AI agents are stepping into roles once reserved for humans—booking appointments, managing finances, and even making purchasing decisions. As these digital proxies act on our behalf, a new challenge emerges for cybersecurity: how do you verify the identity of a “user” that isn’t human at all?
In a PaymentsJournal webinar, Memoona Anwar, Chief Compliance & Innovations Officer at Data Zoo, and Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research, explored how Know Your Customer (KYC) is evolving into Know Your Agent (KYA). In this new landscape, authoritative data is critical. It forms the foundation for verifying digital identities and creating secure, agent-driven interactions.
Building Trust in a Machine
The future isn’t coming—it’s already here. AI Agents are performing tasks across work and finance: ChatGPT or Microsoft Copilot schedule meetings, answer questions, and even interact with financial institutions on behalf of human principals. Automation is also advancing in areas like budgeting and transaction monitoring.
Despite these advancements, AI agents are not yet making unsupervised, high-stakes decisions. The challenge extends beyond technology; it’s a matter of trust. That trust rests on three key factors: the entity represented by the agent, the scope of the agent’s authority, and the reliability of the data guiding its decisions.
“When we talk about trusting an agent, we are really talking about trusting systems and machines to act on our behalf,” said Anwar. “It’s not about trusting the agent’s intelligence. It’s actually trusting the agent’s identity. It’s about authorization and how reliable the information is that the agent is acting on.”
Goldberg added: “The agents have to create their behavioral patterns and digital footprints just like humans did and build their online identity. When we talk about identity verification for human beings, the same concept holds true for agents.”
Know Your Agent
Lessons learned during the pandemic about verifying identities without in-person interaction provide a strong foundation for managing AI agents. Indirect signals and alternative forms of validation, previously used to confirm human authenticity, are now being applied to AI-driven systems.
The most complex task is verifying the data that informs agents. Verification extends beyond the individual to the machine, ensuring the agent is linked to the correct human, authorized for specific actions, and operating on trustworthy data.
This is the essence of KYA. While KYC validates individuals based on personal or biometric information, KYA focuses on machines, their data inputs, and the link between the agent and the human it represents.
“If we talk about the current stage where we are with KYA, we don’t have enough data,” said Anwar. “Right now we don’t have enough digital footprints or behavioral patterns or enough mechanisms to verify the connection.”
Additional Risks from AI
AI and agentic systems have not introduced new risks, but they have magnified existing ones, particularly in the identity space.
“The identity probing and credential stuffing was already there,” said Anwar. “The bot attacks were already there. AI increases the scale. AI is capable of trying multiple combinations of identities and trying to break into the systems at scale without human intervention. It has also become easier to conduct synthetic fraud, creating a fake identity, pairing it with real people or businesses, and then committing fraud on their behalf.”
The agent ecosystem amplifies the scale of risks and malicious behaviors. One subtle yet important risk is loss of visibility. When an agent acts, the merchant interacts with a layer of abstraction rather than the end user directly.
This raises challenging questions about intent. Is the action legitimate automation, a system error, human error, or malicious behavior? Traditional controls are not yet designed to verify identity and intent simultaneously.
The agent’s behavior is only as reliable as the data it consumes. Verifying the authenticity of that data—and the sources it comes from—is crucial, because the data creates the agent’s persona. Whatever flows into the decision engine shapes the decisions it makes.
“Data Zoo emphasizes vendor and data source due diligence,” said Anwar. “Before we onboard any data source for ID verification or KYC purposes, we conduct thorough due diligence on them, how the data was collected, how the data is maintained, how the data is updated, how the data is verified for accuracy.”
Different Risk for Different Situations
A one-size-fits-all approach won’t work in agentic AI, because not all agents or actions carry the same risk. Some decisions are low stakes. If Microsoft Copilot mismanages a schedule, a meeting can simply be rescheduled. But errors in customer onboarding fund transfers carry far higher stakes.
“You wouldn’t want to allow the transfer of significant amounts of money to businesses that haven’t been verified,” said Anwar. “You have to first conduct risk assessment of the services that you are offering. Based on that risk assessment, you have to decide what controls you have to put in place.”
Goldberg added: “Maybe the verification of these AI agents will help us get away from some of the legacy thinking on the KYC side, where we’ve been very limited from a data perspective. All the data has been very siloed and there’s been a lot of privacy constraints, and that has limited a lot of what we’ve been able to verify.”
The first step toward a secure agent-driven ecosystem is for organizations to build strong data foundations and governance frameworks centered on trust. This means investing in access to authoritative data and strengthening due diligence processes, ensuring that both the agent and the data behind it can be trusted.
“Regardless of how advanced the technology is or AI becomes, the limiting factor will always be trust,” Anwar said. “And trust always come comes back to the quality, reliability, and the integrity of data that is being used to operationalize those agents.”
