Enterprise agentic AI deployments using OAuth 2.0 and 2.1 have a structural identity gap: tokens carry no standardized fields for agent instance identity, delegating human principal, or purpose-bound scope. This means downstream systems cannot enforce agent-scoped least-privilege policies and generate audit logs that misattribute agent actions to human identities. The gap affects any enterprise deploying agentic AI (Claude Code, GitHub Actions, MCP-connected agents, or equivalent) against production systems via OAuth-based access controls.