Autonomous AI agents lack traceable accountability mechanisms, creating a fundamental dilemma where systems must either operate as ``downgraded tools'' or risk real-world abuse. This vulnerability stems from the limitations of traditional key-based authentication, which guarantees neither the operator's physical identity nor the agent's code integrity. To bridge this gap, we propose BAID (Binding Agent ID), a comprehensive identity infrastructure establishing verifiable user-code binding. BAID integrates three orthogonal mechanisms: local binding via biometric authentication, decentralized on-chain identity management, and a novel zkVM-based Code-Level Authentication protocol. By leveraging recursive proofs to treat the program binary as the identity, this protocol provides cryptographic guarantees for operator identity, agent configuration integrity, and complete execution provenance, thereby effectively preventing unauthorized operation and code substitution. We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.

翻译：自主AI代理缺乏可追溯的问责机制，这引发了一个根本性困境：系统要么作为“降级工具”运行，要么面临现实世界中被滥用的风险。该脆弱性源于传统基于密钥的身份验证的局限性，其既无法保证操作者的物理身份，也无法确保代理的代码完整性。为弥合这一鸿沟，我们提出了BAID（绑定代理身份标识），这是一个建立可验证用户-代码绑定的综合性身份基础设施。BAID整合了三种正交机制：通过生物特征认证实现的本地绑定、去中心化的链上身份管理，以及一种新颖的基于zkVM的代码级身份验证协议。该协议利用递归证明将程序二进制文件视为身份标识，从而为操作者身份、代理配置完整性及完整的执行溯源提供了密码学保证，有效防止了未授权操作与代码替换。我们实现并评估了一个完整的原型系统，证明了基于区块链的身份管理和基于zkVM的身份验证协议在实际应用中的可行性。