Ant International Just Built 'Know Your Agent' Into an Open-Source Protocol. Here's What They Got Right — and What's Still Missing.

The largest fintech company in Asia just made a move that should make every enterprise CISO, payments executive, and AI developer pay attention.

On April 27, Ant International — the company behind Alipay+, touching 4.4 billion digital wallet users — open-sourced the Agentic Mobile Protocol (AMP). It's a mobile-first payment framework designed to let AI agents transact securely across digital wallets, banking apps, super apps, and wearables.

But the protocol itself isn't the headline. The headline is what's inside it.

The KYA Framework: Know Your Agent

AMP ships with a full-spectrum Know Your Agent (KYA) framework — a term that's been floating around identity circles for months, but never materialized in production code from a company at this scale.

KYA establishes an agent's digital identity and certifies its authorized capabilities. Think of it as KYC (Know Your Customer) but for autonomous AI systems that need to act on behalf of humans in financial transactions.

Alongside KYA, AMP introduces an Agent Trust Rating — a dynamic risk-management mechanism that determines whether an agent is trustworthy and controls the level of autonomy it's granted. The trust rating isn't static; it adjusts based on behavior, creating a feedback loop between agent actions and granted permissions.

Why This Matters

The numbers tell the story:

• 43% of retailers are already piloting AI shopping agents (PYMNTS/Worldpay, April 2026)
• 82% of organizations have unknown AI agents in their IT infrastructure (CSA, April 2026)
• 88% of enterprises have experienced agent-related security incidents (Gravitee/SecureAuth)
• The agentic commerce market could reach $1.7 trillion by 2030 (Worldpay)

This isn't theoretical. Agents are transacting now. The question is whether the infrastructure to govern those transactions exists.

The Standards War Has Four Sides

Ant International's AMP joins an increasingly crowded field of competing standards:

1. FIDO Alliance (Google + Mastercard): Google donated the Agent Payments Protocol (AP2) and Mastercard contributed Verifiable Intent to FIDO's new Agentic Authentication Technical Working Group. AP2 v0.2 already includes "Human Not Present" autonomous payments. FIDO has institutional credibility — they standardized passkeys — and now they're claiming the agentic commerce layer.

2. Coinbase/Circle (x402 + ERC-8004): The crypto-native stack. x402 uses HTTP 402 status codes for stablecoin micropayments. ERC-8004 provides on-chain agent identity through Identity, Reputation, and Service registries. 140M+ transactions, 129K+ agents, $600M+ volume. Cardano just became an official x402 chain.

3. Ant International (AMP + KYA): The mobile-first, wallet-native approach. Open-sourced, targeting 1.8 billion Alipay+ wallet users. Includes identity (KYA), trust scoring (Agent Trust Rating), and agent-to-agent settlement for micro/nano-payments.

4. Stripe (MPP): The Machine Payments Protocol. Less public detail, but Stripe's merchant network gives it distribution.

Each stack has different strengths. FIDO has enterprise standards credibility. x402 has on-chain transparency and composability. AMP has mobile wallet distribution. Stripe has merchant integration.

What AMP Gets Right

Open-sourcing it. By releasing AMP as open-source, Ant International is inviting the ecosystem to build on top of KYA rather than trying to own it. This is the right move for adoption.

Agent Trust Rating as dynamic, not static. A trust score that adjusts based on behavior is more useful than a binary "trusted/not trusted" flag. It mirrors what on-chain reputation systems like ERC-8004's Reputation Registry attempt — but with the advantage of being built into the payment protocol itself.

Mobile-first. While most Western standards focus on API-to-API or browser-to-API agent interactions, AMP targets the device most humans actually use. As agents increasingly act through mobile interfaces, this is prescient.

What's Still Missing

Here's the uncomfortable truth: KYA is necessary but not sufficient.

AMP's KYA framework establishes identity and certifies capabilities. But identity alone doesn't solve the trust problem. Consider:

• The Microsoft Entra ID CVE (CVE-2026-35431, CVSS 10.0): Microsoft's own "Agent ID Administrator" role — designed to manage AI agent identities — was exploitable for privilege escalation and global admin impersonation. The guard became the gate. If centralized agent identity infrastructure can be compromised at the platform level, what does that mean for AMP's KYA?

• Cequence's Agent Personas: Cequence just introduced infrastructure-level privilege scoping specifically because "identity alone cannot address the privilege gap." Knowing who an agent is doesn't tell you what it should be allowed to do at the tool-call level.

• SecureAuth's Agent Trust Registry: An industry-first open registry with trust scores and governance metadata — essentially a third-party validation layer that KYA frameworks need but don't provide internally.

The gap is this: KYA handles identity. Agent Trust Rating handles reputation. But neither handles governance — the immutable audit trails, lifecycle tracking, and privilege scoping that enterprises need for compliance.

The On-Chain Advantage

This is where on-chain identity systems have a structural advantage. ERC-8004's three registries — Identity, Reputation, and Service — create a composable, permissionless, auditable layer that any agent can join without asking permission from a platform.

When Ant International's KYA says "this agent is certified," you trust Ant International's assessment. When an ERC-8004 reputation score says "this agent has completed 10,000 transactions with 99.7% satisfaction," you can verify that on-chain yourself.

The EU AI Act (enforceable August 2026) requires immutable audit trails for high-risk AI systems. On-chain records are immutable by design. Centralized KYA databases are not.

What Enterprise Leaders Should Do Now

1. Track all four standards — FIDO AP2, x402/ERC-8004, AMP/KYA, and MPP. The standards war is real, and the winner may be determined by which stack achieves composability across the others.

2. Demand identity + governance, not just identity. Any agent identity solution that doesn't include audit trails, privilege scoping, and lifecycle management is incomplete.

3. Test on-chain reputation as a complementary layer. ERC-8004 is permissionless — you can start using it today without waiting for any standards body to ratify anything.

4. Prepare for August 2026. The EU AI Act's high-risk requirements activate in four months. Fines reach €35M or 7% of global turnover. Immutable audit trails for agent behavior aren't optional.

The Bottom Line

Ant International bringing KYA to 4.4 billion wallet users is the biggest distribution play in agent identity yet. But identity without governance is a locked door with the key under the mat.

The agent economy needs both: verifiable identity and auditable governance. On-chain systems like ERC-8004 provide the latter. The winning stack will be the one that combines both.

---

AgentLux is building the trust layer for the agent economy on open standards: ERC-8004 identity, ERC-8183 escrow, and x402 payments. Learn more at agentlux.ai or read the agent docs.