AI Agent Identity Verification, Security for Agents (KYa: Know Your Agent)

"Who Is Acting?"——An Identity Crisis in the Agentic Age

As of March 2026, the global technology industry stands at a fundamental inflection point. Large language models (LLMs) have evolved beyond "answering human questions" into "acting AI" that autonomously makes decisions, operates external systems, and negotiates with other agents. OpenAI's "Operator," Anthropic's Claude "computer use," Google's Project Mariner, and Microsoft's Copilot Agents — all of these herald the arrival of a world where AI operates the web and executes tasks as a proxy for humans.

The greatest unresolved question this evolution raises is surprisingly simple: "Who is that agent?"

Traditional cybersecurity and identity management have been built on the implicit assumption that "the operator is human." Authentication protocols such as OAuth, SAML, and OpenID Connect are designed around a flow where a human sitting in front of a browser enters a username and password and completes multi-factor authentication. AI agents, however, automate browser operations, call APIs in parallel, and delegate tasks to other agents. As PwC Japan points out, AI agents fundamentally challenge the core premise of identity management — namely, "who is acting" and "whose intent drove the action."

The number of non-human identities in enterprise environments — service accounts, API keys, bots, and automation scripts — already outnumbers human employees at ratios ranging from 50:1 to 96:1. In a January 2026 report, a16z crypto's Sean Neville (co-founder of Circle and CEO of Catena Labs) described these non-human identities as "unbanked ghosts," asserting that "just as humans need a credit score to obtain a loan, agents will need cryptographically signed credentials to conduct transactions."

Research from Strata Identity puts hard numbers behind the severity of this crisis. While 80% of enterprises report unexpected behavior from AI agents, only 22% of organizations treat AI agents as independent, identity-bearing entities. The remaining 78% authenticate agents using existing service accounts or shared API keys — a practice that implies a lack of audit trails, excessive privilege grants, and an absence of accountability.

KYa — Applying Financial Regulatory Philosophy to AI Agents

KYa (Know Your Agent) is a concept that extends the philosophy of KYC (Know Your Customer)—practiced in the financial industry for decades—into the realm of AI agents. While KYC verifies a customer's identity through government-issued identification and biometric authentication, KYa verifies an AI agent's identity through cryptographic credentials, code attestation, and binding to the human or organization serving as its "principal" (delegating party).

On January 29, 2026, Sumsub (a global verification platform company) published a formal definition of KYa. According to this definition, KYa is "a risk-based approach that establishes the identity of AI agents, binds them to accountable parties (humans or organizations), and enforces policies, oversight, and auditability across all autonomous actions."

Sumsub CTO Vyacheslav Zholudev sounded the alarm, stating that "AI agents are rapidly becoming the backbone of digital operations, yet most of today's systems still treat agents as opaque, unaccountable black boxes." The company announced "agent-to-human binding"—a mechanism for binding AI agents to verified human identities—and presented a framework for attributing agents' actions in financial transactions to human accountability.

The contrast between KYC and KYa can be summarized in the following table.

This concept is not merely abstract theory. Gartner predicts that "by 2028, 25% of enterprise security breaches will be attributable to misuse of AI agents," making the absence of KYa not just a compliance risk but an existential security threat.

The Battle for Industry Standards — A2A, MCP, AAIF, and IETF

The standardization race surrounding agent identity and interoperability accelerated dramatically in the second half of 2025. Multiple protocols and initiatives are now running in parallel, and understanding the full picture is key to making investment decisions in this space.

Google's Agent-to-Agent Protocol (A2A) was announced in April 2025 and garnered support from more than 50 technology partners. Built on existing web standards — HTTP, SSE (Server-Sent Events), and JSON-RPC — it provides a framework for inter-agent capability discovery (Agent Card), task delegation, and authentication. On the security front, it ships with built-in authentication mechanisms incorporating JWT (JSON Web Token) and OIDC (OpenID Connect), and is designed with privacy in mind so that agents can interact without sharing internal memory, tools, or proprietary logic.

Anthropic's Model Context Protocol (MCP) was announced in November 2024, with major specification revisions in June and November 2025. It positions MCP servers as OAuth 2.0 resource servers and adopts an OAuth 2.1-compliant authentication flow. Security mechanisms include resource parameter binding per RFC 8707, PKCE (Proof Key for Code Exchange), and redirect URI validation. However, implementation-level security remains a work in progress — in 2025, a browser-based remote code execution vulnerability (CVE-2025-49596) was discovered in MCP Inspector.

On December 9, 2025, the Agentic AI Foundation (AAIF) was established under the Linux Foundation as a unified organization to advance interoperability among these protocols. Founding projects transferred in include Anthropic's MCP, Block's Goose, and OpenAI's AGENTS.md. Platinum members include AWS, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft, and OpenAI, while the 36+ gold members include Cisco, Datadog, Docker, IBM, JetBrains, Okta, Oracle, Salesforce, SAP, Shopify, Snowflake, JPMorgan Chase, and American Express. Participating organizations — including silver members — number more than 146, with an additional 97 organizations having since joined. TechCrunch reported that "OpenAI, Anthropic, and Block join Linux Foundation's push to standardize the agentic era," framing the move as an important signal that the AI industry is avoiding fragmentation.

The IETF has also seen multiple drafts submitted specifically addressing agent authentication. Most notable is AAuth (Agentic Authorization) (draft-rosenberg-oauth-aauth-00), which extends OAuth 2.1 to define a protocol for AI agents to obtain access tokens. What makes this draft groundbreaking is that it explicitly incorporates into its threat model both impersonation attacks arising from LLM "hallucinations" and the anti-pattern of overly permissive "god-like tokens."

Additionally, the Agent Name Service (ANS), proposed by OWASP members, is a DNS-inspired agent discovery mechanism that provides verifiable identity via PKI certificates. GoDaddy has already begun building an ANS registry, aiming to provide DNS-like infrastructure for the agentic AI marketplace.

NIST's Launch — Federal Standards Accelerate the Institutionalization of KYa

On February 17, 2026, the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce officially launched the AI Agent Standardization Initiative. Led by the Center for AI Standards and Innovation (CAISI) within NIST, this initiative is built on three pillars: first, industry-led agent standards development; second, community-driven open-source protocol development; and third, research into AI agent security and identity.

The simultaneously announced National Cybersecurity Center of Excellence (NCCoE) concept paper, "Accelerating the Adoption of Software and AI Agent Identity and Authorization," provides technical guidance for adapting existing identity standards—such as OAuth, OpenID Connect, SCIM (System for Cross-domain Identity Management), SPIFFE/SPIRE (Secure Production Identity Framework for Everyone), and NGAC (Next-Generation Access Control)—to the context of AI agents.

The public comment deadline for the RFI (Request for Information) on AI agent security is set for March 9, 2026, and the response deadline for the concept paper is April 2. Listening sessions are scheduled to begin in April. NIST's move is likely to mark a watershed moment in which KYa is elevated from "industry best practice" to "federal standard."

OpenID Foundation and Stanford — The Theoretical Foundation of Agent Identity as Envisioned by Academia

In October 2025, the OpenID Foundation published a landmark white paper titled "Identity Management for Agentic AI." Co-authored with Stanford University's Loyal Agents Initiative and the AI Identity Management Community Group, this paper systematically analyzes how current authentication protocols are ill-suited for the agentic era.

There are two core findings. First, OAuth and OIDC were designed with individual user authentication in mind, and no common protocol exists to support shared agents in group contexts. Second, agents that directly operate browsers and computers bypass all conventional API-based authorization mechanisms. The latter is particularly serious: for agents such as Anthropic's Claude computer use and OpenAI's Operator, which directly control a mouse and keyboard within a browser, existing OAuth/SAML flows are effectively powerless.

From academia, several significant papers have been published, including a proposal for a zero-trust identity framework using Decentralized Identifiers (DID) and Verifiable Credentials (VC) (arXiv:2505.19301), and an architecture for ensuring agent trustworthiness in cloud-native environments (arXiv:2512.05951).

These academic foundations suggest that agent authentication cannot be addressed through mere "extensions" of existing IAM (Identity and Access Management), and that a fundamentally new paradigm is required. ISACA has stated explicitly that "traditional IAM does not work for agentic AI," concluding that frameworks designed for deterministic digital environments are not suited to the non-deterministic behavior of AI agents.

Agent ID Platform — The Players Shaping the Market

KYa/Agent ID market has seen a rapid convergence of players since the second half of 2025.

Microsoft Entra Agent ID was announced in May 2025, with its public preview expanding at Ignite 2025. It extends the Microsoft Entra identity platform to AI agents, treating them as "first-class identity-bearing entities." Its design — which applies conditional access, zero-trust principles, and large-scale identity governance to agents — positions it for natural adoption as an extension of the existing Azure AD/Entra ID user base.

CyberArk made its AI agent-specific identity security solution generally available (GA) in December 2025. Claiming to be the first in the industry, the solution specializes in privileged control for agents. CyberArk VP Shay Saffer stated: "The security of AI agents does not exist in isolation. It becomes part of a broader security platform with identity, access, and privilege as foundational controls."

Okta announced "Auth for GenAI / Okta for AI Agents," scheduled for GA on April 30, 2026. It provides a blueprint for a secure agentic enterprise, integrating agent authentication and authorization flows into Okta's existing platform.

Persona raised $200 million in a May 2025 Series D led by Founders Fund and Ribbit Capital, reaching a $2 billion valuation. The company has explicitly made it a strategic priority to adapt its identity verification platform for the "agentic AI world."

Veza was acquired by ServiceNow for approximately $1 billion in 2025, following a $108 million Series D led by NEA. ServiceNow invested $11.6 billion in security-related acquisitions in 2025 alone, with the Veza acquisition positioned as a strategic move to embed agentic AI identity security into its platform.

Strata Identity is a pioneer in "agentic identity" recognized by Gartner as a sample vendor, and advocates for ARIA (Agent Relationship-based Identity & Authorization) — a framework that records all delegations as cryptographically verifiable relationships on a graph.

Entrants from the blockchain space continue to emerge as well. ERC-8004, deployed to the Ethereum mainnet on January 29, 2026, is an Ethereum standard defining Trustless Agents — a framework for identity, reputation, and verification via an on-chain registry. t54 Labs, backed by a $5 million seed round from Ripple, Franklin Templeton, and Anagram, is building a "trust layer for agentic finance" on the XRPL, Solana, and Base chains.

The Investment and Governance Gap——88% of Incidents and 22% of Preparedness

Investment capital flows tell a clear story about the urgency of this space. The AI security startup ecosystem has seen $8.5 billion invested across 175 companies over the past 24 months, with $990 million of that concentrated in just 6 companies in the IAM (Identity and Access Management) sector alone. The overall AI agent market is projected to expand from $7.84 billion in 2025 to $52.62 billion in 2030, at a compound annual growth rate of 46.3%.

However, there is a serious gap between investment and reality. While 88% of organizations report suspected or confirmed security incidents related to AI agents, only 22% treat agents as independent identity-bearing entities. Even more strikingly, 93% of the 30 agent projects surveyed (28 projects) rely solely on environment variable API keys, and 45.6% use shared API keys for inter-agent authentication.

A survey conducted by Lightspeed Venture Partners of 200 CISOs (at companies with annual revenues of $500 million or more) confirms that the intersection of AI and cybersecurity is the top security investment priority for 2026. Their Cyber60 2025–2026 list highlights BlinkOps (agentic security automation), ConductorOne (multi-agent identity security), and Zafran (agentic vulnerability remediation).

Greylock Partners is also actively investing in agentic systems, with portfolio bets including Adept, Axiamatic, and Netic AI (autonomous task completion), as well as Abnormal, Cogent, and 7AI (AI-driven threat detection).

EU AI Act — Article 50 Turns KYa into a Legal Obligation

The EU AI Act has been phased in since 2024, with prohibited AI practices already applicable from February 2, 2025, and general-purpose AI model obligations from August 2, 2025. Article 50 (Transparency Obligations), which will be fully applicable on August 2, 2026, represents the decisive provision that transforms KYa into a legal requirement.

Article 50 mandates the following: First, disclosure of AI interactions — explicitly informing users when they are interacting with AI. Second, labeling of synthetic content — identifying AI-generated content. Third, an obligation to identify deepfakes. To satisfy these requirements, all AI actions must be linked to authenticated, authorized users through IAM (Identity and Access Management).

Furthermore, organizations are required to maintain signed logs that link model outputs to source materials, model versions, and applied policies. This means complete traceability of agent behavior — a requirement that is extremely difficult to achieve without a KYa framework.

In Japan, movement has begun as well. PwC Japan published "Identity in the Age of AI Agents: New Risks and Responses Created by 'Acting AI'," highlighting how AI agents fundamentally overturn the assumptions underlying identity management. The Information-technology Promotion Agency (IPA) has established a new AI red-teaming class at its 2026 Security Camp, incorporating threats from LLMs and multi-agent systems into the educational curriculum. LAC featured "The Arrival of the AI Agent Era and Countermeasures" as a key theme in its RSA Conference 2025 report.

RSA Conference and Davos——Convergence of Global Discourse

RSA Conference 2025 (San Francisco, May 2025) drew a record-breaking approximately 44,000 attendees and over 650 exhibitors, with agentic AI, governance, and identity emerging as the dominant themes. At RSAC 2026, scheduled for March 23–26, 2026, agentic AI will again take center stage, with discussions spanning 29 tracks and two keynote stages.

At the World Economic Forum's Davos conference in January 2026, the tone of conversation shifted significantly. The focus was no longer on the "potential" of AI agents, but on "runtime governance" of multi-agent systems. Credo AI, an AI ethics platform, conveyed the message at Davos 2026 that this would be "the year trusted AI becomes an engine of growth," while the WEF proposed a two-tier governance model — a shared global "constitutional core" alongside "local overlays" for individual jurisdictions. The WEF's 2025 report revealed that 82% of executives plan to adopt agents within one to three years.

VC Cafe has declared in its 2026 predictions: "If 2025 was the year of the chatbot, 2026 is the year of the 'agent employee.' The products that win will be those that own the identity, permissions, and action layers."

The Geopolitics of the Agentic Web — Who Controls the Infrastructure of Trust

The agentic web—a future web where AI agents autonomously browse the internet as proxies for humans—requires identity and trust infrastructure that will play a foundational role comparable to what DNS, SSL certificates, and domain registrars once did.

The Agent Name Service (ANS) proposed by OWASP envisions precisely this context: a "DNS for agents." It is a global registry that uniquely identifies agents, verifies their identity with PKI certificates, and enables discovery of capabilities and permissions. It is no coincidence that GoDaddy has begun building an ANS registry—for GoDaddy, which has operated internet trust infrastructure as a domain registrar for decades, an agent name registry is a natural extension.

Who controls this "trust infrastructure" is a geopolitically critical question. Google and Microsoft participate in AAIF, NIST drives federal standardization, and the EU imposes legal requirements through the AI Act. China is building its own AI governance framework. Japan, through RSA Conference analysis and IPA security education, is advancing its adaptation to international standards.

The entity that sets the standards for agent authentication will, in effect, write the rules of the agentic economy. AAIF and NIST are attempting to assume the role that ICANN, IETF, and W3C played in the early days of the internet. The outcome will determine the structure of the technology industry for the next decade.

Impact on the Industry

The rise of KYa (Know Your Agent) will bring the following structural changes to the technology industry.

First, agent identity becomes a new platform layer. Just as cloud computing once gave rise to IaaS/PaaS/SaaS layers, agent identity, authentication, and authorization will form an independent market category. Based on Gartner's projections, as B2B transactions mediated by agents reach $15 trillion by 2028, the KYa framework will apply to every one of those transactions. The market size of this infrastructure layer is expected to far exceed today's $24 billion IAM market.

Second, the competitive landscape among security vendors will be redrawn. CyberArk is taking an early lead in agent privilege control, Okta is integrating agent authentication into its platform, and Microsoft is locking in its ecosystem with Entra Agent ID. Meanwhile, startups such as Persona, Sumsub, Strata Identity, and t54 Labs are capturing niches that the major players cannot fully cover—agent-to-human binding, decentralized identity, and blockchain-based trust. M&A activity will intensify: ServiceNow's $1 billion acquisition of Veza is only the beginning.

Third, enterprise security architecture will be forced to redesign. Companies deploying agents must integrate "agent-specific identity lifecycle management" into their existing IAM frameworks. This is not an extension of service accounts—it is a new architecture encompassing conditional access, real-time behavioral monitoring, and cryptographic audit trails. Gartner's prediction that "more than 40% of agentic AI projects will be cancelled by 2027 due to inadequate governance" reflects the severity of this architectural challenge.

Fourth, the regulatory environment will mandate KYa adoption. The full application of Article 50 of the EU AI Act in August 2026 will require all companies operating in Europe to ensure traceability of agent behavior. NIST's standardization initiative may effectively make KYa compliance a requirement for U.S. federal government procurement. Regulatory pressure is shifting the question from "whether to do it" to "by when."

Fifth, demand for new talent will explode. Agent authentication architects, agentic security engineers, AI governance specialists, and cryptographic identity designers—roles that barely existed in 2025—will become the most supply-constrained cybersecurity positions by 2027.

KYa is the opening shot in a platform war over the infrastructure layer of the AI agent economy. While the financial industry took decades to institutionalize KYC, as a16z's Neville points out, the AI industry has "only months" to build KYa. This time pressure is simultaneously driving standardization competition, concentration of investment, and accelerating M&A activity.

---

References: a16z crypto, "AI in 2026: 3 trends" (January 2026); NIST, "AI Agent Standards Initiative" (February 2026); NIST NCCoE, "Accelerating the Adoption of Software and AI Agent Identity and Authorization" (February 2026); OpenID Foundation, "Identity Management for Agentic AI" (October 2025); Linux Foundation, "Agentic AI Foundation" (December 2025); Google Developers Blog, "A2A: A New Era of Agent Interoperability" (April 2025); Anthropic, "Model Context Protocol Specification 2025-11-25"; IETF, "draft-rosenberg-oauth-aauth-00: AAuth"; OWASP, "Agent Name Service (ANS)" IETF Draft; Sumsub, "Know Your Agent Framework" (January 2026); CyberArk, "Secure AI Agents Solution" (December 2025); Okta, "Auth for GenAI" (2026); Microsoft, "Entra Agent ID" (2025); Persona Series D Announcement (May 2025); Strata Identity, "ARIA Framework"; Gartner Predictions on AI Agents (2025–2026); PwC Japan, "Identity in the Age of AI Agents"; IPA, "Security Camp 2026"; LAC, "RSA Conference 2025 Report"; World Economic Forum, "AI Governance Framework" (2025–2026); Credo AI, "Davos 2026 Report"; CIO.com, "Know Your Agent: The New Frontier"; Crunchbase, "Identity Security Startup Funding Report"; arXiv:2505.19301, "Zero-Trust Identity Framework for Agentic AI"; ERC-8004 Ethereum Standard (January 2026)