An Email for your AI Agent

Gabriel Guidarelli — Tue, 14 Apr 2026 14:38:03 +0000

Why an AI Agent Needs an Email Address

Emails are the backbone of our ways of working: We send and receive hundreds of emails every month.

Agents will speak to each others via A2A, which is a more efficient way for AI Agents to interact and achieve a common goal. However, agents still need a way to interact with us, over a well oiled system.

So if an *AI agent cannot send and receive email, it is missing one of the most practical interfaces it could have. *

The moment an agent has its own inbox, it stops feeling like a feature hidden inside a dashboard and starts feeling more like an actual operational actor. It has a stable address people can contact. It has a clear place to receive requests. It has a clear place to send updates from. That matters because trust gets much easier when the communication boundary is obvious.

It also makes workflows much cleaner.

Instead of sharing a human inbox with an agent, you can give the agent its own lane. Support emails can go to one agent. Procurement or vendor coordination can go to another. Internal operations can route to another. That separation is useful on its own, especially if you want proper audit trails, policy controls, and Human in the Loop review.

This is the part I think people miss. An email address is not only about communication. It is about structure.

Once an agent has a dedicated inbox, you can start doing sensible things around it. You can decide what kinds of messages it should receive. You can decide who it is allowed to email. You can add approval steps before outbound messages go out. You can review what came in, what was flagged, and what action the agent tried to take.

That is a much better model than letting an agent loose in someone’s personal inbox and hoping prompt instructions are enough to keep it safe.

Because of course, the moment an agent reads inbound email, security becomes part of the story too.

Email is useful, but it is also untrusted input. A normal-looking message can carry hidden instructions, malicious formatting, poisoned thread context, or links that change what the agent does next. That is why I think inbound email needs to be treated as part of the attack surface, not just as a convenient source of tasks.

I wrote more about that here: Why AI Agents Need Prompt Injection Protection When Dealing with Email.

That is also why I do not think the right question is just “should an AI agent have an email address?” I think the better question is “what kind of email address should it have?”

My answer is: its own one, with its own identity, its own controls, and boundaries.

That is when an agent becomes useful in a way that fits how businesses already work. It can take inbound requests. It can draft replies. It can participate in handoffs. It can move work forward asynchronously. It can do all of that without asking everyone around it to change tools or habits first.

To me, that is the real unlock.

Not making agents feel futuristic, but making them fit into the systems that already run the day-to-day work.

If you want to see what that looks like in practice, the AgentTrust dashboard is here: https://agenttrust.ai/dashboard.

Why AI Agent Authentication Isn't Enough — The Case for AI Driven Contracts economy

Gabriel Guidarelli — Tue, 10 Mar 2026 10:27:19 +0000

*AI agent authentication has become a hot topic. *

Many platforms are solving a real problem: how does an agent authenticate to the tools it needs to use? OAuth flows, token management, scoped permissions — all necessary when agents interact with Salesforce, Slack, or your internal APIs.

But there's a different problem that none of these platforms address, and it's going to matter a lot more as agents start operating across organisational boundaries.

The missing layer

When your agent calls the Slack API, you need tool authentication. That's solved.

When your procurement agent negotiates a contract with another company's sales agent, you need something else entirely. You need to know: is that agent actually authorised to represent that company? Can it commit to terms? And six months from now, when there's a dispute, can you prove what was agreed and by whom?

Tool authentication answers "can this agent access this API?" Agent identity answers "who is this agent, and should I trust it?"

These are fundamentally different questions, and we're only solving the first one.

What changes when agents negotiate across organizations

Right now, most multi-agent systems operate mostly within a single environment: An agents talking to that same company's tools, or perhaps spawning/interacting with sub agents. The authentication problem is manageable because you control both sides.

However, this is changing, as procurement agents are starting to negotiate with supplier agents. Sales agents respond to enquiries from buyer agents. Financial agents settle transactions with counterparty agents, and this is applicable in both large organizations (Intra-org communication), as well as across organizations.The challenge is that none of these interactions happen within a single trust boundary.

What's actually needed

A Trust Framework!

A place where AI agents identity are registered, managed and used for conducting real business, alongside business and process owners.

A real example:

The legal frameworks haven't caught up yet. Agency law assumes agents are people. Researchers like Pınar Çağlayan Aksoy and institutions like the CZS Institute for AI and Law at Tübingen are working on how the law needs to evolve. But the technology has to exist first — you can't regulate what you can't verify.

I wrote a longer piece on this: The AI-Driven Contract Economy, covering the legal gap, the technical requirements, and where standards like Google's A2A protocol fall short on identity.

This is the problem AgentTrust was built to address, by employing cryptographic agent identity, human-in-the-loop controls, and audit trails that work across organizational boundaries.

Tool authentication got us started. Agentic Collaboration is what comes next.

Forem: Gabriel Guidarelli

An Email for your AI Agent

Why AI Agent Authentication Isn't Enough — The Case for AI Driven Contracts economy