AI agents and the identity crisis: What Napster can teach us about the future of content access

In the late 1990s, Napster upended the music industry. Millions of users suddenly had unfettered access to music, bypassing traditional distribution and payment channels.

The industry panicked, artists protested, and lawsuits flew. But beneath the chaos lay a truth that couldn’t be ignored: the world had changed, and the old systems of control no longer worked.

The rise of AI agents, and their blind spot

AI agents — smart digital assistants capable of browsing, reading, summarizing, buying, scheduling, coding, and more — are exploding in capability and popularity. Users are delegating more and more tasks to these agents, expecting them to interact with the web much like a human would.

But there’s a fundamental problem: these agents don’t have identity. Not in any meaningful, secure, or portable way. They can't sign in. They can't prove who their user is. They can't be charged. They can’t access paywalled content. They don’t have wallets, subscriptions, or login credentials that map to the person they represent.

In other words, we’re seeing a surge in highly capable digital consumers — with no accountability and no monetization path. This is Napster all over again.

Content without compensation

Just like Napster allowed users to rip and share MP3s at scale, today’s AI agents are scraping, summarizing, and repackaging content — often paywalled or proprietary — with little to no attribution or payment. Publishers and content providers are watching with growing concern as valuable information is accessed without compensation.

There’s no system that bridges the user → agent → content → payment path in a trusted, scalable way.

This breakdown mirrors the early 2000s music industry, where content value was clear, demand was soaring, but infrastructure for fair compensation simply didn’t exist. Napster was a symptom, not the disease. And without a new model, the entire system teetered.

The Spotify and Apple Music moment

Eventually, the music industry didn’t beat Napster through courts — it evolved. Spotify and Apple Music emerged with a new contract: easy access, good UX, and fair (if imperfect) compensation for creators. Consumers embraced the model, and piracy declined dramatically. The solution wasn’t just legal — it was technological and economic.

The AI agent world now needs its own “Spotify moment.”

What would that look like?

• Identity-aware agents: Agents that can prove who they are acting on behalf of — securely and transparently.
• Consent-based access: Content providers granting access only to verified, paid agents tied to legitimate users.
• Built-in monetization: Usage-based billing, API tolls, or subscription models that flow from agent to publisher in real time.
• Interoperable standards: Like OAuth and SAML enabled the rise of SSO in the enterprise, new identity protocols must emerge for machine-to-machine access — possibly governed by zero-trust and B2B IAM models.
• Agent wallets and entitlements: AI agents with wallets (crypto or fiat) that can carry subscriptions, digital rights, and micropayment capabilities to access metered content.

The clock is ticking

Just like the early 2000s, the current tension can’t last. Either the content ecosystem breaks under the strain of free-riding AI agents, or a new model emerges — one that respects user identity, honors creator value, and builds the rails for sustainable AI access. The Napster era showed us what happens when innovation outpaces infrastructure. But it also gave us the blueprint for resolution. Let’s not wait a decade for our Spotify moment. It’s time to give AI agents identity — and a wallet.

The IAM revolution we need

Traditional Identity and Access Management (IAM) was built for humans logging into applications. But AI agents represent a fundamentally different challenge: they're autonomous, persistent, and operate at machine speed across countless services simultaneously. Current IAM systems simply weren't designed for entities that might access hundreds of APIs per minute on behalf of users who may not even be online.

We need a new generation of IAM that can handle agent-to-service authentication, real-time entitlement verification, and dynamic permission delegation — all while maintaining a clear chain of accountability back to the human user. Companies like Ory are already pioneering this transition, building identity infrastructure that can authenticate both humans and the AI agents acting on their behalf, creating the foundation for a trustworthy agent economy.

Building the rails for tomorrow

The path forward isn't just about technology — it's about creating the fundamental infrastructure that makes AI agents trustworthy participants in the digital economy. Just as Ory's modern identity stack enables developers to build secure, scalable authentication for today's applications, we need similar solutions that can extend identity beyond humans to their AI representatives.

This means standards for agent credentialing, protocols for cross-platform identity portability, and frameworks that let content providers verify not just who is accessing their content, but through which legitimate agent and under what terms. The companies that solve this identity challenge first won't just prevent the next Napster-scale disruption — they'll enable the infrastructure that lets AI agents become productive, accountable members of our digital society. The question isn't whether AI agents will get identity. It's whether we'll build that infrastructure thoughtfully, or let chaos force our hand.

Whether you're building customer service agents, content recommendation systems, or advanced data analysis tools, Ory Hydra provides the security foundation for agentic AI systems that keeps your MCP implementations secure, compliant, and scalable.

Contact our team to learn how Ory Hydra can rapidly transform your Agentic AI security.