A recent security fix in AM changes the value in the "subject" claim of the OIDC JWT from the user name, e.g. "fred" to the unique value "(usr!fred)". This allows AM to distinguish between users called "fred" and Agents called "fred" and presumably also several other kinds of entity called "fred".
Whereas the use of "(usr!fred)" is completely transparent as far as AM is concerned (i.e. "fred" + context or "(usr!fred)" with presumably less context) are completely equivalent) it does create some interesting entries in the log files which readers may consider to be errors.
For this reason the Agent should use the new "subname" claim, which is set to the "old" username.