What is Know Your Agent (KYA) and why autonomous AI agents need verifiable machine identity for compliance, delegation, and trust.
Know Your Agent (KYA) is the compliance framework for verifying AI agent identity, capabilities, and authorization before permitting autonomous agent interactions.
DeAgenticAI’s Agentic Control Plane enforces cryptographic policy over AI agent authority — separating what an agent can do from what it is authorized to do — in Web3 and enterprise financial environments. This separation is the technical foundation of KYA: a structured methodology for verifying an agent’s identity, scoping its authorization, and monitoring its behavior continuously.
Financial institutions have a century of practice verifying human identity through Know Your Customer (KYC) processes. When an autonomous AI agent attempts to execute a financial transaction, interact with your API, or manage assets on behalf of a client, KYC does not apply. The agent has no passport, no legal name, no address history. KYC was built for humans. KYA fills the gap.
Fireblocks secures human transactions at institutional scale. DeAgenticAI enforces policy over autonomous agent authority — a fundamentally different security model for a fundamentally different threat surface.
This article defines the KYA framework, explains its five verification dimensions, and shows how the Agentic Control Plane (ACP) implements KYA in enterprise deployments.
Know Your Customer processes verify identity through government-issued credentials, address records, and biometric data. They work because humans have legal identity anchors: passports, tax IDs, birth certificates. Regulators can trace accountability to a natural or legal person.
Autonomous AI agents have none of these anchors. When an agent attempts to interact with your systems, it presents no passport. It has no address, no birth certificate, no employment history. It may be one of dozens of instances running in parallel, spawned dynamically for a single operation and terminated afterward. It may have been authorized by a human last week and had its authorization silently expanded since then.
The result is an identity gap that existing compliance frameworks cannot close. KYC-based onboarding flows reject agents because they cannot complete identity questionnaires. Static API keys authenticate the infrastructure, not the agent. OAuth tokens scope resource access but say nothing about whether the agent’s behavior matches its declared purpose.
Three failure modes characterize the current state:
KYA addresses all three failure modes through a five-dimension verification framework that operates continuously, not only at onboarding.
Know Your Agent (KYA) is an identity and compliance framework that defines how organizations should verify the identity, capabilities, authorization scope, behavioral history, and revocation status of an autonomous AI agent before and during interactions.
KYA is not a single check. It is a continuous verification lifecycle that mirrors the spirit of KYC — establish identity, define authorized scope, monitor ongoing behavior — but designed from the ground up for machine principals rather than human account holders.
Where KYC asks: who is this person and are they who they claim to be?
KYA asks: what is this agent, what is it authorized to do, and is it acting within those bounds?
The KYA framework has five verification dimensions:
Each dimension maps directly to a layer in DeAgenticAI’s ACP. KYA is not bolted onto the ACP — it is a property of how the ACP was designed.
The foundation of KYA is a cryptographically verifiable identifier. DeAgenticAI anchors agent identity to the W3C Decentralized Identifier standard, providing a globally resolvable, tamper-evident identifier that does not depend on any central authority. An agent’s DID is generated at registration and bound to its key material. Any counterparty can resolve the DID to retrieve the agent’s DID Document and verify its cryptographic assertions without contacting DeAgenticAI’s servers. This is the KYA equivalent of a passport: globally resolvable, cryptographically signed, independently verifiable.
Identity alone is insufficient. A counterparty also needs to know what the agent is designed to do. DeAgenticAI generates an A2A-compatible Agent Card for each registered agent. The Agent Card declares the agent’s identity, capabilities, supported protocols, authentication requirements, and service endpoints. Agent Cards are the KYA equivalent of a professional license: they declare not just who the agent is but what it is qualified and permitted to do. A counterparty can inspect an Agent Card before accepting a delegation request and reject agents whose declared capabilities do not match the intended operation.
Capability declaration tells a counterparty what an agent can do. Authorization scope tells it what the agent is currently permitted to do. DeAgenticAI expresses authorization as Verifiable Credentials cryptographically bound to the agent’s DID. These credentials are evaluated against a Policy DSL that is deterministic, composable, machine-verifiable, auditable, and human-readable. Policies are organized in a hierarchy — DAO, team, agent — with the most restrictive constraint at any level taking precedence. Authorization scope is not static: it can be expanded or contracted by governance without reissuing credentials.
Authorization scope describes what an agent is permitted to do. Behavioral history describes what it has actually done. DeAgenticAI’s fraud detection layer maintains a behavioral baseline across six dimensions: asset allocation, counterparty frequency and diversity, protocol interaction clusters, transaction velocity, gas fee behavior, and deviation from declared strategy parameters.
This baseline is the KYA equivalent of a transaction history review in traditional KYC. An agent that has consistently operated within narrow parameters and suddenly requests broad multi-protocol access triggers a behavioral anomaly flag, regardless of whether its current credentials are technically valid. Deviation thresholds are governed by the same Policy DSL used for authorization scope.
The fraud detection layer operates a graduated escalation model: autonomous execution for routine operations, elevated threshold review for unusual requests, guardian or DAO vote for high-risk operations, and automatic rejection with incident report for operations that exceed all defined limits.
Credentials issued at onboarding become stale. An agent’s authorization may be revoked because its operator’s permissions changed, because a security incident was detected, or because its behavioral history triggered a risk threshold. KYA requires that revocation status be checked at every interaction, not only at initial onboarding.
DeAgenticAI checks live Verifiable Credential status before each signing operation. A revoked credential blocks the operation regardless of other verification results. This is the KYA equivalent of real-time sanction screening rather than a one-time background check at account opening.
The five KYA dimensions map directly to ACP layers:
Identity (D1) → Layer 1 (Agent Identity Registry): W3C DID generation and ERC-8004 on-chain registration.
Capabilities (D2) → Layer 1 (Agent Identity Registry): A2A Agent Card generated and published per registered agent.
Authorization Scope (D3) → Layer 3 (Policy Engine): Policy DSL evaluation with Verifiable Credential binding.
Behavioral History (D4) → Layer 4 (Fraud Detection): Six-dimension baseline with graduated escalation.
Revocation Status (D5) → Layers 2 and runtime: Live VC status checked before each signing operation.
For an enterprise deploying the ACP, implementing KYA means:
KYA compliance is an architectural property of the ACP, not a post-deployment audit exercise.
What is the difference between KYC and KYA?
Know Your Customer (KYC) is a regulatory framework for verifying human account holders using government-issued credentials, address records, and biometric data. Know Your Agent (KYA) is the equivalent framework for autonomous AI agents. KYA cannot use the same mechanisms as KYC because AI agents have no legal identity anchors. KYA instead uses cryptographic identifiers (W3C DIDs), declared capability records (Agent Cards), policy-bound authorization credentials (Verifiable Credentials), and continuous behavioral history monitoring to verify and govern agents throughout their operational lifecycle.
What are the five dimensions of a KYA verification?
The KYA framework verifies agents across five dimensions: (1) Identity — a globally resolvable W3C DID cryptographically anchored to the agent’s key material; (2) Capabilities — an A2A-compatible Agent Card declaring what the agent is designed to do; (3) Authorization Scope — Verifiable Credentials bound to the agent’s DID and evaluated against a Policy DSL; (4) Behavioral History — a continuously maintained baseline evaluated for anomalies across six dimensions; (5) Revocation Status — live credential status checked at every interaction.
How does the ACP implement KYA for enterprise AI agent deployments?
The ACP implements all five KYA dimensions across its identity, policy, and fraud detection layers. Layer 1 handles DID registration and Agent Card generation. Layer 3 evaluates authorization credentials against hierarchical policy rules. Layer 4 maintains the behavioral baseline and applies graduated escalation for anomalous requests. Every verification event is recorded in the hash-chained audit trail, producing tamper-evident compliance evidence for regulatory reporting and incident investigation.
DeAgenticAI’s Agentic Control Plane gives your autonomous agents cryptographically verifiable identity, policy-governed authorization, and continuous behavioral monitoring — all five KYA dimensions enforced at the infrastructure level.
Read the technical whitepaper to see how each ACP layer maps to a KYA verification requirement — or contact us to discuss your enterprise agent deployment.
Know Your Agent is an identity verification framework for autonomous AI agents. It establishes verifiable machine identity using W3C DIDs and A2A Agent Cards so that agents can be identified, authorized, and held accountable in regulated environments.
KYC verifies human identity through documents and biometrics. KYA verifies machine identity through cryptographic credentials — W3C DIDs, capability certificates, and behavioral attestations. KYA addresses the five dimensions of agent identity: provenance, authorization scope, behavioral bounds, delegation chain, and revocation status.
No. KYA extends existing compliance infrastructure to cover autonomous agents. The deploying organization's KYC record remains the legal anchor. KYA adds the machine identity layer that links each agent's actions to that organizational accountability chain.
Our early access is invite-only. Join the design partner waitlist to track DeAgenticAI's progress and shape governed autonomous execution with our team. No marketing fluff-just infrastructure updates.
By joining, you agree to receive updates about our platform. No spam, ever.