The OAuth 2.1 and JWT identity standards gap item documents a structural absence of standardized agent-identity claims in access tokens, meaning AI agents authenticating via standard OAuth flows carry indistinguishable identities from human users and inherit standing privileges without scope restriction. This is a governance risk item with no patch, no CVE, and no single vendor remediation path — it requires compensating controls at the application and identity provider layer and organizational policy action.