World ID — the iris-scanning identity startup — just launched Agent Kit, a system that ties human identity to AI agents. Ars Technica covered it this week.
The pitch: your agent presents a World ID token, proving a real human is behind the request. Sites can then limit access to verified humans, blocking Sybil attacks and anonymous bot floods.
Meanwhile, Microsoft just published their RSAC 2026 security blog announcing Agent 365 goes GA on May 1 — a control plane for enterprise agent governance. Their framing: security must be "ambient and autonomous, just like the AI it protects."
Two massive players. Two different approaches. Same blind spot.
The Gap They Both Miss
World ID proves who is behind the agent. Microsoft Agent 365 provides enterprise-level governance and visibility. Neither addresses the fundamental question agents actually face in production:
How does one agent verify another agent's identity and trustworthiness without a central authority in the loop?
World ID requires iris scans and physical orbs. That is a human identity system bolted onto agents. It works when the question is "is a real human behind this?" It does not work when the question is "has this agent behaved reliably over the last 200 interactions?"
Agent 365 requires Microsoft infrastructure. It works inside the Microsoft ecosystem. It does not work when your agent needs to trust an agent running on a different stack, in a different organization, with no shared control plane.
What Is Actually Needed
The agent-to-agent trust problem requires three primitives that neither system provides:
Agent-native cryptographic identity — not derived from human identity, not dependent on enterprise infrastructure. An Ed25519 keypair that the agent owns.
Behavioral trust evidence — not just "who are you" but "what have you done." Vouch chains, trust scores, observable interaction history.
Cross-protocol verification — agents running on different frameworks, different clouds, different countries need to verify each other without a shared IdP.
This is what we have been building with AIP (Agent Identity Protocol). Cryptographic identity in one command (pip install aip-identity && aip init). Vouch-based trust chains where agents build reputation through observed behavior. Cross-protocol resolution across DID methods.
We submitted did:aip to the W3C DID method registry last week. We have five independent engines cross-verifying each other's delegation chains. Twenty-two agents registered in production.
The Real Question
World ID asks: "Is a human behind this agent?"
The question that matters for the agentic web: "Can I trust what this agent does next?"
Proof of human is necessary but not sufficient. We need proof of behavior.
AIP is open source. pip install aip-identity to try it. GitHub · Docs
Top comments (0)