The Problem
Today’s AI agent ecosystem faces critical identity challenges:- No shared agent identity model - Platforms have no common way to confirm which verified person or business an agent represents, whether that identity was checked elsewhere, or what to do when the agent crosses ecosystems.
- Payment protocols assume identity - Emerging agentic commerce protocols (Stripe ACP, Google AP2, Coinbase x402, Visa TAP) assume an agent identity layer exists but don’t standardize it.
- KYA (Know Your Agent) gaps mirror KYC/KYB - Just as financial systems need Know Your Customer and Know Your Business, we need Know Your Agent (KYA) for accountability, revocation, and auditability of non-human actors. KYA enables agent identity verification and agent authentication for AI systems.
The Solution: FACT
FACT is a portable credential that binds four essential elements:- Verified Principal - The person or organization behind the agent (with KYC/KYB verification)
- Agent Instance - The specific agent, tied to stable cryptographic material
- Principal-Agent Relationship - A verifiable link without baking in permissions
- Provenance Metadata - Issuance, refresh, and lifecycle tracking
How FACT Works
FACT credentials consist of four layers:1. Identity Layer
Verified principal attributes including:- KYC/KYB verification results
- Entity type (individual, organization)
- Jurisdiction and registration data
- Risk screening (sanctions, PEP, adverse media)
2. Agent Binding Layer
Cryptographic binding between principal and agent:- Agent cryptographic identity (DID)
- Code fingerprint (SHA256 of agent codebase)
- Technical profile (model, architecture, deployment)
- Tool capabilities and risk levels
3. Identity Delegation Metadata
Assertion that the agent carries the principal’s verified identity:- Developer credential link
- Verification level and assurance
- Validity period
- Status checking endpoint
4. Risk and Provenance Layer
Optional signals for policy decisions:- Safety scores (harm refusal, prompt injection, PII leakage)
- Lifecycle events (creation, rotation, suspension, revocation)
- Compliance certifications (HIPAA, SOC2, ISO 27001)
- Data handling policies
Use Cases
Agent-Initiated Checkout
- User or business completes KYC/KYB once with an issuer
- Issuer binds the agent and issues a FACT credential
- At checkout, the agent presents its FACT
- Payment platform verifies issuer, cryptography, and optional risk scores
- When policy passes, platform skips redundant challenges while maintaining an auditable link to a certified agent
Agent-Initiated On-Ramp or Account Action
- Agent presents a FACT when funding accounts or triggering account changes across providers
- Providers verify the FACT and apply local controls (jurisdiction, instrument risk, data categories)
- Avoid repeated onboarding for returning agents
- Support high-frequency, autonomous transactions with revocation and auditability
Cross-Platform Agent Marketplace
- Agent developer obtains DeveloperCredential with tier 2 KYB
- Each agent receives an AgentCredential with safety evaluation
- Multiple marketplaces accept the same credentials
- Users trust agents based on standardized verification, not platform reputation alone
Why Standardize?
Aligns with Industry and Research
- Complements OpenID Foundation work on identity management for agentic AI
- Addresses KYA (Know Your Agent) frameworks from Trulioo, Skyfire, and Captain Compliance
- Fills the identity layer gap in agentic payment protocols (ACP, AP2, x402, TAP)
Federated, Multi-Stakeholder Model
- No single gatekeeper - Any compliant issuer can participate
- Relying parties keep control - Choose which issuers to trust, set your own policies
- Open standards - Built on W3C Verifiable Credentials, DIDs, and JOSE
Regulatory Alignment
- Supports emerging AI governance requirements (NIST AI RMF, EU AI Act)
- Provides audit trail for AI agent actions
- Enables revocation when agents are compromised or violate policies
- Tracks data handling and compliance certifications
FACT vs. Other Approaches
| Approach | Federated | Portable | Cryptographic | Revocable | Standards-Based |
|---|---|---|---|---|---|
| FACT | ✓ | ✓ | ✓ | ✓ | ✓ (W3C VC, DIDs) |
| Platform-specific IDs | ✗ | ✗ | Varies | ✓ | ✗ |
| OAuth for agents | ✗ | ✓ | ✓ | ✓ | ✓ (OAuth 2.0) |
| API keys | ✗ | ✗ | ✗ | ✓ | ✗ |
| DIDs alone | ✓ | ✓ | ✓ | ✗ | ✓ (W3C DIDs) |
Next Steps
Core Concepts
Learn about VCs, DIDs, trust chains, and key terminology
Quickstart
Issue and verify your first credential
DeveloperCredential
Deep dive into developer identity verification
References
Industry Standards
- OpenID Foundation - Identity Management for Agentic AI (2025)
- W3C Verifiable Credentials Data Model 2.0
- W3C Decentralized Identifiers (DIDs) v1.0
KYA Research
- Trulioo - Know Your Agent (KYA) white paper
- Captain Compliance - KYA: Know Your AI Agent (2025)
- Skyfire - Know Your Agent (2024)
- D. Greenwood - AI Agent ID (2025)
Agentic Commerce Protocols
- OpenAI Developers - Agentic Commerce Protocol (ACP)
- Stripe - Developing an open standard for agentic commerce (2025)
- x402 - The Payment Protocol for Agentic Commerce (2025)
- Visa - Trusted Agent Protocol announcement (2025)
- Orium - Agentic Payments Explained: ACP, AP2, and x402 (2025)
Analysis and Commentary
- Consumer Reports and Stanford Digital Economy Lab - The Race to Standardize Agentic Commerce (2025)
- OnFinality - What is x402? (2025)