Your procurement AI just issued a $50,000 purchase order. The supplier on the other end has no way to verify whether the agent was legitimate, acting within authorized limits, or impersonating your company. That's not a hypothetical. That's agentic commerce in June 2026.
We spent decades building Know Your Customer frameworks to verify who humans are in financial transactions. Now that AI agents are the transacting parties—issuing POs, routing payments, comparing vendor contracts—the identity infrastructure underneath those transactions has a gaping hole.
PYMNTS called it out directly this morning: "When a human is not the transacting party, how do we establish identity certainty?" The World Economic Forum, the IMF, and NIST are all converging on the same answer: enterprises need a Know Your Agent (KYA) framework, and they need to build it before regulators mandate it.
Here's what that means for your organization.
The Scale Problem Is Already Here
By Black Friday 2025, AI-driven traffic to U.S. retail sites had risen 805% year over year. AI agents drove over $22 billion in global online sales in that single shopping season alone. The global AI agents market was valued at $5.4 billion in 2024. It is projected to reach $236 billion by 2034—a 44x growth trajectory over ten years.
That is not a projection about what agents might do. It is a measurement of what they are already doing, in production, across retail, finance, travel, and enterprise procurement at scale.
The problem is not that agents are transacting. The problem is that they are transacting without identity credentials the other party can verify. A supplier receiving an order from your AI procurement agent has no standardized way to confirm:
- That the agent represents your organization and is not an impersonator
- That the agent is authorized to commit to the dollar amount in the purchase order
- That the agent is acting within the policy guardrails your legal team approved
- That the action can be audited, traced, and attributed to a specific human principal
This is the identity gap at the center of the agentic economy. And it is not theoretical—it is the operating reality in most enterprise deployments today.
The n8n Report's Uncomfortable Finding
Earlier this week, n8n published their 2026 AI Agent Development Tools report evaluating the security posture of every major agent platform. Their finding on identity lineage—the ability to trace an agent's actions back to a human identity—was stark.
Identity lineage is "essentially non-existent across the market." Only Google, Workato, and Gumloop scored anything at all. Secrets management was similarly thin. The report's conclusion: "Most tools don't really have a security-first mindset."
This matters because enterprise leaders are deploying agents onto platforms designed for productivity, not compliance. The agents are ready to act. The identity infrastructure needed to govern those actions is not.
KYC to KYA: Why the Analogy Works
The Know Your Customer framework was built in the 1970s during financial globalization. Banks needed a way to verify the identity of parties in cross-border transactions at a scale no human could manage manually. The answer was a structured identity and authorization protocol that became the backbone of global financial compliance.
The agentic economy needs the same thing—and the IMF said so explicitly in their April 2026 note on agentic payments.
The IMF's core argument: as AI agents shift payments from human-initiated instructions to agent-mediated decisions, traditional fraud models built on human behavioral patterns become ineffective. Agents do not behave like humans. Anomaly detection systems trained on human behavioral baselines cannot reliably flag anomalous agent behavior. The entire fraud prevention infrastructure breaks down.
The IMF's specific demands: move from KYC to Know Your Agent requirements, with mandated verifiable identities for financial bots linked to legal entities, tokenized authorization mechanisms, and cryptographic mandate frameworks that bind agent-initiated actions to verifiable scope, limits, and permitted conditions.
For your CLO and your CISO, this is the policy direction. Regulatory frameworks built around verifiable agent identity are coming. The question is whether you build the foundation now or scramble when the mandate arrives.
The 4 Capabilities Every Enterprise Needs
The World Economic Forum, drawing on work from identity infrastructure leaders, has outlined four core capabilities for a functional KYA framework. Each one maps directly to a gap that current agent platforms leave open.
1. Establish who and what the agent is. This is not just a name or a label. It requires a verifiable credential—a cryptographically signed identity that proves the agent was created, authorized, and operates under the governance of a specific legal entity. Think of it as the agent's passport. Without it, any party the agent interacts with has no basis for trusting the transaction.
2. Confirm what it is permitted to do. Authorization scope must be explicit and auditable. An agent permitted to query supplier pricing should not be permitted to issue purchase orders. An agent permitted to route invoices under $10,000 should not be permitted to authorize capital expenditures. Scope boundaries need to be encoded in the agent's authorization credentials, not assumed from its deployment context.
3. Maintain accountability for every action it takes. Every agent-initiated action should produce a verifiable record linking the action to the human principal who authorized the agent, the scope within which the action occurred, and the time of execution. This is the audit trail your CLO will require for regulated transactions. It is also the evidence chain you need if an agent-initiated transaction becomes a legal dispute.
4. Continuously monitor behavior against approved parameters. A one-time authorization is insufficient. Agents operate continuously, across sessions, across systems, and increasingly across organizational boundaries. Real-time behavioral monitoring—flagging when an agent's actions drift from its authorized scope—is the ongoing governance layer. An agent operating within bounds at deployment can be compromised, manipulated through prompt injection, or misconfigured in ways that only become visible through behavioral monitoring over time.
For technical leaders, these four capabilities translate directly to architecture decisions: identity providers, authorization frameworks, audit log infrastructure, and behavioral monitoring integrations. For business leaders, they translate to risk exposure: without these four layers, every agent-initiated transaction is an unaudited, unattributed action with limited legal standing.
NIST Is Already Moving
In February 2026, NIST launched the AI Agent Standards Initiative with a clear mandate: ensure the next generation of AI agents can function securely, interoperate, and be trusted across the digital ecosystem.
The initiative operates across three pillars. Industry-led development of agent standards—working groups that include payments companies, identity providers, and enterprise software vendors. Community-led open-source protocol development for agent interoperability. And research in AI agent security and identity, including an active NIST NCCoE concept paper on agent identity and authorization covering identification, authorization, auditing, and controls to prevent prompt injection.
NIST is also running sector-specific listening sessions on barriers to AI adoption in finance, healthcare, and education. The pattern is familiar: NIST defines the standards framework, sector regulators adopt it, enterprises comply. The timeline for binding requirements is measured in months to years, not decades.
An Open Protocol Just Launched
This past Friday, Proof launched x401, an open, issuer-neutral protocol that directly addresses the agent identity gap. The protocol provides a standardized way for any website or API to ask for and verify the identity behind an agent making a request.
The mechanics are straightforward: a service specifies what proof it requires—verified organizational affiliation, signing authority, authorized scope. The agent presents a compatible credential. The service verifies the issuer, the claim, the scope, and the specific action before proceeding.
x401 is designed to work alongside x402, the payment protocol for agentic transactions. x402 handles how an agent pays. x401 establishes who the agent is. Together, they address the two fundamental questions every agentic transaction needs to clear before it can be trusted. Circle, a core contributor to x402 and a major USDC infrastructure provider, has already co-endorsed x401.
The protocol runs on Verifiable Credentials, supports selective disclosure and zero-knowledge proofs—so an agent can prove organizational affiliation without revealing its complete identity record—and is being submitted to the FIDO Alliance's agentic authentication standards workgroup.
For enterprise CISOs evaluating agent platforms, x401 is the first open standard to watch for external agent identity verification. Platforms that adopt x401 will be able to prove agent identity to counterparties. Platforms that do not will remain in the identity gap.
What Enterprises Should Do Before Regulators Mandate It
The strategic window is open right now. Financial regulators are moving toward KYA requirements. NIST is defining the standards. Open protocols are launching. The enterprises that build KYA infrastructure before the mandate arrives will have operational advantage. Those that wait will face compliance remediation on an accelerated timeline.
For CISOs and security architects: Audit every agent deployment for identity lineage. Can you trace every agent-initiated action to a human principal and an explicit authorization scope? If not, that is your immediate gap. Evaluate agent platforms against the n8n 2026 security criteria—identity lineage, secrets management, and behavioral monitoring capabilities are the benchmarks.
For CLOs and compliance teams: Begin mapping your agent-initiated transactions to your existing authorization frameworks. Purchase orders, contracts, payments, data access—each category needs explicit agent authorization policies before a regulatory framework forces the issue. The IMF's April 2026 note on agentic payments is the clearest preview of where financial compliance requirements are heading.
For CFOs and procurement leaders: The organizations that can verify their agents' identities and authorization scopes will be trusted counterparties in agentic procurement networks. Those that cannot will face friction, manual override requirements, and potential exclusion from agentic supply chains as KYA requirements propagate through procurement platforms.
The Bottom Line
AI agents are already transacting at scale—issuing purchase orders, routing payments, negotiating contracts—with no standardized way for the counterparty to verify who sent them. The WEF, the IMF, and NIST are all converging on a Know Your Agent framework built on four capabilities: verified identity, scoped authorization, accountability for every action, and continuous behavioral monitoring.
The KYA analogy to KYC is not just descriptive. It is predictive. KYC went from voluntary best practice to regulatory mandate in financial services. KYA is on the same trajectory—and the open protocols to support it launched this week.
The enterprises that build KYA infrastructure now are not just getting ahead of compliance. They are building the foundation for a commercial layer where agents can transact with trust on both sides. In an agentic economy headed toward $236 billion by 2034, that foundation is a strategic asset.
