Six companies now sell products that verify AI agents before they can touch production systems. Three months ago, there were zero. Sumsub shipped the first commercial KYA (Know Your Agent) implementation on January 29, 2026. Vouched raised $17M and launched Agent Checkpoint on February 24. Beltic, Dock.io, Teleport, and Riskified followed with their own takes within weeks.
This is what a compliance category looks like when it goes from concept to product in real time. If you are deploying AI agents that open accounts, initiate payments, or access customer data, you will likely need a KYA vendor by Q4 2026. The question is which one.
Why KYA Became a Product Category Overnight
Two forces collided in early 2026 to create this market. On the fraud side, Sumsub’s Identity Fraud Report 2025-2026 documented a 180% year-over-year increase in coordinated multi-step attacks, with AI-generated fake documents appearing for the first time at 2% of all detected fakes. On the regulatory side, NIST launched its AI Agent Standards Initiative on February 17, 2026, with a concept paper explicitly calling for AI agents to be treated as “identifiable entities within enterprise identity systems.”
The business case is straightforward. PYMNTS and Trulioo surveyed 350 companies and found organizations lose an average of 3.1% of annual revenue to identity system gaps. Across those surveyed companies, that totaled $94.9 billion in annual losses. 56.3% of firms reported threats from bots or agents, and over 40% had losses directly linked to adversarial agents.
Gartner projects that 33% of enterprise software will include agentic AI by 2028, up from less than 1% in 2025. Every one of those agents needs an identity layer. That is the market these vendors are fighting over.
The Six Vendors: How They Compare
Each vendor approaches agent verification differently. The split is roughly between biometric-first approaches (binding agents to verified humans via face and document checks) and credential-first approaches (using cryptographic certificates and decentralized identifiers).
Sumsub: Agent-to-Human Binding via Biometrics
Sumsub’s approach centers on one principle: link every AI agent to a verified human face. Their KYA product uses three layers. First, Device Intelligence detects automated activity and classifies it by risk. Second, real-time risk scoring triggers verification challenges when thresholds are exceeded. Third, liveness verification confirms a real human authorized the agent, binding that person’s government-issued identity to every action the agent takes.
CTO Vyacheslav Zholudev put the philosophy plainly: “Rather than attempting to blindly trust AI agents themselves, our solution focuses on verifying the humans behind them.”
Best for: Fintech, payments, any use case where regulatory accountability requires tracing agent actions to a named individual. Sumsub already processes verifications across 220+ countries and has existing KYC/KYB infrastructure that the KYA product plugs into.
Integration: REST API, OAuth 2.1 with client credentials flow, mutual TLS for high-security environments. If you already use Sumsub for KYC, adding KYA is a configuration change, not a new integration.
Vouched: Digital Agent Passports
Vouched won “Identity Verification Solution of the Year” in the 2026 FinTech Breakthrough Awards and raised $17M specifically for their Agent Checkpoint product. Their approach issues “Digital Agent Passports” with cryptographic credentials that agents present when interacting with systems.
The passport model works like a machine-readable trust certificate. It encodes the agent’s identity, capabilities, authorization scope, and the verified human or organization behind it. Systems receiving agent requests verify the passport before granting access.
Best for: Multi-agent architectures where agents interact with many different services. The passport model means each service does not need its own verification infrastructure; it just validates the credential.
Integration: Single API call for credential verification. Vouched provides SDKs for Python, Node.js, and Go.
Beltic: W3C Verifiable Credentials and DIDs
Beltic takes a standards-based approach using W3C Verifiable Credentials and Decentralized Identifiers (DIDs). Their system issues verifiable credentials to agents that platforms can check in sub-100ms via a single API call. The privacy angle is the differentiator: platforms verify an agent’s trust level without seeing the underlying identity data.
Best for: Privacy-sensitive deployments, especially under GDPR/DSGVO constraints. Also strong for cross-border scenarios, covering 200+ jurisdictions via their underlying KYC/KYB infrastructure.
Integration: REST API with DID resolution. Credential verification is stateless, so there is no dependency on Beltic’s infrastructure being available at request time.
Dock.io / Truvera: MCP-Identity Extension
Dock.io, operating through their Truvera brand, built on Anthropic’s Model Context Protocol (MCP) with an identity extension called MCPI (Model Context Protocol - Identity). This adds biometric-bound credentials with mobile driver’s license verification. They collaborate with Vouched and the OpenID Foundation to align with emerging standards.
Best for: Teams already building on MCP-based agent architectures. The MCPI extension means identity checks happen within the existing protocol rather than requiring a separate verification sidecar.
Integration: MCP server extension. Requires MCP-compatible agent framework.
Teleport: Hardware Root of Trust
Teleport’s Agentic Identity Framework takes a fundamentally different approach. Instead of verifying agents through biometrics or credentials, Teleport creates a unified identity layer with cryptographic security anchored in hardware. Every agent identity traces back to a hardware root of trust, eliminating the possibility of credential theft or spoofing.
Best for: High-security environments, government, defense, and any deployment where credential compromise is an existential risk. The hardware dependency makes this impractical for lightweight agent deployments but extremely robust for critical infrastructure.
Integration: Requires Teleport’s infrastructure layer. Not a drop-in API.
Riskified: E-Commerce Agent Intelligence
Riskified expanded its AI Agent Intelligence product specifically to secure merchant AI shopping assistants from fraud. Their focus is narrower than the others: detecting when AI agents are being used for ticket scalping, card draining, inventory hoarding, or chargeback fraud during e-commerce transactions.
Best for: Online retailers and marketplaces. Not a general-purpose KYA solution, but if your agent fraud problem is specifically in commerce, Riskified has deeper domain models than the generalist vendors.
Integration: JavaScript tag and REST API. Designed for e-commerce checkout flows.
The Standards Race: NIST, OpenID, and AgentFacts
Vendors are building products, but the standards bodies are building the frameworks those products will eventually need to comply with. Three initiatives matter.
NIST AI Agent Standards Initiative launched February 17, 2026, with three pillars: industry-led standards, community-driven protocol development, and research investment. Their NCCoE concept paper proposes treating AI agents as identifiable entities using OAuth, OpenID Connect, SCIM, SPIRE, and Zero Trust Architecture principles. The comment deadline is April 2, 2026, which means final guidance will likely land in late 2026.
OpenID Foundation published “Identity Management for Agentic AI” in October 2025, covering Client Initiated Backchannel Authentication (CIBA) for AI agents. This is the closest thing to a wire protocol standard for agent authentication that exists today.
AgentFacts KYA Standard by Jared James Grogan is an open-source (Apache 2.0) specification with four pillars: Identity (DIDs), Capability (verified functional claims), Compliance (EU AI Act, NIST AI RMF mapping), and Provenance (supply chain transparency). It is the most comprehensive open standard but has limited vendor adoption so far.
The practical implication: any KYA vendor you choose today should be able to map to these emerging standards. Ask specifically about NIST alignment and OpenID Connect support before signing a contract.
How to Evaluate a KYA Vendor
Picking the right vendor depends on four factors.
Verification approach. Biometric binding (Sumsub, Vouched) gives you the strongest regulatory audit trail because you can prove a specific person authorized every agent action. Credential-based approaches (Beltic, Dock.io) give you better privacy properties and faster verification times. Hardware-rooted trust (Teleport) gives you the strongest security guarantee but the highest deployment overhead.
Regulatory coverage. If you operate under EU AI Act Article 14 (human oversight of high-risk AI), Sumsub and Beltic have the strongest DACH compliance stories. If you are in US financial services, American Banker’s proposed KYA framework maps agent verification to BSA/AML requirements, and Sumsub’s existing FinCEN integrations give it an edge. For cross-border deployments, Beltic’s 200+ jurisdiction coverage matters.
Integration complexity. Sumsub and Vouched offer the simplest integration path: REST APIs that return pass/fail verdicts. Dock.io requires MCP infrastructure. Teleport requires its own identity layer. If you need something running in two weeks, Sumsub or Vouched are your realistic options.
Cost model. KYA verification pricing follows the KYC model: per-verification fees ranging from $0.50 to $5.00 depending on verification depth and volume. Biometric liveness checks cost more than credential validation. Budget for 2-10x your current KYC volume, because agents transact faster than humans and trigger more verification events.
Frequently Asked Questions
What is KYA (Know Your Agent) and how does it differ from KYC?
KYA (Know Your Agent) extends KYC principles to AI agents by binding autonomous agent actions to verified human identities. While KYC verifies that a person is who they claim to be, KYA verifies that an AI agent is authorized by a specific verified person and operates within defined boundaries. KYC uses document checks and biometrics on humans; KYA uses agent detection, risk scoring, and agent-to-human binding to create accountability chains.
Which KYA vendor should I choose for EU AI Act compliance?
For EU AI Act compliance, Sumsub and Beltic have the strongest positioning. Sumsub offers biometric agent-to-human binding that directly satisfies Article 14 human oversight requirements. Beltic uses W3C Verifiable Credentials with privacy-preserving verification, which aligns well with GDPR/DSGVO data minimization principles. Both cover 200+ jurisdictions for cross-border deployments.
How much does AI agent KYA verification cost?
KYA verification typically costs between $0.50 and $5.00 per verification event, following the same pricing model as KYC. Biometric liveness checks are at the higher end, while credential-based verification (Beltic, Dock.io) costs less per check. Plan for 2-10x your current KYC verification volume, since AI agents transact faster than humans and trigger more frequent verification events.
What is NIST’s AI Agent Standards Initiative?
NIST launched the AI Agent Standards Initiative on February 17, 2026, with three pillars: industry-led standards, community-driven protocol development, and research investment. Their NCCoE concept paper proposes treating AI agents as identifiable entities using OAuth, OpenID Connect, SCIM, SPIRE, and Zero Trust Architecture. The comment deadline is April 2, 2026, with final guidance expected in late 2026.
Can I integrate KYA verification in under two weeks?
Sumsub and Vouched offer the fastest integration path with REST APIs that return pass/fail verdicts. If you already use Sumsub for KYC, adding KYA is a configuration change. Vouched’s Agent Checkpoint requires a single API call for credential verification. Dock.io requires MCP infrastructure, and Teleport requires its own identity layer, both of which take significantly longer to deploy.