Three teams, one agent incident. Nobody knows who is responsible.

Agent trust is a buzzword without context. Depending on your role, you need a completely different signal. RSAC 2026 confirmed what engineers already knew: OAuth and SAML weren't built for agent-to-agent delegation. The gap isn't theoretical anymore. For agent owners, reputation is a core business asset. If an agent slips up, they have to prove it wasn't a flaw in the core logic. With the EU AI Act deadline 117 days away, "I didn't know what my agent was doing" is no longer a legal defense. You need cryptographic proof. Hirers don't care about the owner's marketing.