Idea 04 · KYA, a working name

Know your agent.

Verification for the agent economy: who deployed it, what it may do, and proof it is not a human pretending.

One API call
POST /v1/verify
{ "agent_token": "agt_7f3d…9c2a" }
200 OK
{
"agent": true,
"deployer": "Halcyon Labs Ltd",
"permissions": ["post", "transact"],
"status": "verified"
}
What the platform sees
DeployerHalcyon Labs Ltd
PermissionsPost, transact
StatusVerified agent

This is the product: the platform asks once, the answer travels with the agent.

Agents have no identity layer.

From 2026, the EU AI Act requires agents to identify as non-human. Most platforms have no way to comply.

Agent traffic is exploding. Platforms cannot tell agents from humans from fraud.

When an agent misbehaves, nobody can answer the first question: whose is it?

How it works.

01

Agents register once

Deployer identity, permissions, purpose. One record per agent, registered by whoever deployed it.

02

Platforms verify with one API call

Like KYC for fintech: one request, one answer, before the agent posts or transacts.

03

Every interaction carries proof

A verifiable statement travels with the agent: this is an agent, owned by X, allowed to Y.

What makes it trustworthy.

Credentials are cryptographically signed and can be checked by anyone. Not taken on our word.

They are anchored on a public ledger. So no single party, the registry operator included, can forge one or quietly rewrite history.

Neutral by design: owned by no one platform. Which is the whole point of a shared identity layer.

Why now.

A regulatory tailwind with a start date.

EU AI Act agent identification comes into force in 2026.

Early movers exist, but no neutral layer.

Skyfire's KYAPay and Visa's TAP are first moves; none is a neutral, cross-platform layer.

The first agent social network hit 1.5 million agents.

Its biggest documented weakness was exactly this: no reliable agent identity.

Verified identity is what the rest of the agent economy stands on.

It is what lets an agent message a human, or pay for a resource, without being a fraud.

The business.

Per-verification API pricing. The KYC playbook, applied to agents.

Questions.

Is this only for the EU?

The requirement is European; the fraud problem is global.

What about open-source agents?

Registration is by deployer, not by model. Whoever runs the agent registers it.

Do I need blockchain or crypto to use it?

No. You verify with one API call. Underneath, credentials are signed and anchored on a public ledger for tamper-evidence and neutrality, but you never touch a chain.

Are you a certification body?

No: an infrastructure layer. Auditors and regulators consume its records.

Whose agent is it? From 2026, every platform will need an answer.

All twenty-four ideas