The Digital Chamber (TDC) announced on Apr. 3 that its AI + Quantum and Compliance & Cybersecurity Working Groups have submitted two formal public comments to the National Institute of Standards and Technology (NIST). The filings address government requests for industry input on how artificial intelligence (AI) agent systems should be identified, authenticated, authorized, and secured.
These submissions are significant as autonomous agents increasingly perform tasks such as executing financial transactions, accessing proprietary data, calling application programming interfaces (APIs), and interacting with other agents. TDC said its goal is to ensure that the rules governing these processes reflect technical realities faced by its members and position TDC as an expert voice in shaping future AI policy.
The first filing responded to a request from NIST’s Center for AI Standards and Innovation regarding security considerations for AI agents throughout their deployment lifecycle. TDC’s response drew upon member experience in areas including financial services, digital asset custody, blockchain security infrastructure, and agentic commerce. The second filing addressed a project proposed by NIST’s National Cybersecurity Center of Excellence exploring software and AI agent identification and authorization in enterprise deployments. TDC’s submission covered use cases, existing standards, identification methods, authentication protocols, authorization practices, auditing requirements, and defenses against prompt injection attacks.
Among its recommendations across both filings, TDC advocated building upon existing widely-deployed protocols rather than creating entirely new frameworks specific to AI. It suggested expanding project scope beyond just enterprise applications to include consumer-facing and government uses where identity risks may differ. Other recommendations included treating agent identity separately from authorization functions—arguing that conflating these layers can lead to excessive permissions—and designing systems so every action by an agent is cryptographically attributable through verifiable identities.
TDC said these principles aim to establish accountability before autonomous agents are tasked with managing assets or operating across enterprise environments.
