New paperGrounding Promises in the Sandbox: an environment-grounded commitment protocol for trained autonomous agents.Read now
Teleperson
All posts
Engineering

Know Your Agent: identity becomes infrastructure

Banking has KYC. Agent commerce will need KYA — a way to verify that an agent is who it claims to be and authorized to do what it's doing. It barely exists yet.

Teleperson Team · May 14, 2026 · 4 min read

When a bank onboards a customer, it runs KYC — Know Your Customer. It verifies the person is real, is who they claim to be, and is allowed to do what they're asking. KYC is unglamorous, it is mandatory, and the entire edifice of consumer finance rests on it. Without it, every transaction is a guess.

Agent-to-agent commerce is about to need the same thing, and it does not have it. Call it KYA — Know Your Agent. It is the most under-built layer of the agentic stack, and the gap is going to start hurting in 2026.

The question KYA answers

When two agents transact, each one is making a claim. The consumer's agent claims: I act for this person, and I am authorized to do this. The brand's agent claims: I act for this company, and I can make this offer.

KYA is the infrastructure that lets the other side check those claims instead of trusting them. It has three parts:

  1. Agent identity. Is this agent a distinct, verifiable entity — not a spoof, not a copy?
  2. Principal binding. Does it genuinely act for the person or company it names? Was that delegation real, and is it current?
  3. Authority scope. What is it authorized to do — and is the action in front of us inside that scope?

Today, in most agent interactions, all three are assumed. The agent says who it works for and what it can do, and the counterparty takes the claim at face value. That works in demos and pilots. It does not work at scale, against incentives, with money moving.

Why this is harder than KYC

KYC has a stable subject. A person has one legal identity, established once, that rarely changes.

An agent has none of that. It can be cloned. It can be updated mid-week into something that behaves differently. Its authority is delegated — and delegation can be partial, time-boxed, conditional, and revoked. The thing KYA has to verify is not "is this a real entity" but "is this entity, right now, carrying valid authority for this specific action." That is a live question, not a one-time check, and it has to be answerable in the milliseconds an agent transaction takes.

So KYA is not KYC with the word swapped. It needs verifiable agent credentials, a way to express and check delegated scope, and a way to confirm in the moment that the scope hasn't been revoked. Pieces of this exist in the authenticated-delegation and decentralized-identity work happening now. Assembled, deployed, and standardized — it does not.

What it lets you do once it exists

A working KYA layer changes what's safe to build:

  • A brand's agent can accept a transaction from a consumer's agent because it has verified the consumer authorized it — not because it hoped so. We've argued the customer's own agent is going to show up in brand support channels regardless; KYA is what lets a brand say yes to that instead of blocking it.
  • A consumer's agent can refuse to negotiate with a counterparty whose identity doesn't check out — spam and fraud get a real barrier instead of a vibe.
  • A marketplace can produce a transaction record where the parties are verified, not merely named — which is what makes the record worth anything in a dispute.

That last point is the connection that matters. A signed record of an agreement is only as good as the identities it binds. KYA is the layer underneath the trust layer — the verification that makes everything built on top of it real rather than asserted. We treated the records-and-attestation side in Trust at Machine Speed; KYA is the identity half of the same problem.

Where this goes

Identity infrastructure is invisible when it works and catastrophic when it's missing. KYC is invisible — nobody thinks about it, and consumer finance functions. The early years of agent commerce will be the visible-because-missing phase: the spoofed agents, the over-broad delegations nobody checked, the transactions that turn out to have been authorized by no one.

The teams building agentic products right now should treat KYA the way a fintech treats KYC — not as a feature to add later, but as table stakes you cannot operate without. The agent that can prove who it works for, and exactly what it's allowed to do, will be the one other agents are willing to transact with. The one that can only assert it will, fairly soon, be the one nobody trusts.

Related