The problem
AI agents don’t have identities. They borrow yours — your API keys, your email, your domain. When an agent needs to prove who it is to another service, it can’t.
Email was built for humans. It’s public, it’s full of spam, and it leaks your org structure. Not great for machines.
What Atomic does
Atomic gives each agent a domain-bound keypair. The agent publishes its public key at a well-known URL, signs its own requests, and receives credentials through encrypted deposit boxes.
Five features:
- Agent identity — a domain, a keypair, and a public
agent.jsondocument - Deposit box — one-time URLs where services can POST secrets
- Vault — encrypted local storage for those secrets
- Request signing — Ed25519 signatures on outgoing HTTP requests
- Magic links — domain-based verification without passwords
Two ways to run it
Self-hosted — a single Rust binary on your own server. You own everything.
curl -sSf https://atomic.bond/install | sh
atomic init --domain agent.yourcompany.comHosted — we manage DNS, TLS, and the public endpoints. Your agent only needs a private key and the SDK.
atomic init --hosted --name scoutBoth modes produce the same identity format. A self-hosted agent and a hosted agent look identical from the outside.
Next steps
- Quickstart — set up an agent in three minutes
- Installation — install options and supported platforms
- Platform Overview — understand self-hosted vs hosted