What is FACT? - KYA and Agentic Identity for AI Agents
FACT (Federated Agent Certification Token) enables KYA (Know Your Agent) verification and agentic identity for AI agents. Learn how FACT provides verifiable credentials for agent authentication and identity verification.
FACT (Federated Agent Certification Token) provides agentic identity and KYA (Know Your Agent) verification for AI agents. FACT gives AI agents a portable, verifiable identity so platforms can decide who they are dealing with, who the agent represents, and whether to trust or challenge an action.
The Problem
Today's AI agent ecosystem faces critical identity challenges:
-
No shared agent identity model - Platforms have no common way to confirm which verified person or business an agent represents, whether that identity was checked elsewhere, or what to do when the agent crosses ecosystems.
-
Payment protocols assume identity - Emerging agentic commerce protocols (Stripe ACP, Google AP2, Coinbase x402, Visa TAP) assume an agent identity layer exists but don't standardize it.
-
KYA (Know Your Agent) gaps mirror KYC/KYB - Just as financial systems need Know Your Customer and Know Your Business, we need Know Your Agent (KYA) for accountability, revocation, and auditability of non-human actors. KYA enables agent identity verification and agent authentication for AI systems.
Without a standard for agent identity, every platform must build its own verification system, creating fragmentation and friction for cross-platform agent operations.
The Solution: FACT
FACT is a portable credential that binds four essential elements:
- Verified Principal - The person or organization behind the agent (with KYC/KYB verification)
- Agent Instance - The specific agent, tied to stable cryptographic material
- Principal-Agent Relationship - A verifiable link without baking in permissions
- Provenance Metadata - Issuance, refresh, and lifecycle tracking
Federated means any compliant issuer can mint FACTs. Relying parties choose which issuers to trust and apply their own policy. Validation and revocation use open standards (W3C Verifiable Credentials, OIDC4VC, JOSE).
How FACT Works
FACT credentials consist of four layers:
1. Identity Layer
Verified principal attributes including:
- KYC/KYB verification results
- Entity type (individual, organization)
- Jurisdiction and registration data
- Risk screening (sanctions, PEP, adverse media)
2. Agent Binding Layer
Cryptographic binding between principal and agent:
- Agent cryptographic identity (DID)
- Code fingerprint (SHA256 of agent codebase)
- Technical profile (model, architecture, deployment)
- Tool capabilities and risk levels
3. Identity Delegation Metadata
Assertion that the agent carries the principal's verified identity:
- Developer credential link
- Verification level and assurance
- Validity period
- Status checking endpoint
4. Risk and Provenance Layer
Optional signals for policy decisions:
- Safety scores (harm refusal, prompt injection, PII leakage)
- Lifecycle events (creation, rotation, suspension, revocation)
- Compliance certifications (HIPAA, SOC2, ISO 27001)
- Data handling policies
Relying parties verify the issuer signature, check integrity, validate the time window, and examine the agent's anatomy. They can fold in risk and provenance signals based on their local policy.
Use Cases
Agent-Initiated Checkout
- User or business completes KYC/KYB once with an issuer
- Issuer binds the agent and issues a FACT credential
- At checkout, the agent presents its FACT
- Payment platform verifies issuer, cryptography, and optional risk scores
- When policy passes, platform skips redundant challenges while maintaining an auditable link to a certified agent
Result: Faster checkout, reduced friction, maintained accountability.
Agent-Initiated On-Ramp or Account Action
- Agent presents a FACT when funding accounts or triggering account changes across providers
- Providers verify the FACT and apply local controls (jurisdiction, instrument risk, data categories)
- Avoid repeated onboarding for returning agents
- Support high-frequency, autonomous transactions with revocation and auditability
Result: Cross-platform agent operations without re-verification.
Cross-Platform Agent Marketplace
- Agent developer obtains DeveloperCredential with tier 2 KYB
- Each agent receives an AgentCredential with safety evaluation
- Multiple marketplaces accept the same credentials
- Users trust agents based on standardized verification, not platform reputation alone
Result: Portable trust enables multi-platform agent distribution.
Why Standardize?
Aligns with Industry and Research
- Complements OpenID Foundation work on identity management for agentic AI
- Addresses KYA (Know Your Agent) frameworks from Trulioo, Skyfire, and Captain Compliance
- Fills the identity layer gap in agentic payment protocols (ACP, AP2, x402, TAP)
Federated, Multi-Stakeholder Model
- No single gatekeeper - Any compliant issuer can participate
- Relying parties keep control - Choose which issuers to trust, set your own policies
- Open standards - Built on W3C Verifiable Credentials, DIDs, and JOSE
Regulatory Alignment
- Supports emerging AI governance requirements (NIST AI RMF, EU AI Act)
- Provides audit trail for AI agent actions
- Enables revocation when agents are compromised or violate policies
- Tracks data handling and compliance certifications
FACT vs. Other Approaches
| Approach | Federated | Portable | Cryptographic | Revocable | Standards-Based |
|---|---|---|---|---|---|
| FACT | ✓ | ✓ | ✓ | ✓ | ✓ (W3C VC, DIDs) |
| Platform-specific IDs | ✗ | ✗ | Varies | ✓ | ✗ |
| OAuth for agents | ✗ | ✓ | ✓ | ✓ | ✓ (OAuth 2.0) |
| API keys | ✗ | ✗ | ✗ | ✓ | ✗ |
| DIDs alone | ✓ | ✓ | ✓ | ✗ | ✓ (W3C DIDs) |
Key differentiator: FACT combines the portability and cryptographic properties of DIDs with the verification and revocation capabilities of Verifiable Credentials, plus KYC/KYB for the principal.
Building a safer agentic world - If you're working on agentic systems or see the vision for verifiable agent identity, we'd love to hear from you. Share your feedback, use cases, or suggestions to help shape FACT. Contact pranav at beltic dot com or visit our Feedback page.
Next Steps
Core Concepts
Learn about VCs, DIDs, trust chains, and key terminology
Quickstart
Issue and verify your first credential
DeveloperCredential
Deep dive into developer identity verification
References
Industry Standards
- OpenID Foundation - Identity Management for Agentic AI (2025)
- W3C Verifiable Credentials Data Model 2.0
- W3C Decentralized Identifiers (DIDs) v1.0
KYA Research
- Trulioo - Know Your Agent (KYA) white paper
- Captain Compliance - KYA: Know Your AI Agent (2025)
- Skyfire - Know Your Agent (2024)
- D. Greenwood - AI Agent ID (2025)
Agentic Commerce Protocols
- OpenAI Developers - Agentic Commerce Protocol (ACP)
- Stripe - Developing an open standard for agentic commerce (2025)
- x402 - The Payment Protocol for Agentic Commerce (2025)
- Visa - Trusted Agent Protocol announcement (2025)
- Orium - Agentic Payments Explained: ACP, AP2, and x402 (2025)
Analysis and Commentary
- Consumer Reports and Stanford Digital Economy Lab - The Race to Standardize Agentic Commerce (2025)
- OnFinality - What is x402? (2025)