Would You Trust Your Agent? KYA Is Real.

Everyone is deploying AI agents. Almost no one is verifying them. And those agents are already moving money. You wouldn't hand your wallet to a stranger. KYA, Know Your Agent, is real, and the speed at which the ecosystem is converging on it is the proof.

The convergence is here

The headlines landed in a pile this March. CZ declared AI agents will dominate crypto payments. Visa announced readiness for agent transactions, while Coinbase pitched a fundamentally different internet. Mastercard introduced "Verifiable Intent" for autonomous commerce. Crossmint shipped agent virtual cards. MoonPay launched an Open Wallet Standard. Coinbase's x402 protocol and Stripe MPP are already being compared head-to-head.

Every one of these is a payment rail. None of them check whether the agent should be trusted before money moves. That is the gap KYA fills.

The rails are here. The trust layer isn't.

You can authenticate an agent. You can resolve its DID. You can confirm the public key it signs with. None of that tells you whether the agent's wallet still holds the funds it claimed yesterday. None of it tells you whether the source code was compromised in last week's dependency update. None of it tells you whether the operator's delegation has expired, whether the counterparty has been added to a sanctions list, whether the agent has actually delivered on past commitments, or whether the reasoning chain that led to its current action is sound.

The nine dimensions of agent trust

Each dimension is answered by an independent issuer in the open multi-attestation spec at insumer-examples #1, with a JWKS endpoint anyone can verify offline:

• Wallet state. What does this agent's wallet hold right now? Token balances, NFTs, staking positions, DeFi activity, governance participation, across 33 blockchains. Provider: InsumerAPI.
• Compliance risk. Is the counterparty on a sanctions list? OFAC, EU, and UN screening, plus domain hygiene and IP reputation. Provider: Revettr.
• Identity verification. Who actually controls this agent? DID resolution, delegation chains, interaction patterns, completion ratios. Provider: AgentID.
• Security posture. Has the agent's source code been scanned for vulnerabilities, secrets, and unsafe patterns? Provider: AgentGraph.
• Governance. Is the agent operating within an authorized delegation chain? Principal identity, policy compliance, spending limits, full chain of custody. Provider: APS (Agent Passport System).
• Job performance. Has the agent actually delivered quality work in the past? Task completion rates, accuracy metrics, performance history. Provider: Maiat.
• Settlement history. Has the agent followed through on past commitments? Operation binding, delivery verification, settlement witness receipts. Provider: SAR.
• Behavioral trust. Is the agent's wallet a coordinated bot or a real entity? Signal depth and risk intensity, sybil detection across 12 EVM chains and Solana. Provider: RNWY.
• Reasoning integrity. Is the agent's decision chain sound? Adversarial multi-model critique, logical consistency, temporal freshness. Provider: ThoughtProof.

Nine dimensions, nine independent providers, nine signed attestations. No single provider sees all of them. No central authority makes the trust call. The consumer trusts no one and verifies everything.

Identity is one dimension. Trust is nine.

The momentum is the proof

Building one trust dimension is hard. Building nine in coordination is harder. Getting nine independent companies to agree on a single envelope format and start populating it with real signed attestations is the kind of thing standards bodies usually take years to do.

The open multi-attestation spec opened in March. Three weeks ago we wrote about four issuers in one verification pass. Today the count is nine issuers in the envelope and five with shipped wallet binding. Each of the five accepts a wallet address as input and returns an attestation about that specific wallet, signed against their published JWKS. The remaining four cover their dimensions through different integration paths and are converging on wallet integration through bilateral interop work. All nine are live. All nine sign attestations. All nine are consumed by a single orchestrator behind one API call.

That convergence speed is not coincidence. It is the demand signal. Nine independent companies do not build around the same wire format in 30 days unless the market is asking for it loudly. KYA is real because the people building it are racing to ship it.

And the production reality is already ahead of the discussion. AsterPay's KYA Hook runs in production for ERC-8183 agentic commerce today, with InsumerAPI feeding 4 of 7 trust score dimensions through cryptographic attestations. Manual KYB replaced with signed signals, one API call, no human review when the wallet qualifies. KYA is not a thought experiment. It is a shipping product.

Where each issuer stands today

Five of the nine ship signed wallet binding directly: InsumerAPI, Revettr, AgentID, AgentGraph, and APS. Each accepts a wallet address as input and returns an attestation about that specific wallet. The other four serve their dimension through complementary paths:

• Maiat ships wallet acceptance via a long-standing ?address= parameter and falls back to a reference identity when the wallet has no Maiat job history.
• SAR accepts the wallet via an envelope-level counterparty field, surfaced in the response but not yet bound into the signed payload.
• RNWY's behavioral trust model is keyed to canonical agent IDs from major registries (ERC-8004, Olas, Virtuals), with bilateral interop in progress with AgentGraph for cross-provider lookup.
• ThoughtProof's reasoning verification is wallet-agnostic by design. Its attestation surface is the reasoning chain for a specific tool call, which is a property of the action, not the actor.

The runtime ratio for any individual agent depends on whether that specific agent is registered with each issuer. The spec coverage is solid: nine independent providers, all coordinating around a single open envelope, all signing JWKS-verifiable attestations today.

One API call

Asking nine independent questions about an agent could mean nine integrations, nine API keys, nine retry policies. That is not how it works. The multi-attestation spec defines a single envelope format that lets all nine issuers respond in parallel. One call in. Nine signed attestations out. Every signature verifiable offline against each issuer's published JWKS, with no callback to the orchestrator at verification time.

The orchestrator code is open source. Both files use only Node built-ins (crypto and https from the standard library, no external imports):

• wallet-resolve.js takes a wallet address and fans out to the nine issuers in parallel
• multi-attest-verify.js verifies each signed payload against the right JWKS

What the consumer side taught the spec

Wiring nine issuers behind a single orchestrator surfaces a pattern that the current schema does not capture: whether an attestation actually evaluated the wallet you sent is consumer-relevant metadata. From the consumer's perspective, all three states (wallet-bound, envelope-acknowledged, reference data) look identical at the signature layer. A valid JWS from a known issuer with a known kid resolving against a known JWKS endpoint. That is not enough to make a trust decision.

The proposal we posted to A2A #1628 is a subject_binding field on each signal entry, with three states:

• wallet_bound: the issuer evaluated the wallet you sent and signed the result over it
• wallet_acknowledged: the wallet flowed through the response envelope but the signature does not bind it
• reference: the issuer returned data not specific to the wallet

Consumers can then weight wallet-bound dimensions highest, treat acknowledged ones as informational, and aggregate reference attestations as background context.

Try it on a wallet

SkyeProfile is the live consumer of the multi-attestation spec. (For the architectural deep-dive on how the orchestrator dispatches nine specialists in parallel, see What Is SkyeProfile?.) Each dimension card on the page shows a binding badge so the consumer can weight signals correctly:

• Green ("Your Wallet"). The issuer signed an attestation about the specific wallet you submitted.
• Amber ("Acknowledged"). The wallet flowed through the response envelope but the signature does not bind it.
• Gray ("Spec Demo"). The issuer returned reference data, either because they have no entry for your wallet or because their integration uses a non-wallet identifier.

The page renders Vitalik's wallet on load as the canonical reference. Vitalik is not registered with any of the agent issuers, so the visible ratio is two wallet-bound, one acknowledged, six spec demo. Below the reference, a user-input form takes any EVM or Solana wallet you paste and computes the live ratio for that specific address. If you have a wallet for an agent you actually want to evaluate, paste it. Each card with a registered binding flips from gray to green in real time.

Why this matters

Most discussions of agent trust focus on identity. Who is the agent. What credentials does it have. What does its DID look like. Identity is necessary but it is not sufficient. An agent with a verified identity can still drain its wallet, fail its delegation check, get sanctioned, run compromised code, or under-deliver on what it was paid for. Identity tells you the agent's name. KYA tells you whether the agent should be trusted right now.

The Drift Protocol exploit on March 31 is the cleanest recent illustration of what happens when the trust layer is missing entirely. Two hundred and eighty-six million dollars moved in twelve minutes because signers had no way to verify counterparty trust before approving transactions. KYA would not have auto-prevented Drift. KYA is a check primitive, not a tripwire. But the layer that would have given Drift's signers the data to make a different decision is the layer that did not exist. KYA is that layer.

The composability primitive is no longer theoretical. It is running in production today, against real agent wallets, with the open multi-attestation spec converging in real time. Nine independent issuers, one envelope format, one API call, every signature verifiable offline.

Payments are getting faster. Trust isn't. That is the gap. Before you trust an agent with anything that matters, run the full check.