Introducing AG9 by VeryAI: Instant Agent Accountability
AG9 introduces a new primitive for the agentic internet: a KYA (Know Your Agent) attestation that proves an AI agent is owned and explicitly authorized by a verified human.
Today, there is no reliable way to prove who owns an agent or whether a specific action was actually approved by a real person. Credentials can be shared, API keys can leak, and sessions can be reused across environments.
This creates a structural problem for platforms. They are forced into a tradeoff: either block automated activity entirely and limit functionality, or allow it without clear accountability. Neither approach scales in an internet where agents are becoming the default interaction model.
What’s missing is a verifiable link between human intent and agent execution.
Why AG9 now?
As agents become more autonomous and widely deployed, expectations around trust and control are changing.
Infrastructure providers, APIs, and platforms increasingly need a way to verify ownership and intent in real time. Not just whether a request is valid, but whether it was actually authorized by a real human. At the same time, users need stronger guarantees that they remain in control of the systems acting on their behalf — especially as agents gain the ability to execute higher-risk actions across financial, social, and operational contexts.
What’s missing is a standard that is both secure and interoperable. Something that works across systems, doesn’t require rebuilding existing infrastructure, and can operate at production scale.
AG9 is built to meet that need.
Introducing AG9
AG9 introduces a new primitive for the agentic internet: a KYA (Know Your Agent) attestation that proves an AI agent is owned and explicitly authorized by a verified human.
At its core, AG9 is a signed, machine-verifiable credential that binds four critical elements:
- A verified human identity
- A specific agent
- A clearly defined scope of behavior
- An explicitly approved action
This creates a cryptographic link between intent and execution — allowing systems to reason not just about what an agent is doing, but whether it should be allowed to do it.
Each attestation is signed and verifiable in under 100ms via standard JSON Web Key Sets (JWKS), enabling seamless integration into existing authentication and authorization pipelines without added latency or complexity.
For the first time at scale, this makes it possible to verify in real time that an agent’s action was approved by a real human.
Built for existing infrastructure
AG9 is designed as an extension layer that composes with existing identity and security primitives rather than replacing them.
Modern systems rely on standards such as OAuth 2.0 access tokens, OIDC identity assertions, and signed requests to authenticate sessions and authorize access. These mechanisms establish who is making a request and what they are allowed to do within a system boundary, but they do not establish human ownership or intent provenance behind autonomous agent actions.
AG9 introduces a new verification primitive: biometric-backed owner attestation.
This primitive binds a verified human identity — established via palm biometrics — to agent activity, producing a cryptographically signed, machine-verifiable proof that a given action was explicitly authorized by a real person.
The system is designed to interoperate with existing infrastructure, including:
- Edge and traffic validation layers (Cloudflare Web Bot Auth)
- Agent identity standards (A2A signed agent cards)
- Onchain registries (ERC-8004)
- Identity providers (Auth0, Entra)
Where existing systems authenticate sessions, AG9 verifies that actions were explicitly approved by a real person.
How AG9 works
AG9 introduces a simple interaction model that aligns with how agents are already deployed today.
First, platforms integrate AG9 into their existing authentication or request validation pipeline. This typically involves adding a verification step that can evaluate AG9 attestations alongside existing credentials.
Next, users link their agents. During this process, each agent is cryptographically bound to a verified human identity, and the user defines the scope of what that agent is allowed to do. This creates a persistent relationship between the human and the agent that can be referenced across systems.
When an agent attempts to perform a sensitive action — such as executing a transaction, accessing protected data, or making a high-impact API call — the user is prompted to approve or deny it. Each approval generates a signed attestation that is tied to that specific action and can be verified by any downstream service.
At any point, users can revoke access or update permissions, maintaining continuous control over agent behavior.
FAQs
What is KYA (Know Your Agent), and how is it different from KYC?
KYA is an extension of identity verification tailored for the agentic internet. While KYC verifies a human’s identity at a point in time, KYA focuses on verifying the relationship between a human and an agent; what the agent is, who it represents, and what it is allowed to do.
How does AG9 fit into existing authentication systems like OAuth or Auth0?
AG9 does not require third parties to replace existing systems. It adds an additional verification layer that can be evaluated alongside tokens or sessions. This allows platforms to continue using their current infrastructure while gaining the ability to verify human-approved agent actions.
Does AG9 introduce latency or complexity into production systems?
No. Attestations are designed to be lightweight and verifiable in under 100 milliseconds using standard JWKS. This makes them compatible with high-throughput systems and real-time applications.
More Information
AG9 is designed as a system for a world where agents are the default interface to the internet.
If you’re building systems where trust, automation, and user control intersect, AG9 provides a new primitive to support that future.
Learn more at ag9.ai or reach out to explore integration.
Ready to build with AG9?
Bind every agent action to a verified human.
