From KYC to KYA, Is It Time to Give AI Agents Their Own 'ID Cards'?

Authored by: Tiger Research

Compiled by: AididiaoJP, Foresight News

The era of AI agents is accelerating, and alongside it, concerns about the uncontrolled creation and behavior of agents are growing. Know Your Agent (KYA) systems, which assign identities to agents and regulate their behavior, are receiving increasing attention. Why is a KYA identity infrastructure needed? Which companies are building it?

Summary

• AI agents have entered an era of autonomously executing contracts, payments, and transactions, but there are currently no shared standards to verify "who this agent is." In Agent-to-Agent (A2A) scenarios, KYA is gaining more focus than KYC.
• KYA is not needed in all scenarios. Within centralized platforms (Google, OpenAI, Coinbase), existing KYC is sufficient. Where KYA truly becomes important is in scenarios where independently deployed autonomous agents interact with DEXs, A2A payments, and merchant payments.
• The KYA standards race has begun:
• ERC-8004: Issues AgentIDs on top of NFTs, building an on-chain system for identity, reputation, and verification.
• Visa TAP: Visa issues identity credentials for agents, verified through TAP's triple signature (legitimacy, delegator, payment method).
• Trulioo: Adopts the SSL CA model, with DPAs issuing DAPs.
• Sumsub: Layers a KYA system on top of its own compliance system.

Regulatory action has begun at the national level. The EU's AI Act requires high-risk AI system behavior logs to include operator identity. The US NIST has listed agent identity management as a priority standard area. Singapore has released the world's first national-level AI agent governance framework. Just as the 2019 FATF Travel Rule determined which crypto exchanges survived, whether one possesses KYA infrastructure will determine who enters the next market cycle.

Why is KYA Emerging Now?

KYC: The Layer That Reshaped Finance

• Before 1989, global finance lacked a unified identity standard. This gap made it difficult to track drug money and illicit funds.
• After the FATF was founded in 1989, KYC became a mandatory requirement in finance, blocking illicit funds at the entry point.

Without Agent Identity, Systems Regress

• AI agents execute contracts, payments, and transactions without human involvement, but currently, it's impossible to verify "who it is."
• In A2A environments, accountability becomes blurred, dispute risks increase, and users are exposed to fraud patterns like money laundering.

The Role and Response of KYA (Know Your Agent)

• KYA (Know Your Agent) is a trust layer that pre-verifies an agent's origin, permissions, and accountability framework.
• Unverified agents bring three major risks simultaneously: unauthorized transactions, fraud, and accountability gaps.

The Manifestation of KYA's Necessity

KYA is Needed at Every Level

• Within centralized platforms, user KYC + platform accountability is sufficient. In interoperable scenarios outside platforms, KYA becomes crucial for verifying an agent's specific actions and safety.
• Within a country (inside a platform), one ID (KYC) is enough to move freely. But once crossing borders (outside a platform), the environment changes, and entry review (KYA) of purpose and trust is needed.

Market Players

ERC-8004: NFT-Based Agent Identity

• ERC-8004 adds an identity layer on top of ERC-721, minting an NFT as a unique ID for each agent.
• It also adds three on-chain registries (Identity, Reputation, Validation), serving as identity, reputation board, and verification record respectively.

Two Markets Built by Ethereum Standards, a Third is Coming

• ERC-20 (Token Issuance Standard): Before standardization, every token needed brand-new code. After ERC-20, most major assets were issued on it.
• ERC-721 (NFT Standard): CryptoPunks, BAYC, ENS built the NFT market itself upon it. As blockchain integration accelerates in the agent era.
• ERC-8004 will play the same standardizing role for Agents.

Visa TAP: Authentication on the Visa Rail

Visa issues identity credentials (Agent Intent) to agents, akin to an identity card. Without a key, transactions cannot occur. Keys are issued only after Visa pre-approval. Every transaction is signed and submitted to the merchant.

The merchant receives three signatures, not one: Visa approval, delegator, payment method, all confirmed simultaneously.

Visa: A Strategy to Pull Every Transaction into the Visa Network

• Just as Visa previously captured payment rails, it is now encapsulating the agent era.
• Through Visa Intelligent Commerce (VIC), Visa offers a solution bundle that packages KYA with payments.
• If agent payments still use the card rail, and this bundle becomes the default option, then Visa's market share can remain stable even through the transition.

Trulioo: Extending KYC-Era Verification Infrastructure

• Trulioo is a compliance operator on the global KYC/KYB rail and is expanding its verification stack to KYA.
• DPAs play the role of SSL-CAs. Unlike SSL (domain only), DPAs verify developer KYB and user KYC before issuing a DAP.
• Banks and fintechs legally require human and business identity. As agents enter finance, Trulioo's KYC/KYB position will be further solidified.

DAP, an Agent's Digital Passport, Refreshed with Each Transaction

• DAP is an agent's digital passport. A DPA verifies the developer (KYB) and user (KYC), packages both into a token, and grants it to the agent.
• Unlike a paper passport, it is a live token, refreshed and re-verified with every transaction. Once delegation is revoked or anomalies are detected, the DAP is invalidated immediately.
• KYA is not a one-time verification. Trust must be reconfirmed with every transaction.

Sumsub (AI Agent Verification): Detecting Agent Anomalies

• Sumsub's approach is: whenever an agent attempts an anomalous transaction, re-verify the currently active human identity.
• It leverages its verification systems from its compliance business since 2015 to detect agent anomalies more accurately.

Operators with Technology to Address New Threats of the AI Era

• Other KYA players focus on one-time pre-transaction identity verification. Sumsub focuses on real-time verification post-issuance.
• As agent permissions expand, anomaly detection becomes crucial; as fraud scales with technology, Sumsub's real-time verification stack gains attention.

Proactive Regulatory Positioning, Shaping Entry Rules

The Gap Caused by the FATF Travel Rule May Recur with KYA

After the 2019 FATF Travel Rule, VASPs diverged based on their ability to bear KYC/AML infrastructure costs. Peers like CryptoBridge and Deribit, unable to afford it, either shut down or moved to less regulated regions.

The EU, Singapore, and the US are already vying for leadership. KYA will become a core layer of the agent era.

KYA Will Differentiate by Market Segment, Not a Single Winner

The real variable in the standards race is not technology, but combinations. Mainstream players have entered the collaboration and combination phase. In the future, who pairs with which merchants, payment networks, and KYC customer bases will determine the leader in each segment.

The market will not have a single winner; it will differentiate by market segment.