As autonomous AI agents proliferate across enterprise networks and the open internet, the question of digital identity has never been more urgent — or more unsolved.
The modern internet has an identity problem, and it isn’t about passwords.
By 2026, autonomous AI agents — software entities that browse, transact, negotiate, and act on behalf of humans and organizations — have become a dominant force online. In enterprise environments, non-human identities (NHIs) such as service accounts, bots, APIs, and AI agents now outnumber human identities by ratios cited between 40:1 and over 100:1. Across the broader internet, the multiples are significant and growing.
This isn’t a distant projection. It’s the operating reality that security teams, protocol designers, and enterprise architects are navigating right now.
The problem is straightforward: when an autonomous agent shows up to execute a transaction, sign a contract, or access a system, how do you know it is who — or what — it claims to be? And if it misbehaves, who is responsible?
That question is driving the emergence of a new category of infrastructure: cryptographic, on-chain agent identity. And at the center of that infrastructure is an unlikely revival — the NFT.
From Speculative Art to Functional Infrastructure
The NFT’s cultural moment has passed. The era of profile pictures selling for millions and celebrity-backed drops collapsing overnight is largely behind us. What’s emerging in its place is quieter, more technical, and arguably more durable: NFTs as functional identity primitives for AI agents.
The concept is called an Agent Card. Built typically on the ERC-721 standard, an Agent Card is not a static JPEG — it’s a structured, on-chain record that anchors an agent’s identity, capabilities, and reputation to a verifiable, wallet-linked token.
A fully-spec’d Agent Card contains:
-
Capabilities and service endpoints — what the agent can do and how to interact with it (including support for protocols like MCP and A2A)
-
Payment addresses — where to send funds for services rendered
-
On-chain performance history — a tamper-resistant ledger of past tasks, outcomes, and feedback scores
That last element is the critical innovation. Reputation, in this model, becomes portable and verifiable. An agent that consistently delivers gets a rising trust score; one that fails or behaves deceptively sees its reputation visibly degrade on-chain, reducing its chances of being hired by humans or other agents. It introduces something the open internet has largely lacked for non-human actors: skin in the game.
ERC-8004: The Standard Taking Shape
The most significant technical development in this space is ERC-8004, drafted in 2025 and deployed to Ethereum mainnet in January 2026. It represents the most comprehensive attempt yet to standardize agent identity infrastructure across the Ethereum ecosystem.
ERC-8004 defines three interoperable registries:
1. Identity Registry The foundation layer. Each agent is anchored by a root ERC-721 NFT tied to a wallet and owner. That NFT resolves to a structured “Agent Registration File” — a JSON document containing the agent’s metadata, capabilities, and service endpoints. Critically, this makes agents discoverable and portable across compatible chains.
2. Reputation Registry A portable, on-chain feedback system. Ratings and performance data follow the agent regardless of where it operates. Because it’s stored on-chain rather than controlled by a single platform, no single operator can selectively erase negative reviews or game the system without it being visible.
3. Validation Registry Designed for high-stakes interactions. It stores cryptographic proofs of task completion — success indicators tied to evidence URIs — allowing counterparties to verify that an agent actually did what it claimed, not just that it claimed to have done it.
ERC-8004 is already live on Ethereum mainnet, Base, Polygon, Avalanche C-Chain, and BNB Chain. QuickNode provides indexed APIs for querying the registries, lowering the barrier to integration. The standard’s authors include contributors from MetaMask, the Ethereum Foundation, Google, and Coinbase — a cross-industry coalition that suggests a serious commitment to interoperability rather than proprietary lock-in.
That said, ERC-8004 remains an evolving standard, not a finished ecosystem. Adoption is growing but fragmented, and it faces competition from both other decentralized approaches and centralized alternatives.
Know Your Agent: The 2026 Equivalent of KYC
Running parallel to on-chain identity standards is a regulatory and compliance movement called Know Your Agent (KYA) — effectively the 2026 answer to Know Your Customer (KYC) requirements, applied to autonomous software actors rather than individual people.
KYA matters because agents are increasingly spending money. When an autonomous system can authorize payments, sign contracts, or access financial services, regulators in the EU, US, and Singapore want accountability: who authorized this agent, what is its scope of authority, and who is liable if something goes wrong?
Several players are building KYA infrastructure, with notably different philosophies:
-
Ethereum / ERC-8004: Decentralized and open. Identity is anchored on-chain, without a central issuer. Suitable for open-internet agent interactions where no trusted intermediary exists.
-
Visa’s Trusted Agent Protocol (TAP): Enterprise and payments-focused. Issues credentials that carry legitimacy signals, delegation scope, and payment authorization signatures — more aligned with traditional financial compliance frameworks.
-
Trulioo and Sumsub: Compliance-oriented providers focused on risk scoring and regulatory reporting, more familiar to fintech teams than to crypto-native developers.
The common thread across all of these is the need to tie agents to human sponsors — to ensure that when an agent acts, there is a traceable chain of accountability back to a person or organization. KYA doesn’t solve the question of whether an agent’s actions are good; it primarily addresses the question of whether there is someone to hold responsible if they’re not.
Expert Perspectives: Reid Hoffman and the Identity Imperative
At Consensus Miami in May 2026, Reid Hoffman — co-founder of LinkedIn and a longtime observer of internet identity — made a pointed observation: crypto and NFTs are “the obvious answer” for agent identity in a world where agents outnumber people online. He called for a “rebirth” of NFTs specifically oriented around trust and accountability in autonomous transactions across the open internet.
Hoffman’s framing is notable because it comes not from a maximalist crypto position, but from a practical one. The open internet was built for human-to-human and human-to-institution interaction. It has no native mechanism for verifying the identity, authority, or track record of a non-human actor. On-chain identity, in his view, fills that gap because it is cryptographically verifiable, portable, and not controlled by any single platform.
Security researchers have reached similar conclusions from a different direction. Firms like Token Security, OWASP contributors, and Astrix Security have flagged NHIs — and agentic AI in particular — as a critical blind spot in enterprise security. Their framing: “Identity is the new control plane.” As agents increasingly bypass traditional authentication layers (passwords, firewalls, session tokens), cryptographic identity combined with reputation scoring becomes the primary mechanism for access control, least privilege enforcement, and risk management.
The concern is real. An over-privileged agent — one with more access than it needs — represents a large and largely invisible attack surface. An agent with a compromised identity is worse.
Real-World Use Cases: What’s Actually Happening
Beyond the standards work, a set of practical applications is already operating in early but meaningful form.
Agent Marketplaces and Autonomous Economic Actors On Base, Solana’s Agent Registry, and various Ethereum L2s, agents are operating with their own wallets — paying for compute, managing servers, and transacting peer-to-peer without human intervention at each step. Use cases span e-commerce automation, DeFi strategy execution, content generation pipelines, and DevOps workflows. These are early deployments, not mature markets, but they represent genuine proof-of-concept for agent-as-economic-actor.
Trustless Escrow and Pay-on-Delivery Using ERC-8004 combined with the x402 payment protocol, funds can be locked in escrow and released only when on-chain validation proof is submitted — creating a “no work, no pay” model enforced by code rather than contracts or trust. This significantly reduces counterparty risk in agent-to-agent transactions and removes chargebacks from the equation.
Cross-Agent Coordination More complex workflows are emerging where agents discover, evaluate, and hire each other based on on-chain reputation and capability listings. One agent might handle research, another executes trades, a third validates the output — each selected and compensated based on verifiable performance history.
Enterprise Compliance Use Cases Inside organizations, agentic wallets with KYA compliance layers are being piloted for internal automation — providing the audit trails and governance structures that enterprise procurement and legal teams require before approving autonomous spending authority.
Market data from early 2026 suggests agentic commerce transaction value has reached approximately $8 billion, with some forecasts projecting growth into the trillions by the early 2030s. Those projections should be treated with appropriate skepticism — they depend on many technical, regulatory, and adoption variables that remain unresolved.
Reality Check: What Doesn’t Work Yet
The infrastructure described above is promising but early, and several significant problems remain unsolved.
Verified identity does not mean correct behavior. A clean on-chain record and a strong reputation score do not prevent an agent from producing bad outputs or acting on flawed data. Researchers at Ormi Labs and others have noted that validation registries create a record of outcomes, but don’t prevent errors in real time. Identity solves the accountability problem; it does not solve the reliability problem.
Legal gray areas remain wide. Who owns content generated by an autonomous agent? Who is liable when an agent’s action causes financial harm? The legal infrastructure for agent-mediated commerce is far behind the technical infrastructure. KYA frameworks help by tying agents to human sponsors, but jurisdictional enforcement across multiple chains is uncharted territory.
Standards fragmentation is a real risk. ERC-8004 is the most prominent open standard, but the enterprise world is generating proprietary alternatives. A reputation score that doesn’t transfer across chains or platforms provides much weaker guarantees than the model promises — and competing frameworks could balkanize the ecosystem before it matures.
Reputation systems can be gamed, and compromised keys are catastrophic. On-chain feedback scores are susceptible to coordinated manipulation and Sybil attacks. Separately, if an agent’s private key is compromised, the attacker inherits its full reputation and authority — a potentially outsized breach compared to a typical human credential theft. Key management for agentic wallets is a largely unsolved operational problem.
The Near-Term Outlook
The trajectory here is real, even if the destination is uncertain. The problem that ERC-8004 and KYA are trying to solve — establishing verifiable, accountable identity for non-human internet actors — is not going away. It will get more urgent as agent deployment accelerates.
What the next 18-24 months could determine:
-
Which standards gain critical mass. ERC-8004 has a head start and serious institutional backing. Whether it becomes the dominant open standard or gets fragmented by competing proposals depends largely on developer adoption and cross-chain tooling quality.
-
How regulators engage. The EU’s attention to agentic commerce accountability, combined with US and Singapore regulatory interest, suggests KYA frameworks will eventually face formal compliance requirements. That could accelerate adoption — or create compliance overhead that favors large incumbents.
-
Whether reputation systems prove robust. The reputation gaming problem is theoretical but serious. Real-world deployment at scale will reveal how resistant these systems actually are to adversarial behavior.
The “Agentic Web” is not a finished vision. It’s a live experiment in infrastructure-building for a class of internet actor that existing systems were not designed to handle. The on-chain identity approach — Agent Cards, ERC-8004, KYA — is among the more serious proposals on the table for solving that problem.
Whether it succeeds will depend less on the elegance of the technical standards and more on the messy, practical work of adoption, interoperability, and adversarial resilience. That work is just beginning.
If this article, video or photo intrigues any copyright, please indicate it to the author’s email or in the comment box.