Idea 04 · KYA, a working name
Verification for the agent economy: who deployed it, what it may do, and proof it is not a human pretending.
This is the product: the platform asks once, the answer travels with the agent.
From 2026, the EU AI Act requires agents to identify as non-human. Most platforms have no way to comply.
Agent traffic is exploding. Platforms cannot tell agents from humans from fraud.
When an agent misbehaves, nobody can answer the first question: whose is it?
Deployer identity, permissions, purpose. One record per agent, registered by whoever deployed it.
Like KYC for fintech: one request, one answer, before the agent posts or transacts.
A verifiable statement travels with the agent: this is an agent, owned by X, allowed to Y.
Credentials are cryptographically signed and can be checked by anyone. Not taken on our word.
They are anchored on a public ledger. So no single party, the registry operator included, can forge one or quietly rewrite history.
Neutral by design: owned by no one platform. Which is the whole point of a shared identity layer.
EU AI Act agent identification comes into force in 2026.
Skyfire's KYAPay and Visa's TAP are first moves; none is a neutral, cross-platform layer.
Its biggest documented weakness was exactly this: no reliable agent identity.
It is what lets an agent message a human, or pay for a resource, without being a fraud.
Per-verification API pricing. The KYC playbook, applied to agents.
The requirement is European; the fraud problem is global.
Registration is by deployer, not by model. Whoever runs the agent registers it.
No. You verify with one API call. Underneath, credentials are signed and anchored on a public ledger for tamper-evidence and neutrality, but you never touch a chain.
No: an infrastructure layer. Auditors and regulators consume its records.
Whose agent is it? From 2026, every platform will need an answer.
All twenty-four ideas