications. We identify current limitations in GSMA and 3GPP standards, particularly their device centric assumptions, and propose extensions to support non-physical, software-based agents within trusted execution environments. This paper is intended as a conceptual framework to open discussion around standardization, security architecture, and the role of telecom infrastructure in the evolving agent economy.