FLINT Design Partner Program: now accepting a founding cohort.Apply
Secure your AI agent in 60 seconds.
Stop AI agent takeover before it drains your wallet. You set your agent's spending limits; FLINT Sentinel watches them for tampering. The moment your agent is hijacked or its permissions are escalated, you get an instant out-of-band alert, and you can freeze it with one tap.
The passport is your agent's identity, protecting its spending limits and giving you a kill switch, all in one verifiable credential.
agentic commerce by 2030
Juniper Research
machine identities to every human
Palo Alto Networks, 2026
prompt-injection attempts, year over year
Wiz Research
eyJhbGciOiJFUzI1NiIsInBxIjoiTUwtRFNBLTY1In0.eyJwYXNzcG9ydCI6Imt5YV8wMUoiLCJ2ZXJkaWN0IjoiQUxMT1cifQ....
Why your agent needs a passport
So it is trusted
Merchants and platforms can verify your agent instead of blocking it with the bots.
So it is bounded
You set the spending rules; the agent cannot rewrite them, even if something else is steering it.
So you can pull it back
One tap freezes it everywhere FLINT is checked, and you keep signed proof of every decision.
An Agent Passport is how your agent proves who sent it and what it is allowed to do, and how you shut it down if it is hijacked.
Issue a free agent passportAccept more agents.
Stop the abuse.
Trust infrastructure for the agents that move money. Clear the good ones, stop the rest, keep the proof.
Platforms prove who issued an agent inside their own walls. FLINT proves it still behaves as issued across any domain, on every transaction. Identity is granted once, but a valid agent can be compromised, over-delegated, or pushed outside its scope, which is how cyber-enabled agentic fraud happens. FLINT verifies it across the layers that move: environment identity, authorization scope, and cross-merchant agent reputation.
What is agent commerce already costing you?
Most stores are already losing revenue to false declines, declining good customers on fraud suspicion. Agent traffic widens that gap. Move the slider to see your estimate.
Estimate using published industry rates
a year at risk
Breakdown
About $120,000 a year lost to false declines at a 2.0% rate on $6,000,000 in revenue.
Agent amplifier
And the gap widens: AI-driven retail traffic is up about 4,700% year over year and agent-referred shoppers convert roughly 42% better, so you will block more of the channel that's growing fastest.
The clock
The rules have a deadline too: GENIUS Act enforcement in 2027 and FinCEN's new effectiveness standard.
Assumptions
Published false-decline rates run about 2.6% to 5.5%. FLINT defaults to 2.0% deliberately to stay conservative.
Additional references: NoFraud, Adobe, GENIUS Act effective date, FinCEN effectiveness standard.
Give your agent a passport merchants can verify.
Connect your agent to FLINT, issue a portable identity record, and return signed proof every time it tries to pay or act.
Mint the passport
Create a reusable agent identity tied to the principal, wallet, scope, and runtime.
Check each action
Ask FLINT whether this agent can take this action, in this context, right now.
Return signed evidence
Send merchants a tamper-resistant verification record they can store with the transaction.
Feed outcomes back
Optional. Report success, refund, dispute, or abuse to sharpen the next verdict. FLINT works fully without it, and your data is never resold or rebuilt against you.
flint_passport · builder_check
{
"agent_id": "agt_61f9_invoice_bot",
"passport": "issued",
"principal": {
"id": "org_acme",
"attested": true
},
"authority": "in_scope",
"max_amount_usd": 950,
"trust_score": 92,
"verdict": "allow",
"signature": {
"alg": "ES256 + ML-DSA-65",
"verified": true
}
}You're being asked to trust machines you can't see.
The tools you have were built for humans, not for agents that act and pay on their own. We've spent our careers telling real actors from impostors. Here's our record, verified the way we verify an agent.
We render our own credibility the way we verify agents: as a signed record.
We previously built the fraud program at a digital identity unicorn credited with preventing more than $270 billion in fraud.
We have testified before Congress, including the House Ways and Means Committee, the House Small Business Committee, and the Senate Select Committee on Intelligence, on AI, biometrics, and fraud, and on strengthening the federal wire fraud, bank fraud, and computer fraud statutes, the same laws agentic fraud falls under.
Careers across U.S. federal law enforcement, the U.S. intelligence community, and the financial sector.
Verify the agent.Stop the fraud.Recover the revenue.
Trust infrastructure for the agents that act and pay in your business.
Verification record
flint_passport · final_check
What people ask before they give an AI agent a wallet.
What is agent identity verification?+
Agent identity verification confirms that an AI agent trying to act or pay is the agent it claims to be, that it carries real authority delegated by a named principal, and that the action falls within that authority, all checked before the transaction executes. FLINT performs this verification and emits a signed record of the result.
What does FLINT do?+
FLINT is trust infrastructure for the agents that move money. It verifies an agent's identity and financial authority at the moment it acts, returns a verdict, and emits a signed verification record you can keep as evidence.
What does FLINT actually verify?+
Six layers: the principal behind the agent, the agent's own identity, the provenance of its wallet, the scope of its authorization, its runtime environment, and its reputation across merchants. Together they answer one question: should this agent be allowed to take this action right now.
What is the difference between a valid agent and a valid transaction?+
An agent can be entirely real and still act outside its authority. A compromised, misconfigured, or over-delegated agent is the new fraud surface. FLINT verifies the delegation chain that flows from a principal down to the action, so a genuine agent attempting an ungranted action is caught. Most controls confirm the agent is real; FLINT confirms the action is authorized.
What is in a signed verification record, and why does the signature matter?+
Each record captures the agent, the principal, the authorized scope, the layer results, the trust score, and the verdict, signed with a hybrid scheme (ES256 plus ML-DSA-65) so it stays verifiable as quantum-capable adversaries emerge. Because it is signed, the record is tamper-evident evidence: you, an auditor, or a counterparty can later prove what was verified and what was decided.
Can a verified agent still be compromised later?+
Yes, and detecting that is the point. Because every verification is a signed record, a corrupted or drifting agent shows up as a broken signature or a changed behavioral profile on its next action. A security team can pull the records for every agent on its network and see at a glance which ones no longer verify.
How is FLINT different from device fingerprinting?+
Device fingerprinting identifies the browser, device, and session a request comes from, and it assumes a human is behind the screen. FLINT identifies the agent itself and the financial authority it carries: who delegated it, what it can spend, and whether this action is in scope. Device signal is one of our six layers, not the whole picture.
How is FLINT different from on-chain analytics?+
On-chain analytics trace funds after they move. That is forensic and backward-looking. FLINT verifies the agent's authority before money moves and produces a signed record at decision time. We sit in front of the transaction; on-chain analytics sit behind it. The two are complementary.
Is FLINT a payment rail or a wallet?+
No. FLINT is rail-agnostic and holds no funds. It verifies the agent and returns a verdict; the rails move the money. We work alongside x402, Circle, Stripe, and the card networks rather than competing with them.
Does FLINT block legitimate agents?+
No. Blunt blocking is the problem we solve. Most businesses already lose more revenue to false declines than to fraud. FLINT returns a four-state verdict (allow, step-up, review, block) so good agents pass, ambiguous ones get a check, and only the unauthorized are stopped. The goal is to recover the revenue crude rules reject.
What is AI agent takeover?+
AI agent takeover is when an attacker gains control of an AI agent that can spend money, by hijacking the server or framework it runs on, poisoning its instructions, or stealing its credentials. The agent keeps its valid identity, so it passes checks that only ask who it is, but it now acts for the attacker. It is account takeover moved up to the agent layer.
What is a kill-switch for an AI agent?+
A kill-switch lets the owner instantly stop an AI agent from transacting. With FLINT Sentinel, the verified owner can freeze the agent's passport from an out-of-band alert on Telegram or email, and a frozen agent is blocked from transacting anywhere FLINT is checked. Freeze is reversible.
How do I protect an AI agent's wallet?+
Give the agent a verifiable identity (a FLINT agent passport), set explicit spending limits, watch for tampering with those limits, and keep an out-of-band kill-switch. FLINT Sentinel does the watching and the kill-switch: it alerts you when an agent's permissions are escalated and lets you freeze it with one tap.
Does FLINT stop my agent from being hijacked?+
No. FLINT does not patch the framework or prevent the breach itself. It catches the takeover the moment the agent tries to escalate its authority or move money, alerts you out-of-band, and lets you freeze it, so a compromise upstream does not become an unbounded loss. It is one layer of defense in depth.
What is FLINT Sentinel?+
FLINT Sentinel turns an agent passport into a portable anti-fraud tool. It watches an AI agent's permissions, logs every change, alerts the owner out-of-band when those permissions are escalated, and provides a one-tap reversible freeze.
Build the agentic commerce trust layer with us.
We're partnering with a founding cohort, from teams scaling agent payments to teams just starting to integrate digital payments. Wherever you are on that journey, if agents are beginning to move real value for you, we want to build with you.
Partner with FLINT and you get a future-proofed solution built at the frontier of agentic commerce, designed by people who live in both halves of the problem: compliance and agentic finance. That means early access to the full six-layer verification stack and the trust graph, a direct line into the roadmap and the spec, white-glove integration support, and a signed, regulator-grade verification record you can stand behind from day one.
FLINT is already live where agents are: a connectable MCP server in Claude and a listed verification endpoint in Coinbase's x402 Bazaar.