"Know Your Customer" took decades to become the standard compliance framework for financial services. "Know Your Agent" is being built in years — driven by regulators who have watched AI agents execute trades, process loans, and manage accounts without a clear identity or governance framework.
This is the complete guide to KYA: what it is, why it matters, and how to implement it.
What is Know Your Agent?
Know Your Agent (KYA) is a governance framework that applies the logic of KYC — identity verification, due diligence, ongoing monitoring — to autonomous AI systems.
Traditional KYC asks: who is this customer, what is their risk profile, and are they behaving consistently with that profile? KYA asks the same questions about an autonomous agent: who authorised it, what is it permitted to do, and is its current behaviour consistent with that authorisation?
KYA is not a regulatory standard yet — but it is the framework that regulators under MiCA, the EU AI Act, and emerging AI governance frameworks are converging toward. CASPs, investment firms, and regulated AI operators that implement KYA now are ahead of mandatory requirements, not just best practice.
The Four Questions KYA Answers
1. Who Is This Agent?
Without KYA: the agent is identified by an API key or service account. These leak, rotate without traceability, and cannot distinguish individual agent instances.
With KYA: each agent instance holds an X.509 certificate issued by a trusted CA. The certificate contains the agent's unique ID, the authorising organisation, the issuing date, and the authority limits. It is signed by a KMS-backed private key — non-repudiable and tamper-evident.
2. What Is It Authorised to Do?
Without KYA: authority limits live in application configuration or the LLM's system prompt. Both can be modified or injected.
With KYA: authority limits are embedded in the certificate as scope extensions, signed by the CA. Changing them requires certificate reissuance. The scope is enforced at the cryptographic layer before any application code runs.
3. Is It Behaving Normally?
Without KYA: unusual behaviour is detected only after significant damage — or not at all.
With KYA: every action is scored against a behavioural baseline established during onboarding. Deviations generate alerts. Significant deviations trigger automatic certificate revocation.
4. What Has It Done?
Without KYA: logs may exist, but they can be modified, and there is no proof that the agent that executed a transaction was the same agent that was authorised.
With KYA: every action is written to a WORM audit log with the agent's certificate fingerprint and a cryptographic signature. Non-repudiation is provable.
KYA vs. KYC: Key Differences
KYA shares the logic of KYC but differs in execution:
Identity document: KYC uses passports and company registrations. KYA uses X.509 certificates backed by HSM-held private keys.
Due diligence timing: KYC onboarding is periodic. KYA monitoring is continuous — every action is assessed.
Response to anomaly: KYC requires human review. KYA can trigger automatic revocation — the agent stops immediately.
Audit trail: KYC relies on transaction records. KYA adds cryptographic proof — each record includes the agent's signature over the action payload.
Implementing KYA: Step by Step
Step 1: Agent Registration
Create a permanent record of the agent: its purpose, the authorising operator, the LLM and framework versions, and the deployment environment. This is the KYA equivalent of collecting customer identification documents.
Step 2: Scope Definition
Define what the agent may do: maximum transaction sizes, permitted instruments or APIs, geographic constraints, operating hours, and any human-in-loop requirements above certain thresholds. These become the certificate scope — they are signed by the CA and cannot be changed without reissuance.
Step 3: Baseline Observation
Deploy the agent in observation mode for 7–14 days. Collect metrics on normal operation: transaction sizes, frequency, counterparty distribution, time-of-day patterns, tool call patterns. This is the KYA equivalent of understanding what normal activity looks like for this customer.
Step 4: Baseline Approval
A qualified person reviews the observed baseline and approves it. This approval is logged with their identity and timestamp. The baseline becomes the reference for ongoing anomaly detection.
Step 5: Continuous Monitoring
Full anomaly detection activates. Every action generates a risk score. Scores above 0.75 trigger pre-revocation warnings; scores above 0.85 trigger automatic revocation. All events are written to the WORM audit log.
Step 6: Periodic Review
Certificates expire (30–365 days depending on agent risk classification). Renewal requires re-assessment — scope review, baseline recalibration, and operator risk refresh. This is the KYA equivalent of annual KYC review.
KYA Under Current Regulation
No regulation currently mandates KYA by name. But the requirements that KYA satisfies are already in force:
EU AI Act (Articles 9, 12, 14) — risk management, automatic logging, human oversight for Annex III systems.
MiCA (Articles 67–72) — governance framework, record-keeping, testing and monitoring for CASP algorithmic trading.
DORA (Article 9) — ICT risk management, including for automated systems used in financial operations.
Implementing KYA now means being ready for the next wave of AI-specific regulation, not scrambling to retrofit compliance.
Common KYA Mistakes
Mistake 1: Treating KYA as a one-time onboarding exercise. KYA is continuous. An agent that passes onboarding checks but gradually drifts from its baseline is not KYA-compliant.
Mistake 2: Implementing only the logging layer. Logs without enforcement are discovery tools, not control mechanisms. KYA requires that anomalies trigger automated responses, not just generate alerts.
Mistake 3: Conflating agent identity with API key identity. An API key identifies a service. KYA requires per-instance cryptographic identity — distinguishing individual agent deployments, not just service types.
Mistake 4: Leaving scope definition to the system prompt. Prompt-defined scope can be modified by prompt injection. Certificate-embedded scope is enforced at the cryptographic layer.
Getting Started
Kakunin implements the full KYA stack: agent registration, certificate issuance with scope enforcement, behavioral baseline, continuous anomaly detection, pre-revocation warnings, automatic revocation, and WORM audit log.
Start with agent registration — it takes five minutes via API or CLI and gives you a permanent identity record before the first line of agent code runs.