Know Your Agent

The first pillar of KYA, agent authentication, addresses the fundamental question of whether an agent is what it claims to be. Unlike human authentication where identity and entity are inseparable, an agent's software entity is distinct from its registered identity, making it vulnerable to cloning or spoofing. Effective authentication requires a layered approach, combining cryptographic credentials to prove access rights, metadata verification to confirm the agent's profile against a registered record, and runtime attestation to ensure the agent's execution environment is secure. This pillar establishes the "human binding" – the crucial link between a specific agent deployment and a verified human identity.

The second pillar, mandate verification, establishes that an authenticated agent is authorized to perform a specific action. Conflating authentication with authorization is a critical design flaw in agentic systems. An agent’s authority must be independently verified at the point of every transaction through a machine-readable operational envelope that defines its permitted actions, value thresholds, and contextual constraints. This is achieved using Verifiable Digital Credentials (VDCs), which provide a tamper-evident mandate from the human principal, ensuring that the agent operates strictly within its delegated authority.

The third pillar, behavioural fingerprinting, provides continuous, dynamic risk assessment by monitoring an agent’s actions for anomalies. Every agent develops a unique behavioural signature over time, and deviations from this baseline - such as changes in transaction velocity, patterns, or context - can signal a compromise or misuse. This practice, analogous to agent observability, requires adaptive, agent-type-aware monitoring systems that can distinguish between normal and anomalous behaviour for each specific agent deployment, enabling real-time intervention and dynamic trust adjustments.

The adoption of KYA necessitates a fundamental shift in how organisations approach digital identity and trust. Product leaders and designers must move beyond retrofitting human-centric KYC systems and instead build new trust architecture from the ground up, designed specifically for autonomous agents. This requires investing in new technologies and standards—Verifiable Digital Credentials, decentralised ledgers, runtime attestation—to support dynamic mandate verification and principal traceability. Organisations must also develop sophisticated behavioural monitoring systems capable of fingerprinting agent activity and detecting anomalies in real time, treating agent observability as a continuous practice rather than a periodic audit.

The fourth pillar—principal traceability—ensures that every agent action can be traced back to the human or organisation that authorised it. This is not merely a compliance requirement but the foundation of accountability in agentic commerce. When an agent causes harm, the chain of delegation must be legible: who created the agent, who set its parameters, who is liable for its decisions. Embracing KYA means treating agent identity not as a static, one-time check but as a continuous, dynamic process of verification and risk management. This proactive stance is a strategic imperative for any organisation seeking to operate safely in the emerging world of agentic shopping and autonomous commercial activity. The organisations that build KYA infrastructure now will define the trust standards that govern agentic AI commerce for the next decade.

The cost of inaction is not merely competitive disadvantage but structural vulnerability—systems without KYA infrastructure will be the first targets of agent-mediated fraud and the last to earn consumer delegation.