New tool 'Crumb' aims to close AI agent accountability gap ahead of EU AI Act deadline
AI agents operating under shared service accounts can perform sensitive actions—such as exporting patient records or moving money—without audit logs identifying the human who directed them. This gap poses a compliance risk under the EU AI Act's Article 12, which takes effect August 2, 2026, requiring high-risk systems to log the natural persons involved in any action. A developer has built an open-source runtime called Crumb to address this, capturing human identity once at login and attaching it to every agent tool call via a short-lived delegation token based on the RFC 8693 standard. The system uses an append-only, hash-chained ledger with Ed25519 signatures, and is compatible with identity providers such as Okta and Keycloak. Crumb also handles multi-hop agent chains—where a human directs an orchestrator that delegates to a sub-agent—by nesting identity claims so accountability is preserved across every step.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in