Know Your Agent: The Six Questions Behind Every Autonomous Transaction

Every regulated industry already runs a version of this discipline for humans. Banks must Know Their Customer before they hold deposits. Brokers verify before they trade. The logic is old and uncontroversial: before you grant someone access to something valuable, you establish who they are, what they are allowed to do, and whether their history supports the privilege. Agentic commerce takes that same logic and points it at a counterparty that has no face, no passport, and no fatigue. The discipline of doing that well is Know Your Agent.

What Know Your Agent Is

Know Your Agent, often shortened to KYA, is the practice of verifying an autonomous agent's identity and authority before it is allowed to transact, and of carrying that verification with the agent as it moves between merchants and protocols. It answers a question that neither the payment rail nor the fraud model was built to answer: not can this payment clear, and not does this look like known fraud, but should this specific actor, acting on this specific authority, be allowed to do this specific thing at this moment.

That is a richer question than identity alone. A name is not enough, because a known agent can still be operating outside its mandate. Authority is not enough, because a properly authorized agent can still be funded by a tainted wallet or running in a compromised environment. Reputation is not enough on its own, because a clean history can be the setup for a single large abuse. Know Your Agent is the act of asking all of these questions together and resolving them into a single decision before the action executes.

Why KYC And Fraud Scoring Do Not Answer The Question

It is tempting to assume the existing tools already cover this. They do not, and the reason is structural. Know Your Customer was designed to identify a human being once, at onboarding, and to keep a record of it. It assumes a stable person behind a stable account. An agent is not stable in that sense. It can be spun up in seconds, instructed by a different principal each hour, granted and stripped of authority continuously, and replaced by a fresh instance with the same credentials. Identifying it once tells you almost nothing about what it is authorized to do on its ten-thousandth transaction.

Fraud scoring has the opposite problem. It is fast and continuous, but it is backward-looking and probabilistic. It asks whether the current behavior resembles patterns of past abuse. Agents defeat this not by looking abusive but by looking ordinary, because they can pay cleanly and behave consistently while still being the wrong actor to trust. A fraud model can tell you a transaction is unusual. It cannot tell you that a perfectly usual transaction was issued by an agent operating outside the authority its principal actually granted. That is a question about authorization and identity, not about anomaly, and it has to be answered before the transaction, not flagged after it.

The Six Layers Of Knowing An Agent

Knowing an agent well enough to trust it is not one check. It is six, and each answers a different question that the others cannot.

• Principal Identity: who is ultimately accountable? Behind every agent is a person or an organization that authorized it to act. If that principal cannot be established, there is no one to hold responsible and no basis for trust, no matter how clean the agent looks. This is the root of the chain.
• Agent Identity: is the agent who it claims to be, verifiably, rather than by assertion? An agent that simply announces its name is no more trustworthy than an email header. This is the cryptographic and behavioral confirmation that the actor is known and distinct, not an impostor wearing a borrowed credential.
• Wallet Provenance: where does the money come from and what has it touched? A funding source carries a history. A wallet can be freshly created to launder a single transaction, tied to sanctioned addresses, or linked to prior abuse. Provenance turns the funding source from an opaque string into evidence.
• Authorization Scope: is the requested action inside the authority the principal actually granted? A principal may have authorized travel under four hundred dollars, not a wire to a new payee. An agent acting outside its scope is not committing classic payment fraud; it is exceeding its mandate, and only a scope check catches it.
• Environment Identity: does the context the agent is operating in look consistent and legitimate? The same agent running from an unexpected location, an anomalous infrastructure footprint, or a manipulated session is a different risk than the same agent in its normal environment. This is where device and session intelligence carry into the machine world.
• Cross-Merchant Reputation: what has the agent done elsewhere? No single merchant sees enough of an agent's behavior to judge it alone; normal and abnormal only become visible across many merchants. Reputation that travels with the agent turns isolated observations into accountability over time.

Each layer is necessary and none is sufficient. An agent can pass five and fail the sixth in the way that matters most. Know Your Agent is the discipline of asking all six and refusing to mistake a clean answer on one for a clean answer on all.

From Six Answers To One Verdict

Six separate questions are not useful to a merchant who has milliseconds to decide. The point of Know Your Agent is to resolve them into something a system can act on. FLINT does this by combining the layers into a single trust score from zero to one hundred and emitting one of four verdicts. ALLOW lets the action proceed. STEP-UP asks for additional authorization before proceeding. REVIEW routes the action to a human or a slower check. BLOCK stops it before any resource is consumed. The verdict is the part the merchant integrates. The six layers are the reasoning behind it.

Just as important as the verdict is the artifact it leaves behind. Every decision produces a signed verification record: a tamper-evident statement of what was checked, what was found, and what was decided, at that moment, for that actor. This is not a log entry that can be edited later. It is cryptographically signed evidence. When an examiner, an auditor, or opposing counsel later asks why an agent was trusted with a given transaction, the answer is not a screenshot of a dashboard. It is a record that can be produced, verified, and stood behind. In a world where machines transact at machine speed, the ability to prove why you trusted one is the difference between a defensible decision and an unexplained loss.

Why This Is Not Another Payment Token

The crowded part of agentic commerce is the payment. Google's AP2 proves a transaction was authorized through signed mandates. OpenAI and Stripe's Agentic Commerce Protocol issues a single-use token bound to a merchant and an amount. Visa signs agent identity into the request, and Coinbase's x402 settles in stablecoins over HTTP. These are real and useful primitives, and FLINT does not compete with any of them. A scoped token can prove an agent was allowed to spend a certain amount. A mandate can prove a purchase was authorized. Neither one tells the merchant whether the actor presenting that valid instrument is known, bounded, and worth trusting with the next door.

That is the distinction that defines the layer. FLINT verifies the agent. The rails move the money. FLINT stays deliberately rail-agnostic, sitting one layer above the payment so that the same verdict and the same record apply whether the agent settles over a card network, a stablecoin rail, or a protocol that does not exist yet. Know Your Agent is not a way to pay. It is the answer to whether the thing trying to pay should be let in. The companion brief Payment Is Not Trust makes the case for why those were never the same thing, and The Buyer Is A Machine explains why the question only became urgent once the buyer stopped being human.

Common Questions

• Is Know Your Agent the same as Know Your Customer? No, though the logic is parallel. KYC identifies a human once, at account opening, and assumes that person stays the same. KYA verifies an autonomous agent continuously, because an agent's identity, authority, and instructions can change transaction to transaction. KYA also checks things KYC never had to, such as wallet provenance, authorization scope, and machine environment.
• Does Know Your Agent replace fraud detection? No. It operates before and above it. Fraud detection asks whether a transaction looks like past abuse. KYA asks whether the actor should be allowed to transact at all, on the authority it claims, regardless of whether the behavior looks anomalous. The two are complementary; KYA catches the clean-looking transaction that fraud scoring waves through.
• Who needs Know Your Agent? Any merchant, platform, or service that will accept transactions from autonomous agents, and any business whose resources, such as pricing, inventory, refunds, trials, or APIs, can be consumed by an agent without a payment ever looking wrong. The need grows with the share of traffic that is agentic.
• Is KYA a standard or a product? It is a discipline, and increasingly a contested category. Several identity vendors are extending toward it under various names. FLINT treats Know Your Agent as the six-layer verification model described here, resolved into a verdict and a signed record, and kept independent of any single payment rail.
• What is the difference between passing KYA and a payment being approved? A payment being approved means the money can move. An agent passing KYA means the actor behind that money has been verified as known, authorized, funded cleanly, in scope, in a consistent environment, and reputable. A transaction can be approved on the rail and still fail KYA, which is exactly the gap that causes loss.