Identity & Trust

Know Your Agent.

AI agents hold wallets. They sign transactions. They operate autonomously across payment rails. The compliance question has changed: not just "who is this customer" — but "who authorized this machine, what are its limits, and how does it prove its principal's identity?"

Framework

Four components of a KYA credential.

A KYA credential is not a single record. It is a layered structure that answers four distinct compliance questions. Each component is independently verifiable — and the chain from principal to action is auditable without contacting the issuer.

01 — Principal

Who authorized the agent?

A legal person — individual or entity — anchored to KYC/KYB infrastructure. Government ID, LEI, or EIN. The principal is always a human or institution; the agent derives authority from them.

02 — Delegation

How deep does the chain go?

A cryptographic chain of signed authorizations. Each link specifies: who delegated, to whom, what permissions, what limits, when it expires. Verifiable by any counterparty without contacting the principal.

03 — Capability

What are the agent's boundaries?

Spending limits (per-transaction, daily, cumulative), permitted asset types, permitted counterparties, permitted action types, temporal bounds. Encoded as machine-readable claims — not just policy documents.

04 — Revocation

How fast can authority be killed?

Real-time revocation registries. Short-lived credentials with refresh requirements. Hierarchical revocation: revoking a parent revokes all children. Compromise response measured in seconds, not days.

Why now

The regulatory clock is running.

KYA is not speculative. Three overlapping regulatory frameworks are creating enforceable obligations for agent identity within the next 18 months.

Aug 2, 2026

EU AI Act — High-risk system provisions become applicable. Autonomous agents operating in financial services fall within scope. Traceability and human oversight requirements demand credential infrastructure.

2026

GENIUS Act (US) — Stablecoin issuance framework includes provisions on authorized agent access. Permitted Payment Stablecoin Issuers must define how machine principals are identified within their systems.

Ongoing

FATF Travel Rule — Requires originator and beneficiary data on transactions above threshold. When both parties are machines, the Travel Rule needs machine-readable identity formats. VASP compliance intersects directly with KYA.

Live

Cloudflare Signed Agents — Edge-verifiable agent identity using ed25519 signatures. The first production KYA-adjacent infrastructure. POC 6 of the Stable402 build sequence demonstrates the x402 + Signed Agents dual-gate pattern.

The platform

Three sites. One infrastructure.

KYA is the compliance layer. Stable402 is the implementation layer. StablecoinAtlas maps them both.

StablecoinAtlas

Physical, logical, and visual diagrams of the stablecoin infrastructure layer. The transit map.

Stable402

Live x402 implementations on Cloudflare Workers. POC 6 demonstrates the Signed Agents + x402 dual-gate — the KYA reference implementation.

StableKYA

This site. KYA framework, credential architecture, regulatory calendar, ZKP compliance patterns. Building now.