What is Akamai's Know Your Agent (KYA) protocol?

Know Your Agent (KYA) is a protocol launched by Akamai on June 15, 2026, as part of its broader Agentic Security Framework. KYA aims to verify the identity, origin, and intent of AI agents, and link each agent to an accountable human user. The protocol provides a standardized way for AI agents to declare these attributes during transactions, similar to how Know Your Customer (KYC) works in finance. Launch partners include Visa, Experian, and Skyfire. The goal: when an AI agent makes a purchase, books a service, or executes a transaction, there is a verifiable, auditable record of which human authorized it and what permissions they granted.

What is Akamai's Agentic Security Framework?

Akamai's Agentic Security Framework is a unified six-pillar architecture launched June 15, 2026, that combines: (1) verified agent identity (Know Your Agent / KYA), (2) adaptive trust analysis, (3) user-centric authentication, (4) edge-based enforcement via Akamai's CDN, (5) operational visibility and observability, and (6) pay-per-request monetization. It integrates with identity providers like Auth0 and Ping Identity, so enterprises can apply existing security controls to AI agents the same way they apply them to human users. The framework targets the emerging 'AI commerce' use case where agents are buying, selling, and transacting on behalf of users.

Why is Visa partnering with Akamai on Know Your Agent?

Visa joined the Know Your Agent launch because the next wave of card-not-present fraud is expected to come from AI agents transacting on behalf of users — both legitimately and adversarially. Visa needs a way to distinguish a legitimate agent acting under a real user's authorization from a malicious agent attempting to drain a card. KYA gives Visa a standardized protocol to verify, in real time, that an agent presenting a payment credential has a verifiable identity, an authorized human principal, and intent metadata consistent with the transaction. Experian's role is identity verification of the human principal behind the agent.

How does KYA compare to Vercel Passport or Cloudflare AI Identity?

All three target AI agent identity but at different layers. Akamai KYA is a transaction-layer protocol for declaring agent identity to other parties during commercial transactions — it's the 'show ID at the door' protocol. Vercel Passport (launched June 17, 2026) is an enterprise identity-provider integration that puts agents behind corporate SSO (Okta, Microsoft Entra) inside a company. Cloudflare's AI Identity / Worker AI Bindings focus on agent identity at the edge runtime layer. KYA is for cross-enterprise commerce; Passport is for intra-enterprise governance; Cloudflare's offerings are for runtime workload identity. The three are complementary, not competitive.

Quick Answer

What Is Akamai's Know Your Agent (KYA) Framework? (June 2026)

Published: June 22, 2026

What Is Akamai’s Know Your Agent (KYA) Framework?

Akamai launched its Agentic Security Framework — including the Know Your Agent (KYA) protocol — on June 15, 2026, with Visa, Experian, and Skyfire as launch partners. It’s the first major attempt to build a financial-grade identity layer for AI agents transacting on behalf of humans. Here’s what it does and how it fits with the rest of the AI identity stack.

Last verified: June 22, 2026.

TL;DR

Launched: June 15, 2026.
What it is: Agent identity protocol + 6-pillar security framework + edge enforcement on Akamai’s CDN.
Key partners: Visa (payments), Experian (identity verification), Skyfire (agent payment infrastructure), Auth0, Ping Identity.
Use case: AI agents making transactions on behalf of humans — payments, bookings, account changes.
Analogy: Know Your Customer (KYC) for AI agents.
Sits between: Vercel Passport (intra-enterprise governance) and Cloudflare AI Identity (runtime workload identity). KYA is the cross-enterprise transaction layer.

What KYA actually is

Picture an AI agent attempting to book a flight on your behalf. Today, the airline sees: a browser session, a credit card, a name. The airline has no idea whether the “user” is a human at a keyboard, an agent acting under that human’s authorization, or a malicious agent presenting stolen credentials.

Know Your Agent gives the airline a standardized way to ask the agent: “Who are you? Who authorized you? What are you allowed to do?” And gives the agent a standardized way to answer with a verifiable, cryptographically-signed assertion.

A KYA assertion includes:

Agent identity — a cryptographic identity unique to this agent
Origin — which provider/platform the agent was built on (e.g., OpenAI ChatGPT, Anthropic Claude, a specific enterprise deployment)
Principal — the human user the agent is acting on behalf of, verified via Experian or another identity provider
Intent metadata — what the agent is trying to do, with permission scopes
Authorization chain — proof that the human granted the agent permission for this class of action

Akamai’s CDN enforces these assertions at the edge — meaning every HTTP request from an agent can be evaluated against KYA in real time before reaching origin servers.

The six-pillar framework

KYA is one pillar. The full Agentic Security Framework includes:

Pillar	What it does
1. Verified Agent Identity (KYA)	Cryptographic identity + principal attribution
2. Adaptive Trust Analysis	Behavioral scoring — does this agent behave consistently with declared intent?
3. User-Centric Authentication	Re-authenticate the human principal for high-stakes actions
4. Edge-Based Enforcement	Policy enforcement at Akamai’s CDN, not just at origin
5. Operational Visibility	Logging, observability, audit trail of agent activity
6. Pay-Per-Request Monetization	Charge agents per transaction; ties payment to identity

The framework is integrated with Auth0 and Ping Identity as identity providers, so enterprises can apply existing access controls to AI agents the same way they apply them to human users.

Why Visa and Experian care

Two distinct problems, two distinct partners:

Visa: payment fraud. Card-not-present fraud is the largest category of payment fraud globally. AI agents transacting at scale will amplify the problem if every agent presents a stolen card indistinguishably from a legitimate one. KYA gives Visa a real-time signal: this card present came from a verified agent operating under user X’s verified authorization. Fraudulent transactions can be flagged before they settle.

Experian: identity verification. KYA requires linking the agent to a verified human principal. Experian provides the verification of the human side — confirming the user exists, the user authorized the agent, and the user’s identity is not flagged for fraud or compromise.

Skyfire provides the agent-side payment infrastructure — wallets, micropayments, agent-to-agent settlement.

Why this matters now

Three forces converge:

AI commerce is becoming real. OpenAI’s ChatGPT and Anthropic’s Claude both shipped agent-driven shopping flows in 2025-2026. Agents booking flights, buying groceries, paying for SaaS subscriptions is no longer hypothetical.
Fraud is following. Adversaries are deploying AI agents to commit fraud at scales humans can’t match. KYC for AI is the obvious countermeasure.
Enterprises are blind. Most companies have no idea which AI agents are accessing their systems, who deployed them, or what permissions they carry. Akamai’s edge sees this traffic — they’re well-positioned to enforce identity here.

How KYA fits with Vercel Passport and Cloudflare AI Identity

The same week, three identity launches at different layers:

Product	Layer	Purpose
Akamai KYA (Jun 15)	Transaction / cross-enterprise	Agent identity in commerce
Vercel Passport (Jun 17)	Enterprise SSO / intra-enterprise	Agents behind corporate identity provider
Cloudflare AI Identity / Worker bindings	Runtime / workload	Identity at the agent runtime

These are not competitors — they’re a stack. A real production agent in 2027 will likely:

Authenticate to its home enterprise via Vercel Passport (or Okta/Entra directly).
Run with a runtime workload identity via Cloudflare (or AWS/GCP equivalents).
Present Akamai KYA assertions when transacting with external systems.

Limits and open questions

Adoption. KYA is only useful if both sides speak it. Akamai shipped it, but airlines, retailers, banks, and SaaS providers have to add KYA verification on their inbound traffic. Visa and Experian’s involvement is a strong push, but adoption takes years.

Standardization. KYA is currently an Akamai-led protocol. The agent identity space has multiple competing proposals (W3C work, IETF drafts, OAuth WG extensions, Anthropic’s MCP identity proposals). KYA will need to converge with or beat these.

Privacy. A protocol that verifies “agent X is acting under user Y’s authorization for transaction Z” is also a near-perfect surveillance tool. Akamai will need clear privacy boundaries to avoid this becoming an agent-economy panopticon.

Adversarial robustness. A determined adversary deploying agents under hijacked identities will defeat KYA the same way they defeat KYC — with synthetic identities, social engineering, and stolen credentials. KYA raises the bar but doesn’t eliminate the problem.

Who should care today

Build/integrate KYA if:

You’re a merchant, financial institution, or SaaS provider that expects significant AI-agent traffic in 2026-2027.
You’re a regulated industry (payments, healthcare, financial services) where unauthorized agent transactions create compliance exposure.
You’re already an Akamai customer — KYA enforcement is a configuration change, not a rebuild.

Watch but don’t integrate yet if:

You’re a smaller business with limited agent exposure. Wait for protocol convergence.
You’re a developer-focused product. Vercel Passport-style enterprise SSO is more immediately useful for you than KYA.

Bottom line

Akamai’s Agentic Security Framework is the most ambitious attempt to date to build a financial-grade identity layer for AI agents. Whether KYA becomes the standard depends on adoption beyond launch partners — but the structural need it addresses is real and growing. Expect competing proposals from Cloudflare, Microsoft, and possibly an OpenAI / Anthropic / Google joint specification within 6-12 months.

For now, KYA is the first place to point when someone asks “but how do we know an AI agent is legitimate?”

Sources: Akamai newsroom press release (June 15, 2026), Yahoo Finance, SecurityBrief, Brief Glance, SahmCapital. Last verified: June 22, 2026.