AI agents are starting to move from answering questions to taking actions.
That changes the privacy conversation. If an agent only summarizes a document or drafts an email, keeping user data private is already important. But once an agent can access a service, present a credential, request approval, or help initiate a payment, privacy is no longer the full stack.
Privacy matters even more when agents start acting on behalf of people, businesses, accounts, and services. But privacy by itself does not answer the first questions agentic finance runs into: who is this agent acting for, what authority does it have, what limits apply, and what can be proven without handing over raw identity or financial data?
This is where the conversation needs to move. AI agents do not just need private execution. They need proof-based identity.
Agentic finance changes the identity problem
Most digital identity flows still assume a human is present. A user logs in, clicks approve, uploads a document, confirms a payment, or passes a KYC check. The system may be clunky, but at least the interaction is direct.
AI agents break that assumption.
An agent may access services while the user is away. It may compare offers, call APIs, submit credentials, initiate payments, or interact with another agent. In finance, that shift is not cosmetic. It changes the trust model. A platform no longer needs to know only whether a user is eligible. It needs to know whether the agent asking for access is tied to the right principal and whether the current action fits the authority that principal gave it.
Google's Agent Payments Protocol, AP2, makes this clear. Google framed agent-led payments around authorization, authenticity, and accountability, and described mandates as cryptographically signed records of a user's instructions. AP2 also launched with more than 60 participating organizations across payments, commerce, and technology. That is a useful signal: agent payments are moving from demo territory into infrastructure design.
OpenAI and Stripe's Agentic Commerce Protocol points in the same direction. In OpenAI's Instant Checkout announcement, the protocol is described as a way for AI agents, people, and businesses to complete purchases together. The trust model includes explicit user confirmation, payment tokens limited to specific amounts and merchants, and minimal data sharing.
These designs are not identical, and they do not solve every identity problem. But they show where the market is going. Payment protocols can help prove that a transaction was authorized. Agent identity infrastructure still needs to prove who stands behind the agent, what scope applies, and what can remain private.
Agentic finance needs a way to prove delegated authority, not just process a payment.
Proof of human is only the first layer
A lot of identity discussion around AI starts with proof of human. That makes sense. If agents can act at scale, platforms need some way to distinguish real users, automated abuse, and synthetic activity.
But proof of human is not enough for agentic finance.
A human behind an agent does not tell you whether that agent can execute a payment, claim a reward, submit a business credential, or trade within a defined risk limit. It does not prove that the agent is certified for a task, acting within a declared intent, or carrying a reputation history that another service can inspect.
It also does not solve privacy. If every service has to see the principal's raw identity, payment details, account history, or business documents before it trusts the agent, agents will amplify the same data exposure problem that already exists in digital identity.
The surface area gets bigger because the agent touches more services, more often, with less direct human presence. A better model is narrower: prove the fact needed for the action, and expose as little as possible behind it.
Proof-based identity verifies authority without raw data
Proof-based identity means an agent can present verifiable claims instead of carrying raw credentials into every interaction.
For a human user, that might mean proving age, jurisdiction, KYC status, or account ownership without revealing the full document or financial record. Microsoft Research's Vega work is a useful example of this direction. Vega lets users prove facts from government credentials, such as age, personhood, or professional status, without revealing the credential itself.
For an AI agent, the same principle becomes more operational.
The agent should be able to prove that it is bound to a verified principal. It should prove that it has a specific authority for a specific type of action. It should prove that the current action matches a declared intent. It should prove that a payment or transaction is inside the allowed scope. And it should do this without exposing the principal's raw identity, full credential set, payment secrets, or sensitive history to every counterparty in the path.
This is not about making agents anonymous in a way that removes accountability. It is the opposite. It is about making accountability more precise.
A service does not always need to know everything about the person or business behind an agent. It may only need to verify that the agent is authorized by an eligible principal, for this action, under these limits, at this time. That is the kind of trust primitive agentic finance needs.
zkKYA: proof-based identity for delegated agents
For zkMe, zkKYA is best understood as a response to one specific problem in agentic finance: an AI agent can act, but the system still needs to know why that action should be trusted.
An agent is not a normal user. It does not carry a passport, open a bank account, or take legal responsibility by itself. It acts on behalf of someone else: a person, a business, an account, or another accountable principal. That means the trust question changes. The system does not only need to ask whether the agent is real. It needs to verify who stands behind it, what it has been authorized to do, whether the current action fits that authorization, and whether the proof can be checked without exposing the principal's raw identity or credentials.
This is where zero-knowledge infrastructure becomes useful. In agentic finance, trust should not require every service to see the full identity, private keys, payment credentials, or sensitive account data behind an agent. A better model is to turn the necessary facts into proofs: the agent is bound to an accountable principal, its scope is limited, its intent can be checked before execution, and its behavior can be evaluated over time.
For example, an agent could prove it is acting for a verified business, within a payment limit, for an approved vendor category, without exposing the business's full identity file or banking records. The relying party gets the facts it needs for the decision, not a fresh copy of every sensitive record behind it.
zkKYA points toward that model. Instead of treating "Know Your Agent" as another disclosure-heavy verification flow, it frames agent identity as a set of privacy-preserving credentials that can travel with the agent across financial, payment, and digital service environments. The goal is not to expose more information about the human or organization behind the agent. The goal is to make delegated action verifiable.
What builders should take from this
For teams building agentic finance, the design question should be blunt.
Who is accountable for this agent's action?
What is the agent allowed to do?
What can be proven privately?
Those questions should sit close to the product architecture, not at the edge of compliance review after everything else is built. Agent permissions, payment authority, credential access, and audit trails are not minor settings once agents can move money or interact with financial services.
The safer pattern is to build around verifiable delegation from the start. Let the principal define the scope. Let the agent present proof. Let the service verify the proof without collecting raw data it does not need. Keep enough evidence for accountability, but do not turn every agent interaction into another place where sensitive credentials are copied and stored.
This is also how agentic finance can stay usable. If every transaction requires a full manual review, agents lose much of their value. If every action is trusted blindly, the risk becomes unacceptable. Proof-based identity gives builders a middle path: automation with constraints, privacy with accountability, and delegation with evidence.
Agents should carry proofs, not raw credentials
The next phase of agentic finance will not be defined only by smarter models or smoother payment flows. It will be defined by whether the systems around agents can answer basic trust questions without forcing users to expose everything.
Privacy is part of that answer. It limits unnecessary disclosure.
But agentic finance needs more than privacy. It needs identity that can be verified, authorization that can be scoped, intent that can be checked, payments that can be bounded, and reputation that can travel without turning into surveillance.
That is the case for proof-based identity.
AI agents should not carry raw identity or financial credentials from service to service. They should carry proofs: proof of principal, proof of certification, proof of payment authority, proof of intent, and proof of reputation.
The agent economy will need many layers: payments, account access, policy controls, user experience, risk systems, and audit trails. But underneath all of them is a simple requirement: when an agent acts, the system should be able to prove why that action was allowed, who stands behind it, and what stayed private.
That is the trust layer agentic finance still needs.
