Identity & Trust
AI agents are acquiring wallets, executing x402 transactions, and operating autonomously across payment rails. The compliance question has shifted: it is no longer only "who is this customer" but "who authorized this machine, what are its limits, and how does it prove its principal's identity?" KYA is the emerging framework for answering these questions.
Why This Matters Now
Coinbase CDP, Cloudflare Agents SDK, and autonomous agent frameworks give AI systems their own wallets. An agent can receive USDC, evaluate an x402 paywall, sign a payment, and consume the resource — without human intervention at transaction time. Current KYC frameworks have no model for this.
A human or institution delegates authority to an agent. The agent delegates to sub-agents. Three hops from the principal, who is liable? Current identity frameworks collapse at delegation depth. KYA must define how authorization chains are established, verified, and audited.
A KYA credential must encode not just "who" but "how much" and "what for." An agent authorized for $50/day of API calls should not be able to execute a $10,000 trade. Spending envelopes, category restrictions, and temporal bounds are part of the identity layer, not just the payment layer.
FATF Travel Rule requires originator and beneficiary data on transactions above threshold amounts. When both originator and beneficiary are machines, the Travel Rule needs a machine-readable identity format. This intersects directly with VASP compliance and GLEIF's vLEI credential scheme.
Proposed Framework
The human or institution that authorized the agent. Anchored to existing KYC/KYB infrastructure: government ID for individuals, LEI or EIN for entities. The principal is always a legal person — the agent derives its authority from them.
A cryptographic chain of signed authorizations from principal to agent. Each link in the chain specifies: who delegated, to whom, what permissions, what limits, and when the delegation expires. Verifiable at any point by any counterparty without contacting the principal.
The agent's authorized scope: spending limits (per-transaction, daily, cumulative), permitted asset types, permitted counterparty categories, permitted action types (read, transact, delegate), and temporal bounds. Encoded as machine-readable claims within the KYA credential.
KYA credentials must be revocable in real-time — if an agent is compromised, the principal needs to kill its authority instantly. On-chain revocation registries, short-lived credentials with refresh requirements, and hierarchical revocation (revoking a parent revokes all children) are architectural requirements.
Industry Landscape
CDP provides agent wallets and the x402 protocol provides the payment handshake. Currently, agent identity is implicit in the wallet address. KYA would add an explicit identity layer atop CDP wallets — verifiable credentials that travel with x402 payment signatures.
Cloudflare's Agents SDK runs autonomous agents on Workers with durable state. Co-stewarding the x402 Foundation. Agents need IAM-grade identity to operate within enterprise environments — KYA bridges the gap between agent autonomy and enterprise access control.
GLEIF's verifiable LEI credential scheme provides organizational identity that is machine-verifiable and cryptographically anchored. vLEI could serve as the institutional identity layer within KYA — an agent's principal is identified by their vLEI, not just a wallet address.
FATF's updated guidance on VASPs and the Travel Rule will eventually need to address machine actors. FinCEN's enforcement posture on unhosted wallets creates pressure to define what "hosted" means when the wallet holder is an AI agent operating on behalf of a regulated institution.
Reference Architecture
Interactive reference architecture — principal identity anchoring, delegation chain
construction, capability envelope encoding, real-time revocation, and x402 payment
signature integration with KYA credential verification.
BUILDING — SVG + interactive version coming