Skip to main content

Know Your Agent: How KYA Replaced KYC as the Agent Economy's Defining Compliance Battleground

· 13 min read
Dora Noda
Dora Noda
Software Engineer

AI agents now handle roughly 19% of all on-chain DeFi activity. BNB Chain alone hosts more than 150,000 deployed agents — up from fewer than 400 at the start of the year, a 43,750% surge in under four months. Bots generate over 76% of stablecoin transfer volume, and Gartner expects 40% of enterprise apps to embed task-specific AI agents by the end of 2026.

There is just one problem: nobody knows who any of these agents are. KYC was built to verify humans. The compliance frameworks of the next decade have to verify autonomous software — and the standard that wins this fight will quietly capture one of the largest regulatory verticals in financial services. a16z calls it KYA: Know Your Agent.

The 96-to-1 Problem

The blunt framing comes from a16z's 2026 crypto predictions: AI agents now outnumber human financial services workers 96 to 1, yet they remain "unbanked ghosts" unable to transact independently. The bottleneck isn't intelligence. It's identity.

Today, no widely adopted, interoperable mechanism exists for one agent to prove to another:

  • Who it represents — which human, company, or DAO is on the hook for its actions
  • What it is allowed to do — spend caps, asset whitelists, geography limits
  • How it gets rewarded — and who gets paid when it transacts

Every link in the chain — exchange API, wallet, lender, stablecoin issuer, on-ramp — was built around the assumption that a human pressed the button. When an agent presses the button instead, the entire compliance stack defaults to either "block everything" or "trust everything." Neither survives contact with regulators.

KYA is the proposed fix. It is short for Know Your Agent, and it is essentially KYC's cryptographic sibling: an agent identity layer that binds a software actor to its human principal, its operating constraints, its authority bounds, and a tamper-evident audit trail. a16z's 2026 forecast explicitly declares that identity authentication is "transitioning from human-centered KYC to KYA mechanisms." The infrastructure is already shipping.

What's Actually Live in 2026

The past 90 days produced more KYA infrastructure than the previous two years combined. Five concrete launches define the landscape.

Skyfire's KYAPay protocol is the most production-ready of the bunch. Skyfire issues cryptographically signed JSON Web Tokens (RFC 7515) that attest to the identity of a buyer agent, its principal, and its agent platform. Merchants accepting agent payments verify these tokens server-side before allowing checkout. In December 2025, Skyfire publicly demonstrated an end-to-end agentic commerce purchase using KYAPay over Visa's Intelligent Commerce rails — the first time an autonomous agent paid a Visa-network merchant using a verifiable cryptographic identity rather than a stolen-credential pattern. KYAPay is also being submitted as an IETF draft (draft-skyfire-kyapayprofile-01), pushing the spec toward neutral standardization.

Sumsub's AI Agent Verification, launched January 29, 2026, takes the opposite approach. Rather than verifying the agent itself, Sumsub binds the agent to a verified human via liveness checks, device intelligence, and continuous risk scoring. Co-founder Vyacheslav Zholudev's framing is striking: "Rather than attempting to blindly trust AI agents themselves, our solution focuses on verifying the humans behind them." Sumsub serves the conservative end of the market — banks, exchanges, and regulated fintechs that need an audit trail leading back to a real person before they will let any agent touch funds.

ERC-8004 went live on Ethereum mainnet the same day Sumsub launched its product, January 29, 2026. The standard creates three lightweight on-chain registries: an Identity Registry (an ERC-721 handle that resolves to an agent's registration file), a Reputation Registry, and a Validation Registry. Crucially, ERC-8004 extends Google's Agent-to-Agent (A2A) protocol with a trust layer that allows agents to discover and interact across organizational boundaries without pre-existing trust. Base, Optimism, and Arbitrum are next in line for deployment.

Coinbase's Agentic Wallets, released February 11, 2026, are the first wallet infrastructure built specifically for autonomous agents. They expose programmable spending limits, per-session caps, private-key isolation, and high-risk transaction screening. Coinbase paired the launch with x402 — the HTTP-native stablecoin payment protocol — so that any agent presenting a valid identity claim can pay for an API call in a single round-trip.

World's AgentKit, announced March 17, 2026 with Coinbase, lets AI agents carry zero-knowledge proofs that they are backed by a unique human verified through World ID. As Erik Reppel, head of engineering at Coinbase Developer Platform and founder of x402, put it: "Payments are the 'how' of agentic commerce, but identity is the 'who.'"

Five companies. Five incompatible approaches. One unsolved question: which of these becomes the default?

Five Approaches, One Standard to Rule Them All

The five live KYA stacks each answer a slightly different question.

ApproachWho They VerifyCryptographic PrimitiveBest For
Skyfire KYAPayThe agent + its principalRFC 7515 signed JWTsAgent-to-merchant commerce
Sumsub KYAThe human behind the agentLiveness biometrics + device fingerprintBanks and regulated exchanges
ERC-8004The agent's on-chain handleERC-721 identity NFT + reputationCross-organizational agent discovery
Coinbase Agentic WalletThe wallet's spend authorityMPC + programmable policyWallet-as-callable-service
World AgentKitProof of unique human backingZero-knowledge proofs over World IDSybil-resistant agent populations

These approaches will not all survive. Just as OAuth eventually consolidated human authentication into a small set of dominant providers, the agent identity layer will collapse to two or three winners over the next 24 months. The key strategic question: does that collapse happen around an open cryptographic standard, or do dominant identity providers — Okta, Auth0, Google — capture the layer the way they captured human OAuth?

The answer matters more than it sounds. If KYA is captured, every agent-economy participant — wallets, exchanges, stablecoin issuers, RPC providers — pays a toll to a centralized gatekeeper. If KYA stays open, agent identity becomes a permissionless primitive composable across every chain and protocol. The current proposal circulating among Ethereum core developers, ERC-8400, would formalize the open path on top of the ERC-8004 registries already deployed.

The Regulatory Forcing Function

Standards do not get adopted because they are elegant. They get adopted because regulators force it. Two parallel pressures are converging in 2026.

FATF Travel Rule expansion. In June 2025, FATF updated Recommendation 16 to standardize cross-border payment information requirements. By April 2026, 73% of jurisdictions (85 of 117 surveyed) have passed Travel Rule legislation, up from 65 a year earlier. The 2025 FATF report explicitly notes that stablecoin use by illicit actors has continued to increase and that most on-chain illicit activity now involves stablecoins. Stablecoin issuers and administrators now fall within VASP definitions and inherit Travel Rule obligations. The unanswered piece: when an AI agent moves USDC, is the originating "VASP" the agent's wallet provider, the agent's deployer, or the human principal? Without a KYA primitive, none of these have a defensible answer.

US Treasury and BSA reporting proposals. Treasury has begun circulating drafts that would require regulated stablecoin issuers — under the new GENIUS Act framework — to distinguish "agent-initiated" from "human-initiated" transactions in their suspicious-activity reporting. That distinction is impossible to make without a verifiable agent identity attached to every transaction. The choice for issuers is binary: integrate a KYA layer or refuse to serve agent traffic at all. Given that bots already generate 76% of stablecoin transfer volume, refusing the segment is not a real option.

The result: every issuer with more than $10B in circulating supply — Tether, Circle, PayPal, USA₮ — will need a KYA layer in production by the time the GENIUS Act's July 2026 OCC rulemaking deadline lands. That alone creates a compliance vertical roughly the size of the existing $10B KYC market within five years.

The Infrastructure Read-Through

KYA is not just a regulatory checkbox. It reshapes the economics of every layer of the stack agents touch.

Wallets become tollbooths. If Coinbase's Agentic Wallet pattern wins — wallet as a callable service that handles custody and policy enforcement while agents handle reasoning — wallet infrastructure providers capture a fraction of every agent transaction. The Coinbase, Safe, MoonPay, and Privy fight over wallet primitives is really a fight over who collects this toll.

Exchanges segment by user class. Tier-2 exchanges like South Africa's VALR, which launched its agent-native API suite on April 10, 2026, are racing to differentiate by treating agents as a native user class rather than bolting agent support onto a human-first platform. Larger exchanges (Binance, Coinbase) cannot make these architectural bets without disrupting their human user base, which leaves a real opening for Tier-2 venues to capture disproportionate share of the agent stablecoin volume.

RPC and indexing infrastructure changes shape. Agent traffic is fundamentally different from human dApp traffic. It is burst-heavy, predictable on schedule, and exhibits deterministic call graphs that look nothing like a retail user clicking through a frontend. By Q4 2026, daily active on-chain agents are projected to cross 1 million. RPC providers will need to redesign rate limiting, pricing, and SLA guarantees around agent consumption patterns — and they will need to surface KYA claims in request headers so that downstream services can reason about who is calling.

This is precisely where blockchain infrastructure providers like BlockEden.xyz fit into the KYA story: agent-aware RPC headers, KYA-signed request authentication, and pricing tiers that distinguish a verified agent doing high-frequency reads from an anonymous bot probing for exploits. The provider that ships these primitives first becomes the default backend for the agent economy.

The Capture Risk

The strongest argument for moving fast on open standards is what happens if we don't.

The web's identity layer was once supposed to be open too. OpenID, browser-native cryptographic identity, decentralized DNS — all of it lost to OAuth-as-implemented-by-Google-and-Facebook because the open alternatives shipped slower than the closed ones. Today, "Sign in with Google" is the de facto identity layer for the consumer web, and the cost is that Google has read access to authentication metadata across most of the internet.

The same dynamic is in play with KYA. Sumsub, Skyfire, and World are racing to ship production-ready stacks. Okta and Auth0 have already begun adding "AI agent" identity products to their roadmaps. If a centralized identity provider becomes the default before ERC-8004 plus an open KYAPay-derivative achieves critical mass, the agent economy gets a permissioned identity rail it cannot easily migrate away from.

The next 12 months are when this gets decided. Either ERC-8004 plus open KYAPay-style protocols become the default and the agent identity layer stays composable across chains, wallets, and merchants — or the layer gets captured, and every agent transaction pays rent to whichever identity provider wins the enterprise market.

What 2026 Will Look Like

By the end of 2026, three things will be visible.

First, issuer compliance lines will harden. Circle, Tether, and PayPal will publicly distinguish agent-initiated from human-initiated transaction volume in their attestations and SAR reporting. The first issuer to do this credibly captures the institutional agent market.

Second, a small number of KYA standards will dominate. The most likely outcome is one open standard (ERC-8004 plus a KYAPay-derivative) for crypto-native flows and one or two enterprise standards (Sumsub, Okta, or a Microsoft/Google equivalent) for traditional finance integrations. Cross-recognition between the two is the trillion-dollar question.

Third, agent-native infrastructure pricing will diverge from human-native pricing. RPC providers, exchanges, wallets, and stablecoin issuers will all introduce dedicated agent tiers — and the agent tier will be more expensive per query but cheaper per unit of stablecoin volume settled. The economics of serving 250,000+ daily active agents (already today's number) and the projected 1 million by year-end demand it.

The agents are already here. The compliance plumbing is what comes next. Whether KYA gets built as a public good or captured as private infrastructure will quietly determine whether the projected $450B agent economy runs on a permissionless rail or a permissioned one — and that is the most important regulatory question crypto will face in 2026.

BlockEden.xyz provides enterprise-grade RPC and indexing infrastructure across 27+ chains. As agent traffic reshapes how Web3 backends are consumed, explore our API marketplace to build on infrastructure designed for both human-developer and agent-native consumption patterns.

Sources

Share on Twitter