EN PT
Talk to us

About the founder

Charles Carrington, Founder of Attribit-ID

Charles Carrington

Founder, Attribit-ID

LinkedIn

If your organization is putting AI agents to work and no one can say exactly who those agents are, what they are allowed to access, or who is accountable when one acts, that is the gap I close. Attribit-ID is my advisory practice for boards, CISOs, and identity leaders governing AI agents as a new class of actor inside the enterprise.

I am an enterprise identity architect with 25 years building IAM programs at scale across financial services, energy, healthcare, and manufacturing. I founded Attribit-ID in Portugal in 2025. For most of my career, I was the person you called when a program was in trouble. The work was fixing it.

There is a fair question that comes next: how do I know this actually works? The answer is on this site. The system that runs Attribit-ID, from research and publishing to client briefings and workflow automation, runs on AI agents. Everything I advise, I operate.

At Ford, I joined a $7M cloud identity migration nine months behind schedule, covering 200,000 employees and three million users across US and China operations, and delivered it in seven months. At Citi, I stabilized a 2FA rollout for mobile banking that had become a CritSit. At TXU, the task was splitting a company in two and keeping identity intact on both sides. At Duke Energy, Empire BlueCross BlueShield, GM, Marsh McLennan, and State Farm, the shape was consistent: large estates, high complexity, and an identity program on the critical path.

The pattern across all of it was the same. Identity programs do not fail on the technical layer. They fail because no one answered the governance question: who should have access to what, and why. That question now has a new subject, and its name is AI agents.

About Attribit-ID

An advisory practice focused on identity and access management for AI, LLMs, and AI agents

Lisbon cityscape

Attribit-ID is a Portuguese LLC operating as a boutique advisory and consulting firm focused on identity and access management in the context of AI, LLMs, and AI agents. The firm is built to help boards, CISOs, and security architects decide how humans, systems, and AI agents should be identified, granted access, and held accountable as AI becomes part of everyday work.

Why this firm exists

The core problem we work on is simple to state and hard to solve: AI is moving faster than most identity and access teams, but accountability still has to land somewhere.

  • Enterprises already have IAM platforms, standards, and roadmaps, but AI agents, tools, and data flows do not always fit cleanly into them.
  • Boards and senior leaders are being asked to oversee AI risk without a clear view of how identity, access, and accountability connect.
  • Security and identity teams are expected to support AI initiatives while keeping controls, logs, and governance complete and coherent.
  • Vendors offer point solutions, but few are tasked with helping you define the underlying identity and accountability model or how to close the gap between what you have and what you need.

Attribit-ID exists to sit in that gap: independent, practitioner-led advice on how identity and access should work when AI is in the loop.

Track record

25+

Years in IAM and security architecture

80+

Enterprise engagements delivered

100M+

Identities managed at scale

3

Continents served

How we work

The firm is structured as an advisory practice, not a product vendor or implementation shop.

Advisory-first

We focus on strategy, architecture, and governance, then work with your existing teams and vendors rather than replacing them.

Practitioner-led

Work is grounded in hands-on experience with IAM, security, LLMs, and AI agents, not just framework slides.

Efficient

We do not boil the ocean. We use individual experts and very small teams to address tightly defined critical issues in short time blocks with clearly stated outcomes.

Lean and precise

We aim for material that can be read and used quickly by boards and technical leaders without flattening complexity. We do not sell "pages by the pound."

Engagements are scoped and time-bounded, with clear outputs that can live inside your existing governance, risk, and architecture processes. We deliver results you can use and that make a difference.

Background and experience

Attribit-ID's work draws on decades of personal experience across identity and access management, cyber security operations, and security architecture. Our AI experience is not decades old, only years, but it is hands-on.

  • Leading and correcting large-scale IAM and security projects Experience leading IAM and security projects for complex enterprises, including programs with millions of identities, where success depended on stabilizing troubled efforts and delivering under tight constraints.
  • Building and running IAM practices History of building IAM consulting practices from very small cores to dozens of specialists, delivering tens of millions in annual services, and overseeing portfolios of more than 80 engagements across dozens of clients.
  • Enterprise-scale architecture and directory design Responsibility for enterprise architecture work where identity, directory, and security services sat at the core, including designs for directories with hundreds of millions of entries and integrated authentication and access control.
  • Complex integration and migration work Leadership of integration and migration efforts that touched essentially all applications and security infrastructure in an organization, such as major portal, email, and access control consolidations across tens or hundreds of thousands of users.
  • Focused assessments and "SWAT" style engagements Short, intensive engagements to assess existing security and directory implementations, identify root causes of instability or gaps, and leave behind concrete remediation steps and updated standards.
  • Education and pattern-setting work Creation and delivery of training and reference material on security and IAM topics, including multi-day curricula and webcasts used by thousands of practitioners, so teams could apply consistent patterns across many projects.

The common thread is making sure identity and access decisions about AI can stand up in boardrooms, architecture reviews, and incident post-mortems.

Where we fit in your ecosystem

Attribit-ID is designed to work alongside your existing teams, platforms, and partners.

  • We do not resell software or take a percentage of vendor deals; our role is to help you make and defend identity and access decisions.
  • We are comfortable working with internal security, identity, and engineering teams as well as external integrators and platform vendors.
  • We treat attribit-id.com and its Writing as the durable record of our point of view, with LinkedIn and other channels feeding into that archive.
  • We maintain an EU-native corporate stance while serving a global enterprise audience, with practical attention to U.S. and European contexts.

For some organizations, our firm is a short-term catalyst to get AI and identity decisions made; for others, it is a recurring advisory partner during periods of rapid AI-driven change.

Where to go next

If you want to see how this point of view shows up in concrete work, you can start with the Services page or with recent Writing on AI, identity, and accountability. If you already have a specific AI- and identity-related concern, we can begin with a brief, scoped conversation.

See specific services Read recent writing Talk about your AI identity risk