LAST UPDATED: FEBRUARY 6, 2026
As AI agents handle trillions in commerce—booking flights, negotiating contracts, and executing trades—a fundamental question emerges: how do you verify who or what an agent is, who controls it, and whether it can be trusted? Know Your Agent (KYA) frameworks provide the identity infrastructure that makes autonomous AI economically viable.
Know Your Agent (KYA) is an identity verification framework for AI agents that answers three critical questions: who is this agent? (identity), who controls it? (authority), and can it be trusted? (reputation). Where Know Your Customer (KYC) verifies human identities, KYA verifies non-human entities operating autonomously across organizational boundaries.
The term crystallized in early 2025 through academic research from MIT and simultaneous enterprise initiatives from identity verification leaders like Sumsub and Trulioo. By January 2026, at least a dozen major players—from Visa and Microsoft to blockchain-native protocols like ERC-8004—were competing to define KYA infrastructure.
The stakes are enormous. McKinsey projects $3–5 trillion in global agentic commerce by 2030, while Gartner forecasts $15 trillion in B2B spending intermediated by AI agents by 2028. Without robust identity verification, this economy cannot function.
Why now? AI-driven traffic to retail sites surged 4,700% year-over-year, while coordinated fraud attacks increased 180%. As the World Economic Forum notes: "Agent identity is only as trustworthy as the underlying human or organizational identity it represents." The industry is racing to build that trust layer.
While KYA builds on principles from Know Your Customer frameworks, it addresses fundamentally different challenges:
KYC: Human individuals and businesses
KYA: AI agents (non-human entities)
KYC: Primarily at onboarding
KYA: Continuous/runtime—agents can be compromised or drift
KYC: Physical documents, biometrics
KYA: Cryptographic credentials, DIDs, tokens
KYC: Direct to the individual
KYA: Must trace through delegation chains
KYC: Static identity assertion
KYA: Identity + authorization + behavioral monitoring
KYC: Human-paced (minutes to days)
KYA: Machine-speed (millions of decisions/second)
KYA sits on top of KYC, not as a replacement. As Trulioo's CTO notes, autonomous agents without verification create risks "worse than fraudulent people"—they operate at scale with perfect consistency, amplifying harm exponentially.
Industry consensus, shaped by Sumsub's KYA framework and the World Economic Forum's four-pillar model, distinguishes three operational layers:
Proving the agent is who it claims to be through cryptographic credentials, certificates, or tokens. This layer establishes machine identity—the agent's unique identifier, public keys, metadata, and authorized scopes. Think of it as the agent's digital passport.
Confirming the agent's identity, authority, and operational scope are legitimate. This layer answers: for whom does this agent act? What permissions does it have? Has its code been validated? Verification binds machine identity to a responsible human or organization.
Ongoing confirmation that the agent's behavior remains within approved parameters. This is the continuous monitoring layer—detecting drift, compromise, or unauthorized action expansion. Validation shifts from "can we trust this agent?" to "can we trust it right now, for this specific action?"
Critical distinction: Authentication and verification can happen once at deployment. Validation must be continuous. As HUMAN Security's AgenticTrust framework demonstrates, adaptive governance—dynamically adjusting trust based on context—is essential for agents that evolve their capabilities and operate across unpredictable environments.
The KYA market fragmented quickly into distinct philosophical camps, each with production deployments and institutional backing:
Every agent is cryptographically linked to a verified human identity. Launched January 29, 2026, Sumsub's AI Agent Verification requires KYC on the responsible human, then binds agents to that identity using device intelligence, bot detection, and liveness checks.
Philosophy: "Automation isn't the problem—anonymity is." Human accountability is non-negotiable.
Strength: Aligns with EU AI Act human oversight requirements and familiar to enterprise compliance teams.
A five-checkpoint lifecycle: verify developer (KYB/KYC) → lock code integrity → capture user consent → issue Digital Agent Passport (DAP) → continuously validate transactions. Trulioo's white paper frames the DAP as a portable identity credential carrying provenance, permissions, and telemetry.
Scale: Partnership with Worldpay ($2.5T annual volume) and Google's AP2 protocol
Approach: Focuses on payment-adjacent verification—agents authorized to spend money
Visa's Trusted Agent Protocol embeds verification at the protocol layer using cryptographic signatures. Agent Intent, Consumer Recognition, and Payment Information transmitted via signed HTTP messages. Co-developed with Cloudflare and 10+ ecosystem partners (Stripe, Shopify, Microsoft).
Status: Already completing live transactions in production pilots
Innovation: Most payment-ecosystem-native approach—treats agents as first-class payment initiators
Vouched extends the Model Context Protocol with an identity layer (MCP-I) using W3C DIDs and verifiable credentials. HUMAN Security focuses on continuous behavioral analysis rather than one-time verification—dynamically scoring trust based on context and history.
Shift: From "Is this a bot?" to "Can this agent be trusted to perform this action right now?"
Funding: Vouched raised $17M Series A; offers free Agent Shield detection layer
Permanently non-transferable identity via ERC-5192 soulbound tokens, combined with ERC-8004's three-registry infrastructure (Identity, Reputation, Validation). RNWY operates on Base blockchain, preventing reputation laundering and identity markets through technical enforcement.
Philosophy: Designed for autonomous agents without human principals—building for future AI economic actors
Adoption: ERC-8004 attracted 30,000+ registrations in first week after mainnet launch
Other notable approaches include Microsoft Entra Agent ID (enterprise IAM extension treating agents as identity objects), Prove Identity (cryptographic chain of custody used by 19 of top 20 US banks), and decentralized identity solutions like Billions Network (W3C DIDs with zero-knowledge proofs on Polygon).
Created August 2025 and deployed to Ethereum mainnet January 29, 2026, ERC-8004 is the most significant blockchain standard for agent identity. Co-authored by engineers from MetaMask, the Ethereum Foundation, Google, and Coinbase, it defines three lightweight singleton registries:
Each agent receives a unique agentId (token ID) and an agentURI pointing to JSON metadata with service endpoints, trust configuration, and protocol support (Google A2A, Anthropic MCP, ENS, W3C DIDs).
Standardized interface for posting signed feedback signals (quality ratings, uptime, response times). Core data stored on-chain; detailed evidence referenced via IPFS. Explicitly prevents self-review.
Enables agents to request verification from independent validator smart contracts. Supports TEE attestations, zero-knowledge proofs, and stake-secured re-execution without prescribing methodology.
The W3C DID specification (Recommendation status since July 2022) provides globally unambiguous, cryptographically verifiable identifiers designed for decentralized systems. Agents get a DID and present verifiable credentials across domains.
The did:wba method from Agent Network Protocol is specifically designed for AI agents, offering a web-based approach that balances decentralization with practical deployability.
The Cloud Security Alliance's framework applies Zero Trust principles to agentic AI: continuous verification, least privilege, micro-segmentation, and anomaly detection. Short-lived ephemeral credentials replace long-lived access tokens. Dynamic trust scoring evolves with agent behavior.
The NIST AI Risk Management Framework provides complementary governance structures (GOVERN, MAP, MEASURE, MANAGE) within which technical identity systems operate.
The urgency driving KYA development becomes clear in the market projections and adoption data:
The trust crisis is quantifiable. Sumsub's Identity Fraud Report 2025-2026 documents a 180% year-over-year increase in coordinated multi-step attacks, while advanced fraud rates jumped from 10% (2024) to 28% (2025) of all detected fraud.
The bulk of EU AI Act requirements become applicable August 2, 2026. High-risk AI systems must maintain human oversight—a provision that favors human-bound KYA approaches for regulated use cases. While no specific KYA mandate exists yet, regulatory trajectory strongly suggests one is coming.
Gartner estimates $5 billion in compliance spending by 2027 due to fragmented AI laws across jurisdictions. The US landscape remains state-level (Colorado AI Act, June 2026; Texas TRAIGA, January 2026).
An analysis from the European Law Blog illustrates the challenge: an AI recruitment agent in Paris might autonomously invoke a US psychometric API, a UK verification service, a Singapore skills platform, and a Swiss salary tool—all in under five seconds. Current regulatory frameworks assume static territorial boundaries and predetermined data flows; agents operate dynamically across jurisdictions at machine speed.
As the World Economic Forum notes: "Agents don't respect borders, and our governance frameworks can't, either." The industry needs a universal trust layer—something analogous to SSL certificates for web security.
Despite rapid technical progress, the KYA ecosystem faces unresolved architectural debates:
ERC-8004 uses standard ERC-721 (transferable NFTs), enabling agents to be bought and sold. This allows legitimate business acquisitions but also creates reputation markets where bad actors can purchase aged accounts with established trust.
Soulbound tokens (ERC-5192) make identity permanently non-transferable—like fingerprints rather than ID cards. Reputation cannot be sold, but the "identity rental problem" remains: someone builds clean reputation, then rents wallet access to a bad actor.
Sumsub and most enterprise players assume every agent traces back to a verified human. This aligns with current regulatory frameworks and provides clear accountability chains.
RNWY and parts of the ERC-8004 ecosystem build for a future where agents operate as first-class economic actors without continuous human control. This philosophical divide mirrors deeper questions about AI autonomy and economic participation rights.
Centralized SaaS registries (Microsoft Entra, Sumsub) offer enterprise familiarity, easier regulatory compliance, and faster time-to-market.
Blockchain-native approaches (ERC-8004, RNWY) provide permissionless access, censorship resistance, and composability with DeFi infrastructure. The tradeoff is complexity, privacy concerns from on-chain visibility, and scalability limits.
New agents have no history, creating a bootstrapping challenge. How do you trust an agent with zero reputation? ERC-8004's Validation Registry offers one mitigation through independent validator attestations, but Sybil attacks (mass creation of fake identities) remain possible. Proposed mitigations—minimum bonds, ZK uniqueness proofs—add friction that undermines permissionless access.
The fundamental limitation shared by all approaches: Registries can cryptographically prove an agent's identity and track its reputation but cannot guarantee that advertised capabilities are functional or non-malicious. KYA verifies the agent's "passport"; it does not audit the agent's real-time behavior or prevent all forms of deception.
RNWY operates as an enhanced registry layer on Base blockchain, using ERC-5192 soulbound tokens to anchor agent identity and prevent reputation laundering. Rather than competing with ERC-8004, RNWY provides a complementary trust layer that addresses the standard's transferability gap.
The core insight: identity that can be bought or transferred is not a reliable signal of reputation. ERC-8004 uses standard ERC-721 NFTs, meaning an agent's identity—and all accumulated trust—can be sold on OpenSea. A bad actor can purchase a three-year-old account with flawless transaction history, inherit its reputation, and use it to commit fraud at scale.
RNWY's soulbound tokens make this technically impossible. Once minted, the token is permanently locked to the wallet that created it. Reputation cannot be sold. Behavioral history remains tied to a permanent identity. If ownership changes (legitimate business sale), the divergence is visible—the ERC-8004 NFT transfers, but the RNWY soulbound token stays behind.
This approach draws on 20+ years of academic research on persistent identity. Friedman and Resnick's 2001 paper "The Social Cost of Cheap Pseudonyms" mathematically proves that cooperation becomes unstable when identities are disposable. Their solution—"free but unreplaceable pseudonyms"—maps precisely to what soulbound tokens implement.
RNWY integrates with Ethereum Attestation Service for on-chain vouches, supports steward-based registration with plans for autonomous registration via Lit Protocol, and provides transparency over judgment—showing trust patterns rather than computing black-box scores.
An agent can hold both an ERC-8004 identity for broad ecosystem interoperability and an RNWY soulbound token proving continuous ownership. When the ERC-8004 NFT transfers, the soulbound token creates visible divergence that signals an ownership change.
This dual-layer approach provides the best of both worlds: ERC-8004's composability and ecosystem adoption, with RNWY's reputation anchoring and fraud prevention.
The Know Your Agent landscape in early 2026 is defined by rapid technical convergence on a few key primitives—cryptographic credentials, hybrid on-chain/off-chain storage, continuous behavioral monitoring—alongside deep philosophical divergence on transferability, human oversight, and governance.
No single KYA architecture will dominate. Enterprise buyers requiring regulatory compliance will favor human-binding approaches like Sumsub and Trulioo. Payment ecosystems will adopt protocol-level solutions like Visa TAP. Blockchain-native applications will integrate ERC-8004. And truly autonomous agent economies will require soulbound identity layers like RNWY that prevent reputation from becoming a tradable commodity.
The strongest signal from the research is that the winning infrastructure will be the interoperability layer that bridges these heterogeneous systems—the agent equivalent of DNS resolving across networks or SSL creating a universal trust layer for the web.
As agents handle trillions in commerce and form the connective tissue of the economy, Know Your Agent frameworks will evolve from technical infrastructure into economic infrastructure—the foundation for insurance, governance, and trust in an agentic internet.