Identity infrastructure for the agentic internet
Your identity shouldn't depend on how much you post.
An open signing authority for verifiable professional claims in the agentic internet.
Same category as Sigstore (for software artifacts), Let's Encrypt (for domains), npm provenance (for package authorship) — applied to professional identity claims in the AI era.
Every claim, with its receipts
The first AetherID
did:aether:leonard-cremer
Leonard Cremer — Founder, AetherID + Stratafy.ai
Directory seed. Browsable at /leonard-cremer, machine-readable at /leonard-cremer.json.
What AetherID defends against
Supply-chain attacks against developers and operators succeed in two layers. The technical attack — RAT installation, credential theft, malicious package publish — is one layer. The social-engineering campaign that gets the victim to the moment of compromise is another, upstream layer.
AetherID is built for the upstream layer.
What it does
- Verifies "is this really the person they claim to be" at first contact
- Carries identity continuity across platform handoffs (LinkedIn → Slack → Teams)
- Makes affiliation claims (employer, role, project) cryptographically checkable
- Surfaces cloned identities by their inability to reproduce signed credentials
What it doesn't do
- Defend against endpoint compromise once an attacker has machine access
- Prevent malicious package publishes at the registry layer (that's npm's work)
- Sandbox postinstall scripts
- Replace OIDC, immutable releases, or staged publishing
Different companies, different categories, complementary defences. We don't overclaim what AetherID covers — we cover the identity-trust layer that enables the social-engineering prerequisite to attacks like these.
Try it
Three ways to engage with AetherID before launch:
coding-preferences pack v1.0-draft
feedback, integration questions, founder conversations
We're in the 6-week build-and-test window before public launch. Tool-maker feedback specifically welcome — see the spec proposal for integration patterns.