A customer opens their AI agent on a Friday evening. They configure a set of standing instructions: reorder household supplies when stock runs low, renew subscriptions before they lapse, flag any financial product that beats their current mortgage rate and initiate a comparison. They have delegated, deliberately and explicitly, a portion of their decision-making to a machine. The machine accepts the delegation. It begins.
Six weeks later, the customer loses their job.
Their agent does not know. Their agent was not designed to know. Their agent continues to execute: reordering, renewing, flagging, initiating. The mandate was granted. The instructions are technically valid. The payment credentials remain active. Every transaction the agent initiates passes the compliance checks that were designed for the moment of onboarding, not the moment of execution.
On the other side of those transactions, a retailer receives an automated order. A subscription platform processes a renewal. A financial services institution receives an inquiry - then an application - from an agent acting on behalf of a human whose financial circumstances have changed materially since the mandate was issued.
None of these institutions know. They cannot know. The systems they built were designed to see the agent. They were not designed to see the human behind it.
This is the design failure at the centre of the agentic economy. Not fraud. Not technical failure. A failure of design philosophy - the assumption, baked into an entire era of digital infrastructure, that verifying identity at the point of onboarding is sufficient to sustain trust across the full duration of a delegated relationship.
The AXD Institute calls the framework required to close this gap Know Your Human - or KYH.
This essay defines the problem, maps the existing infrastructure that does not solve it, and sets out the design principles that do.
I. The Three Moments of Human Authority
Every delegated transaction in the agentic economy passes through three distinct moments of human authority. Each moment carries a different relationship between the human principal, the agent, and the institution receiving the agent's actions. Each moment presents different design challenges. And each moment is addressed by different, and currently fragmented, parts of the emerging trust infrastructure.
The first moment is the moment of intent. The human decides what they want. They form a goal - purchase a product, manage a budget, renew a policy - and they carry that goal, consciously or otherwise, into the interaction that follows. This is the moment that Know Your Customer (KYC) was designed to address. At onboarding, an institution verifies that the human forming the intent is who they claim to be, that their identity is legitimate, and that their relationship with the institution is sanctioned. KYC is a point-in-time answer to a point-in-time question: who is this person, right now, in this moment of establishment?
The second moment is the moment of delegation. The human authorises an agent to act. They configure the mandate - the scope, the permissions, the boundaries of the agent's authority. This is the moment that Know Your Agent (KYA) was designed to address. The credential layer being assembled by Visa, Mastercard, Google, OpenAI, and others aims to verify that the agent carrying a mandate is legitimate, traceable to a verified human, and operating within declared parameters. KYA is an identity answer to an authority question: can we trust this agent, and who issued it?
The third moment is the moment of execution. The agent acts. It does so continuously, asynchronously, often without the human's immediate awareness - hours, days, or weeks after the mandate was configured. This is the moment that no existing framework addresses. Neither KYC nor KYA was designed for the temporal gap between delegation and execution, the space in which the human's circumstances, intentions, and authorisations continue to change while the agent's instructions remain static.
KYH - Know Your Human - is the design framework for the third moment.
II. Why the Existing Infrastructure Does Not Solve This
The week this essay was written, World - the iris-scanning identity company co-founded by Sam Altman - launched AgentKit, a developer toolkit allowing AI agents to carry cryptographic proof that they are backed by a verified human. The system integrates World's biometric identity layer with Coinbase and Cloudflare's x402 payment protocol. A human scans their iris. They register agents under their verified World ID. Those agents carry proof of human backing into every transaction they initiate. The Chief Product Officer described the mechanism as power of attorney for AI.
It is a meaningful piece of infrastructure. It solves a real problem. And it does not solve the KYH problem.
AgentKit establishes that a verified human existed and authorised an agent at the moment of registration. It does not establish that the same human, in the same state, with the same intentions, stands behind every subsequent action that agent takes. The cryptographic proof it provides is historical, not continuous. It answers the question who was this human when the mandate was granted, not who is this human now.
The same limitation applies to Mastercard's Verifiable Intent framework, launched in collaboration with Google in early 2026. Verifiable Intent creates a tamper-resistant record of what a user authorised at the moment of transaction capture. It provides cryptographic proof of authorisation that consumers, merchants, and issuers can rely on. But the authorisation it verifies is the authorisation configured at the moment of intent - the standing instruction, the predefined scope, the mandate the human set before the agent began operating. If the human's circumstances have changed between the setting of that mandate and its execution, Verifiable Intent does not surface that change. It verifies the instruction. It does not verify the human behind it.
This distinction matters more than it may initially appear. An agent can behave entirely consistently - same transaction patterns, same decision logic, same compliance signals - while acting outside the authority its principal would, if asked in the present moment, grant it. Familiar behaviour is not evidence of current authorisation. And in the agentic economy, familiar behaviour is the primary signal most platforms are using as a proxy for trust.
III. The Authority Drift Problem
"Familiar patterns no longer guarantee authorised outcomes."
The AXD Institute uses the term authority drift to describe the progressive divergence between a human principal's current intentions and the standing mandate their agent continues to execute. Authority drift is not fraud. It is not a technical failure. It is an inherent structural property of any system in which a human grants delegated authority at one point in time and an agent exercises that authority continuously across subsequent time.
In the current era of agentic commerce, authority drift is invisible to the institutions receiving agent-initiated transactions. There is no signal for it in the data. There is no field in the payment payload that says this mandate was configured under circumstances that no longer exist. The transaction arrives looking identical to a transaction that represents current, coherent, explicitly maintained authorisation - because nothing in the system was designed to record the difference.
The legal and liability implications of this invisibility are already being worked through in payments infrastructure. Rivero, a payments dispute specialist, has noted that if a cardholder's agent initiates a transaction the human would no longer sanction, existing dispute frameworks treat the transaction as authorised, because the cardholder delegated authority to the agent. The grey area between unauthorised use, instruction design failure, and agent misbehaviour has no established resolution pathway. The human's current state of mind is not a recoverable fact.
For institutions operating under Consumer Duty obligations, this is not merely a commercial risk. It is a regulatory one. Consumer Duty requires firms to act to deliver good outcomes for retail customers - outcomes assessed against the customer's actual interests, not the instructions they configured in a prior state. An agent acting on an outdated mandate, in ways that do not serve the customer's current interests, creates a Consumer Duty exposure that the institution cannot see, cannot measure, and cannot remediate without a KYH-capable design layer.
IV. The Trust Stack Has a Missing Layer
The infrastructure race underway in agentic commerce is the most significant rebuild of digital trust architecture since SSL. OpenAI and Stripe have the Agentic Commerce Protocol, live in ChatGPT. Google and Shopify have the Universal Commerce Protocol. Mastercard has Agent Pay, extended to all US cardholders in November 2025. Visa has the Trusted Agent Protocol with ten or more partners. World has AgentKit. Coinbase has x402.
Each of these represents a genuine contribution. The trust stack is being assembled with serious resources and serious intent. But the stack, mapped against the three moments of human authority, has a visible gap.
The identity layer - World ID, biometric verification, zero-knowledge proofs - addresses the moment of intent. It establishes that a verified human exists and is associated with a credential.
The agent credentialing layer - KYA, TAP, ACP, registered agent identifiers - addresses the moment of delegation. It establishes that the agent carrying a mandate is legitimate and traceable.
The transaction verification layer - Verifiable Intent, Agent Pay tokenisation, x402 - addresses the moment of execution at the level of the specific transaction being initiated.
What no layer addresses is the temporal continuity of human authorisation across the full lifecycle of a delegated mandate. The gap between delegation and execution, which may span days, weeks, or months, during which the human principal continues to exist as a changing, living entity whose relationship to their standing instructions is invisible to every institution in the chain.
KYH sits in that gap. It is not a competing layer in the trust stack. It is the connective tissue the stack currently lacks.
V. What Know Your Human Requires as a Design Framework
KYH is not a product. It is a design philosophy - a set of principles that shape how agentic systems maintain their connection to the living human whose authority they exercise. The AXD Institute sets out five foundational principles for KYH-compliant system design.
The principle of continuous relevance. An agent's mandate is not a static document. It is a live expression of a human principal's intentions, subject to change as those intentions change. KYH-compliant systems treat the mandate as requiring continuous validation against the human's current context, not merely against the human's identity at onboarding. This does not require constant interruption of the human - it requires contextual intelligence that detects material change and surfaces it at the appropriate threshold.
The principle of proportional authority. An agent's authority should be scoped to the minimum necessary to execute the delegated task, and that scope should contract as the agent moves further from the moment of delegation. KYH-compliant systems apply time-decay to the confidence weight assigned to a standing instruction, requiring re-confirmation for high-stakes actions initiated significantly after the mandate was configured.
The principle of principal legibility. The human should always be able to see, in terms they understand, what their agent is currently authorised to do, what it has recently done, and what it is planning to do. This is not a notification problem. It is an interface design problem. The principal's relationship to their agent must be visible, navigable, and correctable in real time - not reconstructible in retrospect from a transaction log.
The principle of contextual sensitivity. KYH-compliant systems are designed to detect signals of material change in the principal's context - not as surveillance, but as stewardship. A significant change in transaction patterns, a change in employment status where declarable, an explicit signal of financial stress - these are inputs that a well-designed agentic system uses to pause, reconsider, and re-engage with its principal before acting. Consumer Duty-aligned institutions should consider this principle mandatory, not optional.
The principle of graceful suspension. When a KYH-compliant system cannot confirm the continued relevance of a mandate, its default state is suspension, not continuation. The agent stops. It surfaces the question. It waits for a current signal from the principal before proceeding. In contrast to the default state of most current agentic systems - which is continuation unless explicitly stopped - graceful suspension treats the human's current authorisation as a prerequisite, not a presumption.
VI. The Strategic Dimension
There is a commercial logic beneath the compliance logic that executives in financial services should not overlook.
In the agentic economy, the institution that holds the customer's primary agent relationship holds the customer's intent stream. Not their transaction history. Not their identity credentials. Their live, current, continuously expressed intentionality - the ongoing signal of what they want to do, what they are planning, and what would serve them well. That intent stream is the most valuable customer data asset in the emerging era. It sits upstream of the transaction. It shapes every commercial interaction before it is initiated.
The question of who holds the KYH layer is, in strategic terms, the question of who holds the customer relationship in the agentic economy.
World is positioning to hold the identity piece. Mastercard is positioning to hold the transaction verification piece. Card schemes, protocol consortia, and AI labs are each claiming territory in the trust stack. The piece that remains unclaimed - the continuous human validation layer, the bridge between delegation and execution, the intelligence that knows the human is still there and still means it - is the piece with the highest long-term strategic value.
Whoever builds the KYH capability does not merely satisfy a compliance requirement. They establish the deepest, most continuous relationship with the human principal in the agentic economy. They become the institution the human trusts to steward their authority on their behalf - not just at the moment of signing up, not just at the moment of checkout, but across the full arc of a changing life.
That is a different kind of customer relationship from anything the financial services industry has built before. It is also the kind of relationship that is very difficult to replicate once established.
VII. The Naming and Its Implications
The AXD Institute is proposing KYH - Know Your Human - as a canonical term for this design challenge. The coinage is deliberate and the intent is specific.
Know Your Customer is a regulatory obligation. It describes a point-in-time verification of identity. Know Your Agent is an emerging credential framework. It describes the traceability of an autonomous system. Know Your Human is a design principle. It describes the continuous, living relationship between an autonomous system and the human whose authority it exercises.
The three terms form a progression. KYC established the human's existence. KYA establishes the agent's legitimacy. KYH maintains the connection between them across time.
That progression reflects the arc of the agentic era. We are currently mid-transition between KYA and KYH. The credential infrastructure is being built. The continuous validation layer is not. The window in which institutions can shape the design standards for KYH - before those standards are set by platforms, protocols, or regulators acting without them - is open now and will not remain open indefinitely.
The institutions that treat KYH as a design problem will define it. The institutions that wait for a regulatory mandate will comply with a definition written by someone else.
VIII. A Final Image
The customer who configured their agent on a Friday evening does not think of themselves as having made a compliance-relevant decision. They think of themselves as having made a convenience decision. They delegated because delegation felt safe - because they trusted that the system would keep them in the loop, act within reasonable boundaries, and behave as they would behave if they were paying attention.
That trust is not naive. It is the basis on which the entire agentic economy will either succeed or fail.
If the agentic systems they encounter continue to act on their behalf as though nothing has changed - as though the mandate configured in one life state remains valid across the full, unpredictable duration of a living human existence - that trust will erode, and the institutions that built those systems will have earned the erosion.
If those systems are designed to maintain a living connection to the human behind them - to know, in the fullest sense of that word, who their principal is in the present moment and what they would currently sanction - then delegation becomes not a convenience, but a relationship.
Know Your Customer told institutions who their customers were.
Know Your Human tells institutions who their customers are.
The question for every executive reading this is whether those two things are the same in the organisation they are currently running.