Skip to content

Claude Tag: Agent Identity Instead of User Credentials for Team AI

The gist: Claude receives its own service accounts and identities instead of access to personal user credentials, enabling admins to centrally and granularly define which tools and data each AI agent can use in which channels.

Anthropic introduces a new access model for Claude Tag in which the AI receives its own agent identity with workspace-wide accounts instead of inheriting the access rights of individual users. This addresses security and scalability for autonomous AI agents in team environments.

Autonomous AI agents require access to the same tools, documents, and contexts that human team members have. However, the traditional model—the AI acts on behalf of a user—does not work in multiplayer scenarios like Claude Tag: when multiple people work in a channel simultaneously, it is unclear which user’s access rights the AI should have. And as AI agents increasingly operate autonomously (their performance window doubles approximately every four months), reliance on personal credentials is both insecure and administratively unmanageable.

In the new agent identity model, Claude receives its own accounts in all systems it touches: it posts in Slack as the Claude app, creates pull requests as the Claude GitHub app, and accesses data repositories through service accounts that admins provision. Because no personal user credentials are involved, a shared channel never becomes a backdoor to individual users’ private documents. At the same time, agent activity is clearly traceable and auditable.

Admins define a base identity at the workspace level—the AI’s standard connections, skills, and permissions—and can override it at the channel level: the Engineering channel, for example, gains access to GitHub and a data warehouse, while a CRM connector remains limited to a private channel. Configurable elements include repository access, connectors (tools and API keys with varying permission levels), skills/plugins (instruction folders, scripts), and standing instructions (custom instructions per channel).

The model replaces the question “What is this user allowed to do?” with “What is this agent allowed to do in this area?”. This eliminates the need to audit individual agent actions across dozens of user accounts. Revoking an identity stops agent access everywhere it was deployed—far more efficient than granular account management.


Source: claude.com · Published June 23, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: