Skip to main content

From KYC to KYA: Navigating the Future of AI Agents in Crypto Markets

· 8 min read
Dora Noda
Dora Noda
Software Engineer

It took the financial industry decades to build Know Your Customer (KYC) infrastructure. The industry may have only months to figure out Know Your Agent (KYA). As AI agents flood cryptocurrency markets—with estimates projecting one million autonomous agents operating on blockchains by late 2025—the question of who (or what) is transacting has become existentially urgent.

In October 2025, Visa unveiled its Trusted Agent Protocol amidst a staggering 4,700% surge in AI-driven traffic to U.S. retail sites. The message was clear: the machines are already shopping, and commerce infrastructure isn't ready.

From KYC to KYA: Why Identity Must Evolve

Know Your Customer (KYC) was designed for a world where humans conducted transactions. Every account opening, every wire transfer, every cryptocurrency exchange signup assumed a person on the other end—someone with a passport, a utility bill, a face to verify.

But 2025 shattered that assumption. Coinbase's CEO publicly demonstrated AI agents autonomously executing on-chain crypto transfers. By late 2024, industry observers predicted an explosion of crypto-autonomous agents, with blockchain-native AI systems managing portfolios, executing trades, and navigating DeFi protocols without human intervention.

The problem is fundamental: traditional KYC can't answer the questions that matter when software acts autonomously. Who built this agent? Who authorized it to act? What are its permission limits? Who is liable when something goes wrong?

Enter Know Your Agent (KYA)—a framework that applies the verification logic of KYC and KYB (Know Your Business) to software itself. As Trulioo and PayOS articulated in their 2025 white paper, KYA establishes which agent is acting, who authorized it, and under what permissions and limits it operates.

The Digital Agent Passport: Credentials for Machines

At the heart of emerging KYA frameworks is the Digital Agent Passport (DAP)—a tamper-proof credential showing who built the agent, who it represents, and what permissions it holds.

Trulioo's framework outlines five critical checkpoints:

  • Provenance: Verification of the agent's developer identity and locked source code
  • User Binding: Captured consent linking the agent to its human principal
  • Permission Scope: Clear boundaries on what actions the agent can take
  • Real-Time Behavior Telemetry: Continuous monitoring of agent actions
  • Continuous Risk Scoring: Dynamic assessment of agent trustworthiness

The white paper proposes independent Digital Passport Authorities to issue, sign, and revoke these credentials—functioning like SSL certificate authorities that verify encrypted websites, but for autonomous software.

This isn't theoretical. In August 2025, Worldpay announced it would use KYA to help merchants verify AI agents at checkout. By December, Trulioo joined Google's Agent Payments Protocol (AP2) to enable trusted agent-led payments across platforms.

Protocol Wars: Visa TAP vs. Google AP2 vs. Stripe ACP

The race to define agent authentication standards is intensifying, with major players staking competing claims.

Visa's Trusted Agent Protocol (TAP), launched in October 2025, uses cryptographically signed HTTP messages to transmit an agent's intent, verified user identity, and payment details. Merchants validate signatures using Visa's public keys, confirming authenticity before processing transactions. TAP is already available on GitHub and Visa's Developer Center, with early adopters including Nuvei, Adyen, Stripe, Akamai, and Cloudflare.

Google's Agent Payments Protocol (AP2) takes a payment-agnostic approach, supporting cards, bank transfers, and even stablecoins. AP2 uses cryptographic user mandates to prove consent, creating a common language for how AI agents can transact across platforms.

Stripe and OpenAI's Agentic Commerce Protocol (ACP), announced in September 2025, enables instant checkout in ChatGPT and similar AI interfaces.

Mastercard's Agent Pay incorporates Web Bot Auth standards, while American Express is building its own agentic-commerce program using similar authentication primitives.

The underlying technical infrastructure draws from established standards: W3C Verifiable Credentials v2.0 for cryptographically signed identity claims, and NIST SP 800-63-4 for phishing-resistant authentication flows suitable for automation.

Blockchain's Role: ERC-8004 and On-Chain Agent Identity

While traditional payment networks build centralized authentication layers, the cryptocurrency ecosystem is developing native alternatives.

ERC-8004—nicknamed "Trustless Agents"—is a draft Ethereum standard addressing agent identity directly on-chain. The proposal includes:

  • On-Chain Registries: Smart contracts that register agent identity and record reputation data on blockchain, allowing external entities to verify credentials and performance history
  • NFT-Based Portable IDs: Unique, transferable identity tokens for agents
  • Reputation Systems: Verifiable feedback mechanisms to build trust scores
  • Pluggable Validation: Support for zero-knowledge proofs and TEE-based verification of agent outputs

This decentralized approach mirrors how blockchain handles human identity through self-sovereign identity (SSI) systems. Just as humans don't need centralized authorities to prove ownership of their wallets, agents could establish trust through cryptographic proofs rather than corporate gatekeepers.

The implications for DeFi are significant. By 2026, AI agents can now legally hold cryptocurrencies in their own name, effectively operating as independent economic entities. Agentic AI in DeFi is already navigating lending protocols, yield farming strategies, and arbitrage opportunities through account abstraction and programmable smart contracts.

The Regulatory Reckoning: U.S. Treasury Weighs In

Regulators aren't waiting for the industry to sort itself out. The U.S. Treasury, under Secretary Janet Yellen, has advanced proposals to integrate digital identity verification into DeFi smart contracts as part of the GENIUS Act consultation.

The proposal outlines potential solutions including APIs, AI-powered verification systems, and blockchain-based identity infrastructure that could authenticate users using government-issued IDs, biometric data, or portable digital credentials.

The regulatory logic is straightforward: without identity verification, AI agents operating in 2026 are excluded from institutionally trusted protocols. This reduces the risk of large-scale market manipulation by anonymous bot networks—a concern that has grown as agent-initiated trading volumes surge.

By 2026, projections suggest at least 25% of major financial organizations will offer blockchain-based verification options, with hybrid AI-blockchain fraud prevention systems potentially reducing identification fraud by 40-50% compared to traditional methods.

Why Crypto Markets Face Unique KYA Challenges

Cryptocurrency markets present distinctive complications for agent authentication:

Pseudonymity vs. Accountability: Crypto's foundational ethos values permissionless access. Requiring agent credentials creates tension with the principle that anyone should be able to transact without gatekeepers.

Cross-Chain Complexity: An agent operating across Ethereum, Solana, and Sui needs credentials recognized by multiple ecosystems—a problem no current standard fully solves.

Real-Time Requirements: DeFi operates at machine speed. Authentication mechanisms must verify agent identity without introducing latency that undermines trading strategies.

Liability Gaps: When an AI agent executes a smart contract that gets exploited, who bears responsibility? The agent's developer? Its principal? The protocol? Current frameworks don't have answers.

Sybil Attacks: Without robust identity, malicious actors can deploy thousands of agents to manipulate governance votes, drain liquidity pools, or execute coordinated attacks.

These challenges explain why DeFi platforms face a compliance paradox: implementing identity verification systems conflicts with decentralization values, yet operating without them invites regulatory crackdowns and institutional exclusion.

The Stakes: Trust Infrastructure for the Machine Economy

Visa predicts millions of consumers will use AI agents to complete purchases by the 2026 holiday season. Pilot programs are launching across Asia Pacific, Europe, and Latin America throughout 2026.

The financial implications are massive. The convergence of AI and cryptocurrency is powering two major fronts: AI-driven analytics for monitoring, compliance, and fraud prevention, alongside agentic payments where AI systems initiate transactions under pre-defined parameters.

For crypto markets specifically, the absence of KYA creates cascading risks:

  • Fraud exposure when agents act without clear identities
  • Liability ambiguity leaving merchants and protocols without recourse
  • Consumer trust erosion as users can't audit what agents do on their behalf
  • Payment fragmentation without unified identity protocols

The industry that took decades to implement KYC may have only months to deploy KYA. The protocols being written today—TAP, AP2, ERC-8004—will determine whether AI agents become trusted participants in the machine economy or remain locked outside the gates of institutional finance.

What This Means for Builders

For developers entering this space, the message is clear: agent identity isn't optional infrastructure—it's foundational.

Projects building autonomous agents should consider:

  • Implementing cryptographic signatures for agent actions from day one
  • Designing for credential portability across chains and platforms
  • Building audit trails that satisfy both on-chain transparency and regulatory expectations
  • Anticipating integration with emerging standards like ERC-8004 and TAP

The agents that will thrive in 2026 and beyond won't just be the smartest or fastest. They'll be the ones that can prove who they are, who they represent, and what they're authorized to do—at machine speed, with cryptographic certainty.

As autonomous AI agents reshape blockchain interactions, reliable infrastructure becomes critical for both human developers and their machine counterparts. BlockEden.xyz provides enterprise-grade blockchain APIs designed for the demands of high-frequency, agent-initiated operations across multiple chains.

Share on Twitter