The AI agent era is accelerating. At the same time, concerns are growing over the unchecked creation and activity of agents. In response, Know Your Agent (KYA) systems, which assign identity to agents and govern their behavior, are gaining attention. Why is KYA identity infrastructure needed, and which companies are building it?
Summary
- AI agents are entering an era where they execute contracts, payments, and transactions autonomously, yet there is no shared standard to verify who the agent is. In Agent-to-Agent (A2A) settings, KYA is drawing more attention than KYC.
- KYA is not needed everywhere. Inside central platforms (Google·OpenAI·Coinbase), existing KYC is enough. KYA matters where individually deployed autonomous agents touch DEX, A2A payment, and merchant payment.
- The KYA standard race has already begun.
- ERC-8004: Issues AgentID on top of NFT. Builds ID, reputation, and validation all on-chain
- Visa TAP: Visa issues an identity credential to the agent and verifies via TAP’s three signatures (legitimacy·delegator·payment method)
- Trulioo: Adopts the SSL CA model. DPA issues the DAP
- Sumsub: Layers a KYA system on top of its own compliance system
- Regulation is already moving at the country level. The EU AI Act mandates operator identity in behavior logs of high-risk AI systems. The U.S. NIST lists agent identity management as a priority standard area. Singapore released the first national agentic AI governance framework. As the 2019 FATF Travel Rule decided which crypto exchanges survived, the presence of KYA infrastructure will determine entry into the next round of the market.
KYC: the layer that reshaped finance
- Before 1989, global finance had no shared identity standard. The gap made it hard to trace drug money and illicit funds.
- After the 1989 founding of FATF, KYC became mandatory in finance and blocked illicit funds at the entry point.
No agent identity, system slides backward
- AI agents execute contracts, payments, and trades without human involvement, but there is no way to verify who they are.
- In A2A environments, accountability becomes unclear, raising dispute risk and exposing users to laundering and other fraud patterns.
The role and response of KYA (Know Your Agent)
- KYA (Know Your Agent) is the trust layer that pre-verifies an agent’s origin, permissions, and accountability.
- Unverified agents create three simultaneous risks: unauthorized transactions, fraud, and accountability gaps.
KYA needs for every layer
- Inside central platforms, user KYC and the platform’s accountability guarantee are enough. Outside the platform, in interoperable settings, KYA becomes essential to verify the agent’s specific actions and safety.
- Inside one country (within the platform), an ID card (KYC) is enough to move freely. The moment one crosses a border (outside the platform), the environment changes, and an entry screening (KYA) of purpose and trust is required.
ERC-8004: agent identity on NFT
- ERC-8004 adds an identity layer on ERC-721. Each agent gets a minted NFT as unique ID.
- It also adds three on-chain registries (Identity·Reputation·Validation), serving as ID, reputation board, validation record.
Source: reports.tiger-research.com
