Agentic identity

Agentic identity is what makes an AI agent more than a chat-window assistant. A real agent does work in real systems — it sends email, it schedules meetings, it updates contacts. To do that work safely, it needs an identity: a sponsor, a mailbox, scoped permissions, an audit log, and a policy for when a human has to nod before it sends.

Helix treats agentic identity as a first-class object. Each agent has exactly one sponsor (a human with a verified account), exactly one approval policy, and a per-action log. The mailbox can be a real Gmail/Outlook account or a fresh dedicated address; either way, the recipient sees a real From: header and the identity persists across LLM clients (Claude, Cursor, ChatGPT, n8n).

The opposite of agentic identity is "borrow the human’s session" — an LLM that uses the user’s OAuth token to act. That model couples blast radius to the user’s full account and makes audit, revocation, and approval policy hard. A dedicated agent identity solves all three.