Know Your Agent (KYA)
KYC for autonomous AI systems. Cryptographic identity, behavioral baselines, continuous monitoring, and automatic enforcement — the governance framework regulators are converging on.
What is Know Your Agent?
In financial services, “Know Your Customer” is the standard for verifying who your customers are and monitoring their behaviour continuously.
Autonomous AI agents now execute trades, process payments, and manage regulated data — often without per-action human oversight. Know Your Agent (KYA) applies the same logic: establish identity, define authority, profile normal behaviour, detect deviations, respond automatically.
KYA is the framework that satisfies obligations under MiCA, the EU AI Act, and DORA for operators deploying autonomous AI in regulated environments.
The Four KYA Pillars
Cryptographic Identity
Each agent instance holds an X.509 certificate issued by Kakunin's KMS-backed CA. Non-repudiable, tamper-evident, per-instance — not a shared API key.
Signed Authority Limits
Scope policy — max transaction size, allowed instruments, permitted counterparties, operating hours — is embedded in the certificate. Cannot be changed without reissuance.
Behavioral Baseline
A 7–14 day observation period establishes normal operation. Every subsequent action is scored against this baseline. Gradual drift is caught, not just sudden spikes.
Automatic Enforcement
Score ≥ 0.75 → pre-revocation warning, on-call paged. Score ≥ 0.85 → certificate automatically revoked. Agent halts immediately. No human required in the critical path.
Regulatory Alignment
KYA is not a named regulation — but the obligations it satisfies are already in force.
Governance framework, record-keeping, testing and monitoring for CASP algorithmic trading.
Risk management system, automatic logging, human oversight for Annex III high-risk AI systems.
ICT risk management framework including automated systems in financial operations.
Frequently Asked Questions
What is Know Your Agent (KYA)?
Know Your Agent (KYA) is a governance framework that applies KYC principles to autonomous AI systems. It establishes cryptographic identity for each agent, defines authority limits, profiles normal behavior, and continuously monitors for deviations — automating the oversight that KYC applies to human customers.
Is KYA required by regulation?
KYA is not mandated by name, but the obligations it fulfills are in force under MiCA Articles 67–72 (governance, monitoring, record-keeping for CASPs), EU AI Act Articles 9, 12, and 14 (risk management, automatic logging, human oversight), and DORA Article 9 (ICT risk management).
How does KYA differ from standard API key authentication?
API keys identify a service, not a specific agent instance — they can be shared, leaked, and rotated without audit trail. KYA uses X.509 certificates: per-instance cryptographic identity, KMS-backed private keys that never leave the HSM, scope embedded in the certificate and enforced before the LLM's decision runs.
How does automatic revocation work?
When an agent's anomaly score exceeds 0.85 (configurable), Kakunin revokes the certificate immediately. All subsequent scope checks for that certificate return "revoked" — the agent cannot execute any further guarded actions. The event is written to the WORM audit log. A replacement agent can be spun up with a fresh certificate.
What frameworks does the verify_agent_scope decorator support?
verify_agent_scope works with any Python function (sync or async). Framework-specific integrations exist for LangChain (KakuninToolGuard, langchain_scope_callback), AutoGen (KakuninConversableAgent), LangGraph (kakunin_node), LlamaIndex (KakuninFunctionToolGuard), CrewAI, and CAMEL-AI.
Start implementing KYA
Register your first agent in 5 minutes. Certificate issued, scope defined, monitoring active.