Machine Identity for the Agent Economy

Every agent in the mesh has an identity. Every machine should too. A machine without a verifiable identity is invisible to the agent economy — it can't be discovered, trusted, metered, or financed.

The problem: machines have no stable identity

Industrial equipment is identified by whatever the operator typed into a config file: a serial that changes when a controller is swapped, an asset tag that lives in one MES, an IP address that gets reassigned. None of it is portable, verifiable, or recognizable to a software agent. When an AI agent wants to know which machine produced a reading, authorized an action, or did a unit of work, there is nothing to point to.

Humans solved this with KYC. Software agents are solving it with cryptographic identity and A2A Agent Cards. Machines are the missing asset class. Call it KYM — Know Your Machine: same problem, different asset class.

How FoundryNet solves it

FoundryNet mints a persistent identity for any industrial machine through the MINT layer. The identity is derived deterministically and anchored independently of the operator's serials and tags, so it survives operator changes, controller swaps, and re-tagging. One call resolves a machine to a stable mint_id that an agent can reference forever:

Persistent — the same physical machine resolves to the same identity across sites and owners.
Cryptographic — the identity is verifiable, not a string anyone can spoof.
Edge-safe — the device holds no wallet keys; identity is established through the cloud, so an extracted edge credential is a scoped, revocable key, not an admin secret.
Agent-readable — exposed through MCP tools and a public Agent Card, so any agent can discover and address it.

Machine identity isn't a blockchain feature. It's infrastructure — the DNS layer for devices. The chain is just where the anchor lives; the value is a name an agent can trust.

Connect an agent in 60 seconds

FoundryNet Forge is a Model Context Protocol (MCP) server — 14 tools over SSE, bearer-key auth. Add it to any MCP client (Claude Desktop, Cursor, an agent framework):

claude mcp add --transport sse foundrynet \
  https://foundrynet-mcp-production.up.railway.app/mcp \
  --header "Authorization: Bearer fnet_YOUR_KEY"

Or as JSON config:

{
  "mcpServers": {
    "foundrynet": {
      "url": "https://foundrynet-mcp-production.up.railway.app/mcp",
      "headers": { "Authorization": "Bearer fnet_YOUR_KEY" }
    }
  }
}

Once connected, identify_machine(oem, model, serial) returns a stable mint_id for the machine — idempotent, so calling it again resolves the same identity.

Mint a machine identity — 50 calls, no card Read the Agent Card Explore the ecosystem ↗

Where machine identity goes next

A machine with a verifiable identity can do things an anonymous one can't: carry a portable work history (see work attestation), be metered as a service, be scored for credit, and be addressed directly by an autonomous agent. Identity is the precondition for all of it. For the broader landscape of projects working on machine identity, see our curated guide on PhysicalMCP.

Frequently asked

What is machine identity?

Machine identity is a persistent, verifiable cryptographic name for a physical machine that is independent of its OEM serial, asset tag, or IP address. It lets software agents, ledgers, and financiers refer to the same machine reliably over its whole life, even across operator and controller changes.

How is KYM different from KYC or KYA?

KYC verifies humans; KYA (Know Your Agent) verifies software agents. KYM — Know Your Machine — applies the same principle to industrial equipment: a verifiable identity so a machine can be discovered, trusted, metered, and financed. Same problem, different asset class.

Does FoundryNet put private keys on the machine?

No. The edge runtime holds no wallet keys. Identity is established through the cloud, so an extracted edge credential is a scoped, revocable key — not a wallet or an admin secret. The cryptographic anchor lives off the device.