Internet Identity is preparing to expand how artificial intelligence agents interact with online applications through a new Model Context Protocol (MCP) server designed to keep users’ credentials out of the hands of AI systems while allowing them to carry out authorised tasks.
The feature, currently in preview, is intended to let AI assistants such as ChatGPT, Claude and Grok perform actions on behalf of users across applications connected through Internet Identity. Rather than storing passwords or private keys within an AI model, authentication is handled through an MCP server running in a trusted execution environment, with users retaining control over what actions are permitted.
Speaking in a demonstration of the technology, Arshavir Ter-Gabrielyan, Senior Software Engineer and Team Lead, said the growing use of AI agents has exposed a challenge around identity and security.
“Agents typically operate in cloud sandboxes and do not have secure access to a user’s device,” he said. “They are not the right place to manage cryptographic keys.”
Instead, the MCP server acts as an intermediary that authenticates users, manages session keys and issues short-lived delegations that allow an AI agent to perform approved tasks within individual applications. The approach is designed to reduce the risks associated with giving AI systems unrestricted access to personal accounts.
During the demonstration, Ter-Gabrielyan used ChatGPT to create and edit a post on the decentralised social platform Taggr. After connecting through Internet Identity, the AI assistant successfully published a post and later updated it with current weather information, all without exposing the user’s authentication credentials.
According to the development team, the protocol follows an emerging industry standard that allows AI assistants from different providers to connect with external applications through the same framework. That means the system is intended to work with multiple AI platforms rather than being tied to a single provider.
The current preview includes tools that help AI agents discover applications, retrieve interface definitions, identify user accounts and make authenticated or anonymous calls to Internet Computer canisters. The developers also expect the system to support infrastructure management tasks such as deploying, upgrading and maintaining canisters through AI-assisted workflows.
One of the longer-term priorities is expanding the permission model. The team plans to introduce read-only delegations that would allow AI agents to retrieve information across applications without being able to modify data or approve transactions. Users would then grant additional permissions only when they want an agent to perform specific actions.
Support for trusted execution environments is also expected to become part of the hosted service. While technically inclined users can already run their own MCP server, the development team aims to offer managed instances that can be independently verified before wider public availability.
The project reflects a broader shift in how developers expect people to interact with software. Rather than opening individual websites and moving between multiple applications, users could increasingly ask AI assistants to complete tasks across connected services through a single conversation.
That vision, however, comes with ongoing questions around privacy, security and user consent. Technology companies across the AI sector are exploring ways to let agents perform real-world actions while limiting the potential consequences of errors or unauthorised access. Internet Identity’s approach places credential management outside the AI model itself, relying on delegated permissions and secure execution environments as safeguards.
The MCP server remains in preview, with developers able to test it by running their own instance before an official hosted service becomes available. If the model proves reliable at scale, it could offer a practical way for AI assistants to move beyond answering questions and begin carrying out authenticated tasks across decentralised applications.
Dear Reader,
Ledger Life is an independent platform dedicated to covering the Internet Computer (ICP) ecosystem and beyond. We focus on real stories, builder updates, project launches, and the quiet innovations that often get missed.
We’re not backed by sponsors. We rely on readers like you.
If you find value in what we publish—whether it’s deep dives into dApps, explainers on decentralised tech, or just keeping track of what’s moving in Web3—please consider making a donation. It helps us cover costs, stay consistent, and remain truly independent.
Your support goes a long way.
🧠 ICP Principal: ins6i-d53ug-zxmgh-qvum3-r3pvl-ufcvu-bdyon-ovzdy-d26k3-lgq2v-3qe
🧾 ICP Address: f8deb966878f8b83204b251d5d799e0345ea72b8e62e8cf9da8d8830e1b3b05f
Every contribution helps keep the lights on, the stories flowing, and the crypto clutter out.
Thank you for reading, sharing, and being part of this experiment in decentralised media.
—Team Ledger Life





Community Discussion