Your security team can name every human with commit access. Clean roster, auditable permissions, MFA status down to the last expired token. Good for them.

But the industry shipped autonomous agents before agreeing on whether an agent is a user, a bot, or a service account. Over the past two weeks, four major platforms proved this in the most instructive way possible — by each answering the identity question differently, incompatibly, and without consulting each other.

We covered GitHub's commit signing, Anthropic's Routines, Microsoft's Entra Agent ID, and OpenAI's sandboxed execution separately. Here's what the four-way comparison actually reveals.

Four platforms, four incompatible species

Forget the product details — you've read those. Focus on the taxonomy.

GitHub Copilot (April 3): agent is a bot. Cryptographically signed commits, "Verified" badge, clearly non-human. Honest. Traceable. The one vendor that decided an agent should say "I'm not a person."

Anthropic Routines (April 14): agent is a ghost. Operates under your personal GitHub token. A Routine committing code at 3 AM looks identical in every log to you committing code at 3 AM. Your badge, its hands.

OpenAI Agents SDK v0.14.1 (April 15): agent is nameless. Sandboxed execution, prompt injection defense, six sandbox partners. Identity mechanism? Zero. Not underdeveloped — absent.

Microsoft Entra Agent ID (updated April 8): agent is a citizen. Dedicated service principal, human sponsor on record, full governance controls. Its own employee badge in your directory.

Bot, ghost, nameless, citizen. Four vendors, four ontologies. Pick any two and your audit log becomes a Rorschach test.

The audit trail that tells bedtime stories

A Cloud Security Alliance survey published in March 2026, covering 285 IT and security professionals, puts numbers on the mess: only 28% can trace agent actions back to a human sponsor across all environments. 61% have fragmented audit logs that can't produce actionable evidence. 33% have no audit trail at all. And 44% still authenticate agents with static API keys — the credential equivalent of taping your house key to the front door.

An audit log where GitHub says "bot signed this," Anthropic says "you signed this," OpenAI says nothing, and Microsoft says "service principal ABC did this" is not a compliance artifact. It's four contradictory stories wearing a trench coat pretending to be accountability.

Lock-in by other means

Standardizing agent identity would require convergence on a format nobody has proposed. No standards body has convened. No RFC exists. And here's the part where you stop expecting one anytime soon: each vendor profits from the chaos.

GitHub's signing infrastructure locks you deeper into GitHub. Microsoft's Entra locks you into Azure AD. Anthropic's user-token model locks you into their PAT flow. OpenAI's absence of identity means you build your own — probably on OpenAI's stack.

This isn't accidental. Identity is the deepest form of platform lock-in. Deeper than APIs, deeper than data formats. If your agent's existence is defined by one vendor's directory, migrating means your agent stops being a recognized entity. That's not switching cost — that's an existential threat to a non-human actor, which is a sentence I never expected to write about access management.

The regulatory clock

We covered the EU AI Act deadline in detail — Article 50 takes effect August 2, 2026, demanding AI systems disclose their non-human nature. That's 107 days from today. One of your agent platforms explicitly makes agents indistinguishable from humans in logs, and another doesn't produce identity data at all. Good luck with that compliance filing.

What the comparison reveals

Each platform alone looks like a reasonable engineering decision. GitHub chose transparency. Anthropic chose simplicity. OpenAI chose isolation. Microsoft chose governance. All defensible.

But nobody runs one platform. The moment you combine two — and statistically, you already have — the taxonomy collision creates a gap no individual vendor will fix, because the gap is where the lock-in lives.

That clean roster of humans with commit access? Already fiction. The agents your team deployed this month left fingerprints in four incompatible formats, and the only entity with both the authority and the deadline to force convergence is a regulator who takes effect in 107 days.

Someone will pay for shipping agents before shipping agent identity. The vendors won't. Do the math on who's left.