Why We Need ‘Know Your Agent’ Standards Now

The widespread deployment of AI agents has sparked a trust crisis across the internet. To tame the chaos, we need a unified framework as soon as possible.

Brandon Tome
Written by Brandon Tome
Published on Mar. 16, 2026
A robot emerging from a smartphone someone is holding
Image: Shutterstock / Built In
Brand Studio Logo
REVIEWED BY
Seth Wilson | Mar 13, 2026
Summary: The rise of autonomous AI agents is sparking a trust crisis and attribution chaos. With bot traffic surging and open-source vulnerabilities rising, experts and firms like Amazon and NIST are calling for "Know Your Agent" standards to mandate verifiable identities and behavioral guardrails.

There’s plenty of discussion that this is the year of the AI agent. Bringing these autonomous systems from theory into practice raises big questions for the online ecosystem, however. In digital marketing, for example, we’re already struggling to confirm the legitimacy of clicks thanks to ad fraud and bad actors. The introduction of tools that can search, navigate and interact on behalf of the user sets the stage for attribution chaos, making it unclear whether we’re dealing with bots or buyers.

If agents take over the whole customer journey, then we need guardrails baked into their foundation. Right now, there’s no forcing function dictating agentic behavior, constraints and liability – a real concern when more than 500 vulnerabilities have been found in open-source AI assistants like OpenClaw.

As teams lose visibility into who or what’s actually engaging with their work, there’s a growing call for agent declaration standards. In my view, we need something unified that’s similar to fintech’s Know Your Customer while there’s still time to shape this technology.

What Are the 5 Pillars of Effective Know Your Agent Standards?

  1. Verifiable agent identities.
  2. Managed credentials.
  3. Least-privilege access.
  4. Tamper-proof audit trails.
  5. Prompt injection safeguards.

More on Building Better Agentic AIWant Trustworthy Agentic AI Systems? Do This First.

 

A Trust Crisis Across the Internet

We’re in an agentic gold rush, and the landscape is very much a Wild West. From agentic browsers to embedded assistants, there are no hard-and-fast rules on what these tools can and can’t do. The only assurance we have at the moment is trust. Current verification relies on self-reporting, and this results in a system that any bad actor can trivially spoof or that any agentic provider can choose to ignore.

Trust just isn’t good enough on an internet where bots account for more traffic than people and social media sites like Reddit are overrun by automated accounts promoting links, selling shady products or spreading phishing scams. OpenClaw is a textbook example of what happens when agentic verification is an afterthought. While the solution is genuinely impressive — an open-source agent that connects to your messaging apps, email and calendar to autonomously manage tasks around the clock — the tool suffered from a lack of moderation and saw hundreds of malicious skills uploaded to its directory before any real governance was in place.

Even Sam Altman notes that we’re in a “fraud crisis” and wants “proof of personhood” to protect human input online. This same trust crisis now extends to the arrival of agents operating without explicit authorization and safeguards.

 

Governments and Corporations Need Agentic Verification

The agent economy is arriving faster than the guardrails that can moderate it, and time’s running out to wrest back control. And this isn’t just me saying it: The National Institute of Standards and Technology (NIST) released a concept paper in February outlining how identity standards and access control practices should apply to agents. NIST is essentially asking for agents to be treated like any other identity in an enterprise system: known, trusted and governed. 

Likewise, Amazon wants to better dictate agent activity. In addition to deploying its own autonomous tools for advertisers and suing competitors for alleged covert agent access, the tech giant is imposing formal requirements on the use of agents and automated software systems by sellers and third-party developers, effective March 4. The corporation’s updated business solutions agreement creates a new category for agents and requires them to clearly identify themselves as automated systems at all times, comply with the new policy and immediately cease access upon Amazon’s request. 

Both corporations and governments alike know we have an agentic problem. The issue now is that we don’t seem to have a unified, cross-domain solution.

More on the Agentic AI WorldAs Companies Embrace Agentic AI, a New Kind of ‘Slop’ Is Emerging

 

Baking Identity and Function Into the Foundation

Agent trust — verifiable, standardized trust — is too important to leave to chance. Rather than expecting businesses to figure it out on their own, we need agentic providers to come to the table and agree to a common-sense framework.

From my perspective, NIST has just laid out the bones of a Know Your Agent framework: verifiable agent identities, managed credentials, least-privilege access, tamper-proof audit trails, and prompt injection safeguards. Together these controls establish a much-needed accountability chain clarifying who deployed the agent, what it was permitted to access, and what it actually did.

Short of federal regulation, these five pillars set the standard for compliant agents to meet and beat. By moving responsibility upstream onto the agents themselves, versus expecting companies to accept “anything goes” and investigate issues after the fact, security and transparency become much more scalable.

And there need to be consequences for agents that don’t toe the line. If agentic providers don’t implement these or comparable standards, careful companies should consider firewalls that require declared identity and behavioral constraints before granting access. Treat agents with the same suspicion as unverified traffic and the same technical protections: invalid traffic detection tools, zero-trust access controls and API permissioning.

The impact on marketing is already measurable. Early findings suggest that traffic from agentic browsers like Comet and Atlas masks its origin, blending with direct traffic in your analytics rather than appearing as an identifiable source. When that essentially unknown traffic enters your bidding algorithms, it corrupts the optimization loop. Google’s Smart Bidding, Performance Max and automated campaigns all learn from signals that increasingly include agent traffic they can’t identify. The result is inflated cost per action (CPA), distorted return on advertising spend (ROAS) and budget flowing toward interactions that will never convert.

The temptation is to hope these are edge cases that will sort themselves out, but our sector already loses roughly one in five marketing dollars to fraud, and we can’t afford further dilution to campaign performance. If that’s just the state of play in marketing, imagine the broader impact across the web. For example, identity fraud firm Au10tix is already documenting that agentic systems enable coordinated, self-optimizing fraud ecosystems that adapt in real time.

Don’t get me wrong: Agents promise new avenues of innovation, and we should welcome their arrival. At the same time, we can’t allow carte blanche access to the back-end. We can no longer just assume trust. We need to provide appropriate protections while enabling business value. Know Your Agent, with verifiable identities, declared constraints, and accountable trails, is how we build it.

Recent Artificial Intelligence Articles

41 Machine Learning Companies You Should Know
41 Machine Learning Companies You Should Know
AI in Real Estate: 19 Companies Defining the Industry
AI in Real Estate: 19 Companies Defining the Industry
Can New Graduates Compete With AI?
Can New Graduates Compete With AI?
Explore Job Matches.