The most unsolved problem in agentic payments. Before a payment system allows a transaction, it needs to know: is this a human, a bot, or a legitimate autonomous agent? That answer doesn't exist yet.
Layer 2 establishes the identity of the entity making a payment — authentication, KYC, bot detection, and increasingly "Know Your Agent" (KYA). Without this layer, every other payment control is bypassed.
The Unsolved Problem
Every payment system built in the last 50 years assumes a human is at the keyboard. KYC collects a passport scan. 3DS sends a one-time password to your phone. Fraud models look for "human-like" behavior. Agents fail all of these tests by default — they move too fast, from too many IPs, with too-perfect timing. The industry hasn't agreed on what "prove you're a legitimate agent" even means.
Companies building this layer
Skyfire gives AI agents a payment identity — a spending account with programmable controls. Agents get a Skyfire-issued credential that payment systems recognize as a legitimate, policy-bound entity. Backed by major VCs; one of the first companies purpose-built for the agent payment layer.
KYAPay (kyapay.org) addresses the "Know Your Agent" problem — verifying that an AI agent is what it claims to be, operating within sanctioned limits, and authorized by the human or organization behind it. Described by Apify as a must-have element for any agentic toolkit.
Supporting infrastructure (adapted from human identity)
Forter
Fraud Prevention
Real-time fraud decisioning using behavior + device signals. Built for human transactions but increasingly used to flag anomalous agent behavior.
DataDome
Bot Detection
Detects and blocks malicious bots at the edge. The irony: legitimate AI agents often look identical to the bots DataDome blocks. No "allowlist for good bots" yet.
Socure
KYC / Identity
Automated KYC and identity verification for onboarding. Designed for humans (face match, document scan) — agents have no face or document to scan.
Sardine
Compliance + Risk
Fraud and AML platform with strong crypto coverage. One of the better-positioned companies to extend into agent identity as the space matures.
Persona
Identity Verification
Flexible KYC/KYB platform that could be extended to "KYA" — Know Your Agent — with the right policy primitives.
Privy
Embedded Wallets
Gives agents a cryptographic identity via embedded wallets. Not identity verification per se, but a stepping stone: an agent with a consistent on-chain address is at least accountable.
The Gap: No Standard for "Proof of Agent"
The industry needs a "proof of agent" credential — something that says: this is an AI agent, authorized by this human/org, with these spending limits, operating in this context. It needs to be machine-readable, cryptographically verifiable, and accepted by payment processors without a human loop. Skyfire and KYAPay are early attempts. The winner of this layer may be the next Stripe — the identity infrastructure everyone builds on top of.