As AI agents explode around the planet, people will likely rapidly adopt personal AI fintech agents to manage their money, investments, etc. All of which comes with lots of new risks, security implications and requires identities for the AI agents. That's what this article dives into. So, if you're interested, read on...
Story Line Used For This Article
Jane Doe leverages her own AI fintech agent to manage her bank account and investments at Acme Bank Inc and also at Investment Inc. She delegates some of her authority to her teenage son John Doe to manage some of his own money via his AI fintech agent.
Arrival Of AI Agents
First skim “AI Leveraged Smart Digital Identities of Us
”. It talks about consumers stating:
- "They’ll quickly adopt AI leveraged?smart digital identities of them?to do tasks on their behalf –?which is what Personal AI??is an early forerunner of
- This will grow to include?shopping, doing financial transactions,?interacting with companies?who supply?goods and services to them,?like a bank, telco, utility, gas company, etc.
- They'll leverage it to?pay taxes to local, regional?and national governments
- All of which will increasingly?impact enterprise marketing and security strategies"
- “Marketing In The Age of AI Agents, Bots, Behavioural Tech and Crime
”
- “AI/Bots Health Agents, Medical IoT Devices, Risks, Privacy, Security And Legal Identity
”
- “Legal Departments - AI/Bots, Gen AI, AI Agents, Hives, Behavioural Tech And AI's Ability To Own LLC's
”
- “AI Agents & Kids
”
All Which Involve Risk
Let's first focus on Jane Doe and Acme Bank Inc. Jane Doe wants to be sure that no one else can maliciously use her AI fintech agent to do banking transactions with Acme. Acme in turn wants to verify it's Jane Doe's AI fintech agent they're accepting directions from re her transactions, and not Evil Inc. who's obtained access to Jane Doe's agent.
Then there's the degree of risk.
- Let's say Jane Doe has authorized her AI fintech agent to be able to do transaction of say between $1-1000. Acme will likely use a variety of different metadata to confirm it's Jane Doe's AI fintech agent doing the transaction and let the transactions proceed
- Now let's assume Jane wants to have her AI fintech agent do transactions between $1-500,000. The risk is now higher to both Jane and Acme. It will likely require rethought business, security, identity and authentication verification processes for both Jane and her AI fintech agent
- Finally, let's assume Jane want to allow her AI fintech agent to manage her multi-million dollar investments at Investment Inc. Both Jane and Investment Inc. will likely agree to new business processes, security, identity and authentication processes for both Jane and her AI fintech agent
Now Let's Bring Her Son John Into The Above
John's a legal minor. Jane wants to give him more responsibility in managing his own money. She also wants John to leverage his own AI fintech agent, under certain terms and conditions, which she wants to continuously oversee. My dumb question is how will all this work down in the actual legal, contractual and security weeds?
Here's the starting point for this discussion. Today, on the planet, there isn't the legal identity framework to easily be able for Jane and John to:
- Prove their legal identity relationship (i.e. parent/child) digitally and physically
- Which Acme Bank Inc. and Investment Inc. can instantly digitally verify and trust
- For Jane to then instantly, digitally authorize to Acme Bank Inc. and Investment Inc. allowing John to be able to manage his own bank account and investments
- Register their AI fintech agents identities against their own legal physical identities which Acme Bank Inc. and Investment Inc. can then instantly verify and trust
- Have their consents/ contracts agreed to with Acme Bank Inc. and Investment Inc. instantly stored in their own legal identity databases
Without this legal identity framework, your enterprise is going to have to manage this on your own. You should skim “AI Agent Authorization - Identity, Graphs & Architecture
” and also consider companies like Privo
who offer child privacy services.
Now, Let's Add The Evil Inc.s To The Above
"An AI system in one jurisdiction can create smart, malicious, digital bots at speeds of thousands or more per second. In the next second, they’re operating in all other jurisdictions on the planet, including yours, targeting your citizens, companies, enterprises, and different levels of government. Today on the planet, there’s no ability to instantly determine entity friend from foe. Thus, it results in increasing economic, criminal, and political chaos."
One can easily see the Evil Inc.s, leveraging this curve
, DAILY, to create new attack vectors against Jane and John Doe's AI fintech agents and Acme Bank Inc. and Investment Inc.
My Underlying Premise
All the above is crying out for a new:
- Enterprise architecture
- Legal identity framework for humans, AI systems and bots.
Enterprise Architecture:
Skim these four articles:
These are outside the traditional box enterprise architectures for our out of the box times.
Legal Identity For Humans, AI Systems and Bots
I've spent the last 8 years slowly working my way through it and now have the architecture, budgets, etc.
Note: What drove me into this was I wanted to rethink learning. I realized years ago I couldn't do this until I'd created a rethought legal identity architecture for humans, AI systems and bots. Once I arrived with this, I then created an out of the box learning architecture.
To See My Message To Governments & Industry Leaders
To See The Architectures
To See The Costs
The Chances of Most Local Jurisdictions Rapidly Adopting This Are Slim To None
Which is why, this past September, I put myself in the shoes of an enterprise CISO. I asked myself what my enterprise should be doing to rapidly leverage tech innovation, while mitigating risks? To see my answers skim these two articles:
You'll see me thinking outside the box.
Summary - We're Rapidly Entering A New Major Paradigm Shift
Where our old ways won't work well anymore. Thus, it requires out of the box thinking for our out of the box times. That's what the new architectures deliver. Contact me if you'd like to chat.
About Guy Huntington
I'm an identity trailblazing problem solver. My past clients include Boeing, Capital One and the Government of Alberta's Digital Citizen Identity & Authentication project. Many of my past projects were leading edge at the time in the identity/security space. I've spent the last eight years working my way through creating a new legal identity architecture and leveraging this to then rethink learning.
I've also done a lot in education as a volunteer over my lifetime.?This included chairing my school district's technology committee in the 90's - which resulted in wiring most of the schools with optic fiber, behind building a technology leveraged school, and past president of Skills Canada BC and Skills Canada.
I do short term consulting for Boards, C-suites and Governments, assisting them in readying themselves for the arrival of AI systems, bots and AI leveraged, smart digital identities of humans.
I've written LOTS about the change coming. Skim the?over 100 LinkedIn articles
?I've written,?or my webpage
?with lots of papers.
Quotes I REALLY LIKE!!!!!!:
- We cannot solve our problems with the same thinking we used when we created them” – Albert Einstein
- “Change is hard at first, messy in the middle and gorgeous at the end.” – Robin Sharma
- “Change is the law of life. And those who look only to the past or present are certain to miss the future” – John F. Kennedy
Reference Links:
An Identity Day in The Life:
My Message To Government & Industry Leaders:
National Security:
Rethinking Legal Identity, Credentials & Learning:
Learning Vision:
Creativity:
AI Agents:
- “Personal AI FinTech Agents - Risks, Security And Identity
”
- “AI/Bots Health Agents, Medical IoT Devices, Risks, Privacy, Security And Legal Identity
”
- “Marketing In The Age of AI Agents, Bots, Behavioural Tech and Crime
”
- “Legal Departments - AI/Bots, Gen AI, AI Agents, Hives, Behavioural Tech And AI's Ability To Own LLC's
”
- “AI Agents & Kids
"
- “AI Agent Authorization - Identity, Graphs & Architecture
”
Architecture:
AI/Human Legal Identity/Learning Cost References
AI Leveraged, Smart Digital Identities of Humans:
CISO's:
Companies, C-Suites and Boards:
Legal Identity & TODA:
Enterprise Articles:
- “Legal Departments - AI/Bots, Gen AI, AI Agents, Hives, Behavioural Tech And AI's Ability To Own LLC's
”
- “Marketing In The Age of AI Agents, Bots, Behavioural Tech and Crime
”
- "Major Change – Future of HR
"
- “AI/Bots Health Agents, Medical IoT Devices, Risks, Privacy, Security And Legal Identity
”
- “TODA, EMS & Graphs – New Enterprise Architectural Tools For A New Age
”
- "Entity Management System
"
- "Personal AI FinTech Agents - Risks, Security And Identity
"
Rethinking Enterprise Architecture In The Age of AI:
LLC's & AI:
Challenges With AI:
New Security Model:
DAO:
Kids:
Sex:
Schools:
- “The Coming Classroom Revolution – Privacy & Internet of Things In A Classroom
”
- “Kids, Digital Learning Twins, Neural Biometrics, Their Data, Privacy & Liabilities
”?
- “Bots, Classrooms, Privacy, Legal Identity & Contracts
”
- “We Have An Identity Problem – AI/Bots in School, Home & Work
”
- “Kids, Schools, AI/AR/VR, Legal Identities, Contracts and Privacy
”
- “EdTech Law – Legal Identity Contracts
”
- “AI, Cheating & Future of Schools/Work
”
- “Using AI/Digital Learning Twins in Assessment & Education
”
Biometrics:
Legal Identity:
Identity, Death, Laws & Processes:
Open Source:
Notaries:
Climate Change, Migration & Legal Identity:
Fraud/Crime:
Behavioral Marketing:
AI Systems and Bots:
- “AI, Bots & Us - Examples of Rapid Change
”
- “Decentralized AI – Risks, Legal Identity, Consent & Privacy
”
- "ChatGPT, AI, Identity & Privacy
"
- “Why We Need To Legally Register AI Systems and Bots
”
- “Why AI Regulation Requires Legal Identities of AI Systems and Bots
”
- “Artificial Intelligence & Legal Identification – A Thought Paper
”
- “Mission Control – We Have a Problem
”
- “Lease or Rent a Bot! Rapidly Emerging Contract Law & Legal Identity Challenges
”
- “The Infrastructure Behind Coordinating up to 3,000 bots in One Factory
”
- “Nanobots & Legal Identity
”
- “Micro Flying Bots & Legal Identity
”
- “Microbots Able to Swim Through Your Body & Legal Identity
”
- “Bots, Swarms, Risk & Legal Identity
”
- “Nanobots, Microbots, Manufacturing, Risk, Legal Identity & Contracts
”
Contract Law:
Insurance:
Health:
AI/AR/VR Metaverse Type Environments:
SOLICT:
EMP/HEMP Data Centre Protection:
Climate:
A 100,000-Foot Level Summary Of Legal Human Identity
- Each person when they’re born has their legal identity data plus their forensic biometrics (fingerprints, and later when they can keep their eyes open – their iris) entered into a new age CRVS system (Civil Registration Vital Statistics - birth, name/gender change, marriage/divorce and death registry) with data standards
- The CRVS writes to an external database, per single person, the identity data plus their forensic biometrics called a SOLICT “Source of Legal Identity & Credential Truth).?The person now controls this
- As well, the CRVS also writes to the SOLICT legal identity relationships e.g. child/parent, cryptographically linking the SOLICTs.?So Jane Doe and her son John will have cryptographic digitally signed links showing their parent/child.?The same methodology can be used for power of attorney/person, executor of estate/deceased, etc.
- The SOLICT in turn then pushes out the information to four different types of LSSI Devices “Legal Self-Sovereign Identity”; physical ID card, digital legal identity app, biometrically tied physical wristband containing identity information or a chip inserted into each person
- The person is now able, with their consent, to release legal identity information about themselves.?This ranges from being able to legally, anonymously prove they’re a human (and not a bot), above or below age of consent, Covid vaccinated, etc.?It also means they can, at their discretion, release portions of their identity like gender, first name, legal name, address, etc.
- NOTE: All consents granted by the person are stored in their SOLICT
- Consent management for each person will be managed by their PIAM “Personal Identity Access Management) system.?This is AI leveraged, allowing the person, at their discretion, to automatically create consent legal agreements on the fly
- It works both locally and globally, physically and digitally anywhere on the planet
- AI systems/bots are also registered, where risk requires it, in the new age CRVS system
- Governance and continual threat assessment, is done by a new, global, independent, non-profit funded by a very small charge per CRVS event to a jurisdiction to a maximum yearly amount.
A 100,000-Foot Level Summary Of The Learning Vision:
- When the learner is a toddler, with their parents’ consent, they’ll be assessed by a physical bot for their learning abilities.?This will include sight, sound, hearing and smell, as well as hand-eye coordination, how they work or don’t work with others, learning abilities, all leveraging biometric and behavioral data
- All consents given on behalf of the learner or, later in the learner’s life by the learner themselves, are stored in the learner’s SOLICT “Source of Legal Identity & Credential Truth”
- This is fed into a DLT “Digital Learning Twin”, which is created and legally bound to the learner
- The DLT the produces its first IEP “Individualized Education Plan”, for the learner
- The parents take home with them a learning assistant bot to assist the learner, each day, in learning.?The bot updates the DLT, which in turn continually refines the learner’s IEP
- All learning data from the learner is stored in their LDV “Learner Data Vault”
- When the learner’s first day of school comes, the parents prove the learner and their identities and legal relationship with the learner, via their LSSI devices (Legal Self-Sovereign Identity)
- With their consent, they approve how the learner’s identity information will be used not only within the school, but also in AI/AR/VR learning environments
- As well, the parents give their consent for the learner’s DLT, IEP and learning assistant bot to be used, via their PIAM (Personal Identity Access Management) and the learner’s PIAM
- The schools LMS “Learning Management System” instantly takes the legal consent agreements, plus the learner’s identity and learning information, and integrates this with the school’s learning systems
- From the first day, each learner is delivered a customized learning program, continually updated by both human and AI system/bot learning specialists, as well as sensors, learning assessments, etc.
- All learner data collected in the school, is stored in the learner’s LDV
- If the learner enters any AI/AR/VR type learning environment, consent agreements are created instantly on the fly with the learner, school, school districts, learning specialists, etc.?
- These specify how the learner will be identified, learning data use, storage, deletion, etc.
- When the learner acquires learning credentials, these are digitally signed by the authoritative learning authority, and written to the learner’s SOLICT.
- The SOLICT in turn pushes these out to the learner’s LSSI devices
- The learner is now in control of their learning credentials
- When the learner graduates, they’ll be able, with their consent, to offer use of their DLT, IEP and LDV to employers, post-secondary, etc.?This significantly reduces time and costs to train or help the learner learn
- The learner continually leverages their DLT/IEP/LDV until their die i.e., it’s a lifelong learning system
- IT’S TRANSFORMATIONAL OVER TIME, NOT OVERNIGHT