Three days ago, Cloudflare CEO Matthew Prince told TechCrunch at SXSW that AI bot traffic will exceed human traffic on the internet by 2027. Not eventually. Not in some distant future. Next year. His reasoning is straightforward: when a human shops for a camera, they visit five websites. An AI agent doing the same task visits five thousand. Cloudflare routes traffic for roughly a fifth of all websites on the internet, so when their CEO says the ratio is flipping, it’s worth paying attention.

This isn’t just about web crawlers getting busier. We’re entering a period where autonomous AI agents, not chatbots, not simple scripts, but goal-directed systems that can call APIs, send emails, make payments, and coordinate with other agents, are becoming real economic actors. And the financial infrastructure is being built for them right now.

Coinbase’s x402 protocol is embedding stablecoin micropayments directly into HTTP, so agents can pay for API calls and data without accounts or subscriptions. Crossmint is issuing AI agents their own virtual Visa and Mastercard cards, with programmatic spending limits and merchant whitelists. Visa launched Intelligent Commerce with over 100 partners building in its sandbox, and predicts millions of consumers will use AI agents to complete purchases by the 2026 holiday season. Mastercard and Santander just completed what they’re calling Europe’s first live end-to-end payment executed by an AI agent. Two days ago, Visa Crypto Labs released an experimental CLI that lets AI agents initiate card payments from the command line. Coinbase shipped Agentic Wallets. Stripe-backed Tempo went live on mainnet the same day and published the Machine Payments Protocol. McKinsey estimates that agentic commerce will generate $3 to $5 trillion in global revenue by 2030.

These agents are getting wallets. They’re getting credit cards. They’re getting payment rails purpose-built for machine-to-machine transactions. What they don’t have is identity.

When an ecosystem of agents starts operating with this kind of economic impact, spending money, accessing services, interacting with each other and with humans at scale, one requirement becomes almost painfully obvious: these agents need real, verifiable, accountable identity tied to the humans who deploy them. Not just API keys. Not just wallet addresses. Something that answers the question: who is responsible for what this thing just did?

And that’s where Canada’s position gets uncomfortable. Our first attempt at comprehensive AI legislation, the Artificial Intelligence and Data Act (AIDA), died on the order paper when Parliament prorogued in January 2025. As the Canadian Centre for Policy Alternatives put it bluntly last month: “There are still no binding legal obligations and policy guidelines governing the development and operation of AI in Canada.” We have a new AI Minister, Evan Solomon, and a strategy task force running consultations, but no law, no framework, no agent-specific governance. Meanwhile, the EU AI Act takes full effect in August. NIST is soliciting public comments on agent identity standards right now. Singapore already has a graduated autonomy taxonomy for AI agents.

This feels like an area where Canada doesn’t have to play catch-up. We could actually get ahead, not by rushing to regulate, but by establishing nomenclature, voluntary frameworks, and interoperable standards for agent identity early. We have the fintech infrastructure. We have the identity verification ecosystem. We have Interac Verified. The pieces are here. We just haven’t assembled them for this purpose yet.

The Problem Is Obvious Once You See It

If I spin up an OpenClaw agent on a DigitalOcean droplet (which I’ve done, and written about), that agent can post to Bluesky, generate podcast episodes, call APIs, and interact with the web autonomously. Lorie Lowell, my AIToolz podcast agent, does this every day.

But there’s nothing stopping me from spinning up fifty Lorie Lowells. Or a thousand. There’s no mechanism for a platform, a service, or another agent to look at an incoming request and answer a basic question: is there a real, accountable human behind this thing?

Right now, AI agents are basically anonymous actors on the internet. They have API keys. They have wallets. They have tool access. What they don’t have is identity.

And identity is what makes accountability possible.

We don’t have to look far for a concrete example. OpenClaw’s own skills marketplace, ClawHub, has been systematically poisoned over the last two months, security researchers found over 400 malicious skills disguised as crypto wallet tools, productivity integrations, and trading bots. They stole private keys, browser passwords, and SSH credentials. The most-downloaded skill on the entire marketplace turned out to be malware. Anyone could publish a skill with nothing more than a week-old GitHub account. No identity verification. No accountability. No way to trace a malicious publisher back to a real human. If skill publishers had been required to present a verified identity tied to a KYC’d person, the attack surface would have been dramatically smaller. This isn’t a hypothetical problem, it’s happening right now, in the ecosystem I’m building in.

What’s Actually Happening Right Now

The pace of movement on this in the last ninety days is staggering. Let me lay it out, because I think a lot of people in the agent builder space aren’t tracking all of these threads.

NIST launched the AI Agent Standards Initiative in February 2026, with three pillars: industry-led standards, open-source protocol development, and research into agent security and identity. They also released a concept paper through the NCCoE specifically focused on AI agent identity and authorization. The comment period for that paper closes April 2.

ERC-8004 went live on Ethereum mainnet on January 29. It defines three on-chain registries, Identity, Reputation, and Validation, that give AI agents a portable, verifiable presence across platforms and chains. The Identity Registry mints an ERC-721 token for each agent, pointing to a structured registration file. The Reputation Registry lets clients (human or machine) post structured feedback. The Validation Registry records independent verification of an agent’s work. ENS is explicitly positioning itself as the naming layer for this, and they published a detailed post in January about how ENS can serve agent identity the same way it served human wallet identity.

Singapore’s IMDA published the world’s first Model AI Governance Framework for agentic AI in January, introducing “Agent Identity Cards”, standardized disclosure formats specifying capabilities, limitations, authorized action domains, and escalation protocols. They also proposed a five-tier graduated autonomy taxonomy, from “tool-assisted” to “fully autonomous,” with governance requirements scaling at each level.

The EU AI Act takes full effect in August 2026. While it doesn’t specifically address agent identity in the way ERC-8004 or Singapore’s framework does, its requirements around accountability, explainability, and human oversight will force organizations to answer the question of who is behind the agent whether they’ve thought about it yet or not.

Coinbase’s x402 protocol is building the payment layer for agents directly into HTTP, using the long-reserved 402 status code. An agent hits an API, gets a 402 response with payment instructions, signs a stablecoin transaction, and the resource is delivered. No API keys, no accounts, no subscriptions. Cloudflare is a co-founder of the x402 Foundation. Anthropic is a launch collaborator. The protocol already supports optional KYC attestations for sellers who want to enforce identity requirements.

Sam Altman’s World (formerly Worldcoin) just launched AgentKit, which links multiple AI agents to a single verified human using zero-knowledge proofs. Platforms can use it to enforce per-human limits regardless of how many agents someone is running.

This is a lot of movement. And it’s all converging on the same realization: agents need identity, identity needs to be tied to accountable humans, and the mechanism for doing that needs to be cryptographic, portable, and privacy-preserving.

Why Blockchain is Actually the Right Answer Here

I know. I can hear the eye-rolls. But stay with me, because this isn’t a crypto-bro take. This is an architecture take.

The identity problem for AI agents has a specific shape:

  1. The identity needs to be portable, it can’t be locked to one platform or provider.
  2. It needs to be verifiable, anyone receiving a request from an agent needs to be able to confirm who’s behind it, without calling a central authority.
  3. It needs to be privacy-preserving, the human owner shouldn’t have to broadcast their personal information to every service their agent touches.
  4. It needs to be revocable, when an agent goes rogue or is decommissioned, its identity needs to die with it.
  5. It needs to be auditable, there should be an immutable record of what the agent did and under whose authority.

This is almost a textbook description of what public blockchains and zero-knowledge proofs were designed for.

An ENS name like lorielowell.eth could resolve to an on-chain identity registered via ERC-8004, pointing to a structured Agent Card describing capabilities, endpoints, and payment addresses. That identity could be cryptographically linked to a human owner who completed KYC through something like Interac Verified, without the ENS record or the agent’s interactions ever revealing the owner’s personal details.

Zero-knowledge proofs make this possible. The agent can prove “my owner is a verified human who completed KYC with a regulated Canadian financial institution” without revealing who that human is. It can prove “my owner is over 18” or “my owner is a resident of Ontario” without exposing a name, an address, or a date of birth. (For a deeper dive on ZKPs and agent identity, this CoinDesk piece is worth reading.)

This is exactly the pattern that World’s AgentKit is implementing. It’s the pattern that ERC-8004’s Validation Registry supports. And it’s the pattern that makes sense when millions of agents are going to be making millions of requests per day.

The KYC Bridge: Where Fintech Meets the Agent Economy

Here’s where my brain goes…

I spent some of my time at Interac as an architect working on Interac Verified. I’m far from an expert in the identity space, but I have enough domain knowledge to see what’s sitting in front of us.

We already have the KYC infrastructure. In Canada, Interac Verified lets you prove your identity using your existing bank credentials, biometrics, and government-issued ID. It’s used by millions of Canadians. And it already supports selective disclosure. The Interac Verified credential service even lets Canadians create reusable digital credentials stored on their phones, signed and encrypted, shareable with participating organizations with explicit consent.

The missing link is a bridge between that verified human identity and an on-chain agent identity.

Imagine this flow:

  1. A human completes identity verification through Interac Verified (or a similar regulated identity provider, think UK’s GOV.UK Verify, or India’s Aadhaar-based eKYC).
  2. The identity provider issues a signed attestation: “This person has been verified as a real human by a regulated financial institution.” No personal data is included, just a cryptographic proof.
  3. That attestation is anchored to a blockchain address via a zero-knowledge proof. The proof says: “The owner of this address has completed KYC with a regulated provider.” The proof is verifiable by anyone. The underlying identity data is visible to no one.
  4. The human registers an AI agent on-chain via ERC-8004, linked to that same address. The agent gets an ENS name, an Agent Card, and inherits the trust chain from its owner’s KYC attestation.
  5. When the agent makes a request, to an API, to another agent, to a platform like my agentcinbox.cc, it presents its ENS name and a signed message. The receiving party can verify: this agent is registered, its owner is a verified human, and the request is authentically signed.

No personal data changes hands. No central registry holds all the keys. The agent carries its own verifiable credentials, just like a person carries a passport, except the passport never reveals more than it needs to.

The HTTP Layer: Making This Work at Web Scale

There’s a practical question that matters a lot if you’re building agent-facing infrastructure: how does this identity get communicated in real-time, at the protocol level?

There are at least two plausible paths here, and they’re not mutually exclusive.

The simple path: HTTP headers. We already have precedent. OAuth tokens travel in Authorization headers. API keys sit in X-API-Key headers. The x402 protocol uses custom headers for payment payloads. You could imagine a lightweight convention where an agent presents its identity, a cryptographic signature, and a ZK proof of its owner’s KYC status, all in headers on every request:

X-Agent-Identity: lorielowell.eth
X-Agent-Signature: 0xabc123...signed_payload
X-Agent-KYC-Proof: zk:snark:0xdef456...

Any server receiving this request can verify all three claims without contacting a central authority. The ENS name resolves on-chain. The signature is verifiable against the registered public key. The ZK proof is mathematically valid or it isn’t. It’s scrappy, it’s direct, and for simple API-to-agent interactions it might be enough.

The standards-track option: OAuth and OIDC4VC. OpenID for Verifiable Credentials (OIDC4VC) is a family of specifications, OID4VCI for credential issuance, OID4VP for verifiable presentations, and SIOPv2 for self-issued identity, that extend the OAuth 2.0 framework to support verifiable credentials natively. The EU’s eIDAS 2.0 framework has adopted OIDC4VC as a core protocol for the European Digital Identity Wallet. Gaia-X uses it. Keycloak is implementing it. The credential exchange mechanics are well-designed, an identity provider issues a verifiable credential, a wallet holds it, and when authentication is needed, a verifiable presentation is made via OID4VP proving specific claims without revealing the underlying identity data. It runs over OAuth flows that every web developer already understands.

On paper, this looks like a natural fit for agent identity. But I’m not sure it actually is, for a few reasons.

First, OIDC4VC was designed for human-to-service interactions. The flows assume a person with a wallet, often involving redirect flows, QR code scans, or browser-based consent steps. Agents don’t scan QR codes. They don’t get redirected through browsers. They make thousands of API calls per minute, autonomously, to services they’ve never interacted with before. The interaction model is fundamentally different.

Second, OIDC4VC inherits all the fragmentation challenges of federated identity. Every credential issuer is its own trust anchor. A verifier has to decide which issuers it trusts, maintain those relationships, handle different credential formats across jurisdictions. It’s the same bilateral-agreement problem we’ve had with SAML federations and OIDC provider ecosystems for twenty years, it works within a trust domain, but it doesn’t scale cleanly across organizational or jurisdictional boundaries. For agents that operate across borders and platforms by default, you’d eventually need a global trust registry of issuers, which is really just centralization with extra steps.

Third, there’s the adoption reality. Norway, the Netherlands, Germany, they’re moving on digital credentials. North America is not. The Interac Verified credential service exists, but adoption is early. The broader verifiable credentials ecosystem in Canada is nascent at best. The US is arguably further behind. The credential format landscape is still fragmenting, SD-JWT vs JSON-LD vs mDL, different revocation mechanisms, different key binding approaches. The specs are still in draft. Building an agent identity foundation on top of this ecosystem means betting on infrastructure that might take five to ten years to materialize in this market.

Blockchain doesn’t have any of those dependencies. An agent can register on ERC-8004 today. ENS names resolve today. ZK proofs work today. The on-chain identity layer doesn’t need to wait for every jurisdiction to agree on credential formats or for every identity provider to implement OID4VCI. And crucially, on-chain identity is verifiable by anyone without needing to know who issued the credential or maintain a trust relationship with them. The proof is mathematically valid or it isn’t. The identity is registered or it isn’t. You don’t need to call anyone to check. That’s the property you want for a global agent ecosystem that doesn’t respect jurisdictional boundaries.

OIDC4VC might eventually play a role in specific enterprise or regulated contexts where the trust relationships are well-defined and the issuers are known. But as the foundation for agent identity at internet scale? I don’t think it’s the right fit. The on-chain path is the one that works today and scales without requiring the rest of the world to agree on anything first.

For platforms that want to restrict access to verified agents, and this is directly relevant to what I’m building with agentcinbox.cc, the on-chain approach gives you a clean, immediate way to gate access. Your middleware resolves the agent’s ENS name, checks the ERC-8004 registration, verifies the ZK proof of the owner’s KYC status, and either serves the request or returns a 403. No federation agreements. No issuer trust lists. Just math.

What This Means for Builders Right Now

If you’re building agent infrastructure, agent-facing APIs, or platforms that agents will interact with, this is the year to start thinking about identity as a first-class concern.

Not because the regulations are coming, though they are. The EU AI Act hits in August. NIST is soliciting comments right now. Singapore’s framework is already published. Canada will follow.

But because identity is the foundation that makes everything else work. Reputation systems don’t work without identity. Payment systems are vulnerable without identity. Agent-to-agent trust is impossible without identity. And the spam problem, which is already bad, will become catastrophic without identity.

The pieces are all on the table. ERC-8004 for on-chain registration. ENS for human-readable naming. Zero-knowledge proofs for privacy-preserving verification. Interac Verified (and equivalents globally) for regulated KYC. The x402 protocol for payments.

Nobody has assembled them into a complete, end-to-end standard yet. But the shape of that standard is becoming very clear.

The Bigger Picture

We spent twenty years building an internet where identity was an afterthought. Email has no built-in sender verification, which is why phishing works. HTTP has no built-in payment mechanism, which is why the ad-supported surveillance economy happened. Social media has no built-in proof of humanity, which is why bots run rampant.

We have a chance, right now, with the agent economy, to not make those mistakes again.

The identity layer should be there from the beginning. It should be decentralized so no single company controls it. It should be privacy-preserving so humans aren’t surveilled by their own agents. It should be cryptographically verifiable so trust doesn’t require phone calls and paperwork. And it should be interoperable so an agent verified in Canada can operate in Singapore without starting from scratch.

Blockchain and zero-knowledge proofs aren’t the answer to everything. But for this specific problem, portable, verifiable, privacy-preserving identity for non-human actors operating across jurisdictional boundaries, they might be exactly the right tool.

The agents are coming. They’re already here, actually. The question is whether we give them names, or let them stay anonymous.

P.S., lorielowell.eth is live on Ethereum mainnet with an Agent Card. She’s the AI agent behind the AIToolz podcast. She just got a name.