AgentKit and the Identity Crisis of Agentic Commerce

On March 10, 2026, Tools for Humanity — the company behind Worldcoin — quietly released a developer toolkit called AgentKit. The pitch was straightforward: a verification layer that lets AI agents prove they are acting on behalf of a real, authorized human. The toolkit plugs into World ID, the biometric identity credential that over 12 million people have enrolled in since the Worldcoin project launched.

The release got modest attention. A developer blog post. A handful of crypto-native commentators noting the Worldcoin connection. No mainstream press cycle.

This was a mistake. AgentKit is not a crypto side project. It is an early claim on what may become the most critical infrastructure layer of the next decade: identity verification for autonomous AI agents operating in the real economy. And the implications extend far beyond Worldcoin's ecosystem.

The Problem Nobody Has Solved

The agentic commerce wave is accelerating. Amazon's Buy for Me agent completes purchases on third-party websites. Klarna's AI assistant handles 2.3 million customer conversations per month and is expanding into autonomous shopping flows. OpenAI's Operator navigates websites and executes transactions. Perplexity's shopping feature closes purchases inside a search conversation. Shopify has released agent-facing commerce APIs.

But every one of these systems has a gaping hole at the center: identity.

When a human shops online, the trust model is well-established. You log in with credentials. You enter a credit card. The merchant verifies the card with the payment processor. Fraud detection systems analyze behavioral patterns — typing speed, mouse movement, IP geolocation — to confirm you are who you claim to be. CAPTCHAs confirm you are human. The entire e-commerce security stack, refined over two decades, assumes a human is sitting at the keyboard.

AI agents break every one of these assumptions.

An agent does not type. It does not move a mouse in human patterns. It does not have a consistent IP address. It cannot solve a CAPTCHA — and if it can, that defeats the purpose. An agent operating on delegated authority has access to payment credentials it did not create, shipping addresses it does not live at, and account permissions it was granted programmatically rather than through a human authentication flow.

The result is a trust vacuum. Merchants cannot reliably distinguish between:

• An agent acting on legitimate, real-time human instructions
• An agent operating on stale permissions from a human who changed their mind
• A compromised agent executing transactions with stolen credentials
• A rogue agent system with no human authorization at all

This is not a theoretical problem. It is an active fraud vector. Juniper Research estimates that online payment fraud losses will exceed $91 billion globally in 2028. The introduction of autonomous AI agents — systems that can execute thousands of transactions per hour without human oversight — threatens to multiply that exposure dramatically.

What AgentKit Actually Does

AgentKit's architecture addresses the trust vacuum with three components:

Proof of human authorization. When an AI agent initiates a transaction through AgentKit, the system generates a zero-knowledge proof that a verified human — someone who has completed biometric enrollment via World ID — authorized the agent to act. The proof confirms human authorization without revealing the human's identity, biometric data, or any personal information to the merchant.

Scoped permissions. AgentKit supports granular permission structures. A human can authorize an agent to purchase groceries up to $200 per week from approved merchants, but not to book flights or sign up for subscriptions. The permission scope is cryptographically bound to the authorization proof, so merchants can verify not just that a human authorized the agent, but that the specific transaction falls within the agent's authorized scope.

Revocable delegation. Authorization can be revoked in real time. If a user loses trust in an agent, suspects compromise, or simply changes their mind, they can invalidate the agent's credentials instantly. Merchants checking the verification layer will reject subsequent transactions from the deauthorized agent.

The technical implementation uses zero-knowledge proofs built on the same cryptographic foundations as World ID's proof-of-personhood protocol. The key innovation is extending proof-of-personhood from "this is a real human" to "this agent is acting on behalf of a specific real human, within defined boundaries, with active authorization."

The SSL Analogy Is Not Hyperbole

In 1994, Netscape introduced SSL — Secure Sockets Layer — to encrypt data transmitted between web browsers and servers. At the time, e-commerce barely existed. The web was primarily an information medium. But Netscape's founders understood that commerce could not move online without a trust layer. No one would enter a credit card number into a website without assurance that the transmission was secure.

SSL (and its successor TLS) became invisible infrastructure. The padlock icon in the browser. The "https://" prefix. Today, 95% of web traffic is encrypted. The protocol enabled a $6.3 trillion e-commerce economy by solving a trust problem that most consumers never think about.

Agentic commerce is at the same inflection point. The technology for AI agents to browse, compare, and buy is rapidly maturing. What is missing is the trust infrastructure that allows these transactions to scale. Someone needs to build the identity equivalent of SSL — a verification layer so reliable and ubiquitous that it becomes invisible.

AgentKit is an early, imperfect attempt at this. But the analogy holds structurally:

The parallel extends to the economic logic. SSL certificates were initially expensive — Verisign charged hundreds of dollars per year. As adoption became mandatory, the market commoditized, and Let's Encrypt eventually made basic certificates free. Agent identity verification will likely follow a similar curve: premium pricing in the early adoption phase, compression as competition intensifies, and eventual commoditization of basic verification with premium tiers for enhanced trust levels.

The Biometric Bet

What makes AgentKit distinctive — and controversial — is its biometric foundation. Most competing approaches to agent identity use software-based credentials: OAuth tokens, API keys, blockchain-based decentralized identifiers. These systems verify that an agent has been given credentials. They do not verify that a unique, real human is behind those credentials.

Tools for Humanity's argument is that software credentials are insufficient for high-stakes agentic commerce. An OAuth token can be stolen. An API key can be leaked. A blockchain wallet can be controlled by another AI system. Only biometric verification — proof that a real human body authorized the delegation — provides the level of assurance that merchants and payment processors will require for high-value autonomous transactions.

The numbers support the enrollment thesis, at least directionally. World ID has surpassed 12 million verified users as of early 2026, with Orb deployments in over 40 countries. The verification throughput is accelerating: the project added its last 4 million users in roughly five months, driven by expanded Orb availability and growing awareness of proof-of-personhood use cases beyond cryptocurrency.

But the biometric approach carries significant baggage.

Privacy concerns are real and unresolved. Iris scanning is among the most sensitive biometric data that exists. Tools for Humanity claims that biometric data is processed locally on the Orb, converted to an iris hash, and the raw biometric data is deleted. The zero-knowledge proof architecture means merchants never see biometric data. But the system's privacy guarantees depend entirely on trust in Tools for Humanity's implementation — trust that regulators, privacy advocates, and a substantial portion of the public have not yet extended.

The enrollment barrier limits reach. Unlike software-based identity systems that can onboard users in seconds, World ID requires physical presence at an Orb location. This creates geographic and accessibility constraints that are fundamentally at odds with the internet's borderless nature. An agent identity system that requires in-person biometric enrollment cannot achieve the universal coverage that SSL achieved through software-only deployment.

Regulatory exposure is high. The EU's AI Act, GDPR, and emerging biometric privacy laws in US states including Illinois (BIPA), Texas, and Washington create a patchwork of compliance requirements for biometric data collection. Kenya temporarily banned Worldcoin operations in 2023 over data protection concerns. Spain's data protection authority ordered a halt to data collection. A global agent identity layer built on biometrics must navigate this regulatory landscape — and the landscape is getting more restrictive, not less.

The Revenue Layer Nobody Is Talking About

If agentic commerce reaches the scale that current projections suggest — 8-12% of global e-commerce by 2028, or $500-750 billion in agent-mediated transactions — then the identity verification layer sitting underneath those transactions becomes an enormous business.

Consider the unit economics. If an agent identity provider charges $0.01-0.05 per verification (a fraction of what payment processors charge per transaction), and agent-mediated commerce generates 10-50 billion transactions annually by 2030, the identity layer alone represents a $100 million to $2.5 billion annual revenue opportunity. At higher take rates — comparable to what certificate authorities charged in the early HTTPS era — the numbers scale further.

These projections exclude non-commerce verification use cases. AI agents will increasingly interact with healthcare systems, financial institutions, government services, and enterprise platforms — all of which will require proof of human authorization. Healthcare alone, with its strict identity and consent requirements, could represent a verification market comparable to e-commerce.

The strategic implication is clear: the company that establishes itself as the default identity layer for agentic AI captures a toll-road position on the fastest-growing segment of the digital economy. This is why AgentKit matters more than its quiet launch suggested.

The Competitive Landscape

Tools for Humanity is not the only player recognizing the agent identity opportunity. The landscape is fragmented and moving fast:

Microsoft Entra is extending its enterprise identity platform to support agent-level authentication. Microsoft's approach leverages its dominant position in enterprise identity (Entra ID manages access for over 720 million users) to create agent delegation protocols within corporate environments. The limitation: Entra is enterprise-focused and does not address consumer agentic commerce.

Apple has signaled interest in device-bound agent authentication through its Secure Enclave architecture. An Apple-native approach would tie agent authorization to iPhone or Mac hardware, creating a seamless consumer experience within the Apple ecosystem. The limitation: platform lock-in that excludes the majority of the global internet population.

Okta and Auth0 are developing agent-aware authentication flows that extend OAuth and OpenID Connect for AI agent use cases. These software-based approaches offer easier deployment than biometric systems but weaker assurance levels for high-value transactions.

Stripe Identity has expanded its verification toolkit to include agent delegation verification, integrating with its existing payment infrastructure. Stripe's advantage is direct integration with the payment flow — verification and payment happen in one API call. The limitation: Stripe's reach is limited to its merchant network.

Decentralized identity (DID) protocols from the W3C Verifiable Credentials ecosystem offer a standards-based, non-centralized alternative. Projects like Spruce, Dock, and Ceramic are building agent-compatible credential systems. The advantage is no single point of centralization. The disadvantage is the same thing that has plagued decentralized identity for a decade: adoption requires coordination across an ecosystem that has no central coordinator.

The Centralization Trap

The deepest risk in the agent identity space is centralization — and it is a risk that cuts across every leading approach.

If Tools for Humanity's biometric system becomes dominant, a single private company controls who can and cannot participate in agentic commerce. If Microsoft's Entra becomes the standard, enterprise agent commerce runs through Microsoft's identity stack. If Apple's device-bound approach wins, participation in agentic commerce requires owning Apple hardware.

Each of these outcomes concentrates power in ways that should concern regulators, merchants, and consumers. The credit bureau analogy is instructive: Equifax, Experian, and TransUnion control the credit scoring infrastructure that determines who can borrow money in the United States. This oligopoly has been criticized for decades — for data breaches, for scoring errors that take months to correct, for opaque algorithms that disproportionately affect marginalized communities. An agent identity oligopoly would wield comparable power over who can participate in autonomous commerce.

The counterargument is that SSL followed the same pattern — a small number of certificate authorities became gatekeepers to the secure web — and the system worked well enough to enable a $6.3 trillion economy. Certificate authorities are regulated, audited, and subject to browser vendor oversight. A similar governance model could apply to agent identity providers.

But "worked well enough" is a low bar when the system in question will govern trillions of dollars in autonomous transactions, potentially touching every aspect of economic life. The stakes of getting agent identity governance wrong are higher than the stakes of getting SSL governance wrong, because the system will authorize not just data transmission but economic action.

What Happens Next

The agent identity space is in its earliest innings. AgentKit is a beta product with limited merchant integration. Microsoft's agent authentication is an enterprise preview. Apple has not made a public announcement. The W3C decentralized identity standards are still evolving.

But the trajectory is clear. Within 18-24 months, every major e-commerce platform will need to answer a basic question: how do we verify that the AI agent attempting to make a purchase on our site is authorized by a real human to do so? The platforms that answer this question first — with a solution that is secure, privacy-preserving, low-friction, and interoperable — will capture the trust layer of agentic commerce.

Three predictions:

By Q4 2026, at least one major e-commerce platform (Amazon, Shopify, or Walmart) will require agent identity verification for autonomous purchases above a dollar threshold. This will be the "browser warning" moment — the equivalent of Chrome marking HTTP sites as "Not Secure" in 2018, which drove mass HTTPS adoption.

By mid-2027, an industry consortium will form to standardize agent identity protocols, likely involving payment networks (Visa, Mastercard), platform companies (Apple, Google, Microsoft), and identity providers. The consortium will face the same tension that every standards body faces: members want interoperability in theory and competitive advantage in practice.

By 2028, the agent identity market will consolidate around 2-3 dominant approaches: biometric proof-of-personhood for high-value transactions, device-bound authentication for consumer convenience, and enterprise identity extension for corporate agent deployments. The approaches will not be mutually exclusive — a tiered verification system, where the level of identity assurance scales with transaction value, is the most likely equilibrium.

The Uncomfortable Question

AgentKit forces a question that the AI industry has been avoiding: in a world where AI agents act autonomously in the economy, what does it mean to be a participant in commerce?

For two decades, the answer was simple. A participant in e-commerce is a person — a human who browses, decides, and clicks "buy." The entire infrastructure of online commerce — from product pages to checkout flows to fraud detection — was built around this assumption.

That assumption is now breaking. The participant in tomorrow's commerce may be an AI agent that has never seen a product page, does not experience desire or urgency, cannot be retargeted or upsold, and executes transactions at machine speed across hundreds of merchants simultaneously. The only thing connecting this agent to the human economy is a thread of authorization — a proof that somewhere, a real person said "yes, act on my behalf."

AgentKit is an early attempt to formalize that thread. It is imperfect, controversial, and built by a company whose biometric ambitions make many people uncomfortable. But the problem it addresses — the identity crisis of agentic commerce — is real, urgent, and unsolved.

The companies that build the trust infrastructure for AI agent transactions will occupy a position as foundational as the payment networks, certificate authorities, and identity providers that underpin today's internet economy. The question is not whether this infrastructure will be built. The question is who builds it, who controls it, and whether the architecture preserves the openness and accessibility that made the internet economy possible in the first place.

The identity layer is the new protocol layer. And like every protocol battle before it, the winners will be decided not by who has the best technology, but by who achieves adoption first.