Banks have "Know Your Customer" (KYC). When you open an account, they verify who you are, understand your business, and monitor for suspicious activity.
Now regulators are asking the same question about autonomous AI agents: "How do we know who this agent is? What is it supposed to do? How do we detect if it's doing something wrong?"
Enter Know Your Agent (KYA) — the framework for governing autonomous systems.
The Problem: Agents Without Identity
An AI trading bot is running in your Kubernetes cluster. It has authority to execute trades. A vulnerability is discovered. An attacker gains access to the container.
Question: How do you know the trades being executed are still from your authorized agent, and not the attacker?
Traditional answer: "Check the API key."
The problem: API keys are just strings. They live in memory. An attacker with shell access finds it, uses it, and the API server has no way to tell the difference between the legitimate bot and the attacker.
KYA changes this. Instead of "this string matches an API key," you verify: "this action was cryptographically signed by agent X, operating within defined limits, and the behavior is consistent with what we expect from agent X."
Three Pillars of KYA
1. Cryptographic Identity
Every agent gets an X.509 certificate — the same technology that secures HTTPS. The certificate contains:
Agent name (trading_bot_eu_v2)
Scope policy (max €50K trades, EUR_USD market only)
Public key (proves agent identity)
Issuer (Kakunin — a trusted authority)
The agent uses this certificate to sign every action. Receivers verify the signature. Signature verification proves the action came from the specific agent, not someone else.
2. Behavioral Baseline
Over the first week of operation, the agent establishes what "normal" looks like:
Typical trade size: €25K (median)
Frequency: 8 trades/hour
Preferred markets: EUR_USD, GBP_EUR
Trading hours: 08:00–17:00 UTC only
These metrics become the baseline for anomaly detection.
3. Continuous Monitoring
At every action, the system checks:
✓ Is the agent's certificate still valid?
✓ Is the signature valid?
✓ Does the action match the agent's scope policy?
✓ Does the behavior match the baseline?
If something deviates, an anomaly score rises. If the score exceeds a threshold, the certificate is automatically revoked, stopping the agent.
Real-World Scenario: Detecting a Breach
Day 1, 09:00 UTC: Agent executes normal €25K trade (EUR_USD, baseline behavior). ✓ Allowed.
Day 1, 14:30 UTC: Attacker gains container access, dumps the agent's private key (from KMS).
Day 1, 14:31 UTC: Attacker tries to execute €500K trade using the stolen key.
What happens next:
Certificate valid? ✓ Not revoked yet
Signature valid? ✓ Matches agent's public key
Within scope? ✗ €500K > €50K limit
Anomaly score: 0.92 (HIGH) — 10x baseline size
Action: BLOCKED — Automatic pre-revocation warning issued
Operator sees alert: "Agent trading_bot_eu_v2 tried to exceed scope. Certificate revoked in 5 minutes unless you ACK."
Operator investigates, finds the breach, revokes certificate. New agent spun up. Attacker locked out.
Timeline: Breach to lockout = < 30 seconds.
Why Regulators Demand KYA
EU AI Act (Article 13)
Requires "effective human oversight" and "appropriate safeguards." KYA delivers:
Documented agent identity (X.509 cert)
Authority limits (scope policy)
Automatic detection of out-of-policy behavior
Complete audit trail
MiCA (Article 67–72)
Requires crypto exchanges to maintain "governance, risk and control frameworks" for algorithmic trading. KYA is the framework:
Governance: Baseline defines what agent is authorized to do
Risk: Anomaly detection flags deviations
Control: Automatic revocation stops unauthorized actions
Best Practice (Basel III Compliance)
Banks use behavioral profiling to detect fraud. Regulators expect the same discipline for AI agents.
KYA vs. Traditional API Keys
Identity proof: API Key = Just a string. KYA = Cryptographic signature
Can be stolen? API Key = Yes, easily. KYA = Private key stays in KMS — can't be stolen
Scope limits: API Key = Per endpoint (coarse). KYA = Per certificate + baseline (fine-grained)
Anomaly detection: API Key = None. KYA = Continuous behavioral monitoring
Revocation speed: API Key = Minutes (manual). KYA = Milliseconds (automatic)
Regulatory acceptance: API Key = Grudging. KYA = Strong (required for MiCA/EU AI Act)
The Larger Picture: Trust & Governance
KYA is not just about security. It's about demonstrable governance:
To regulators: "We can prove our agent traded within scope. Here's the certificate, here's the signature, here's the baseline behavior, here's the anomaly detection logs."
To auditors: "We have a complete, cryptographically verified audit trail of every agent action."
To customers: "If our agent goes rogue, it's automatically stopped within milliseconds."
This level of governance is necessary for autonomous agents to operate in regulated industries (finance, healthcare, energy).
Getting Started
Understand KYA framework
Deploy your first agent
Monitor behavior
Ready to make your agents verifiable? Start with Kakunin's KYA framework implementation.