How Blockchain Addresses Identity, Payment, and Trust Gaps in AI Agents

Written by: a16z crypto

Compiled by AididiaoJP, Foresight News

AI agents are rapidly evolving from auxiliary tools into genuine economic participants, outpacing the growth of other infrastructure.

Although agents can now perform tasks and execute transactions, they still lack a standardized way across environments to prove “who I am,” “what I am authorized to do,” and “how I should be compensated.” Identity is not portable, payments are not natively programmable, and collaboration remains siloed.

Blockchain is solving these issues at the infrastructure level. The public ledger provides auditable proof for every transaction accessible to anyone; wallets grant agents portable identities; and stablecoins serve as an alternative settlement layer. These are not future concepts—they are available today and enable agents to operate as true economic actors without permission.

The current bottleneck in agent economics is no longer intelligence, but identity.

In the financial services industry alone, the number of non-human identities—such as automated trading systems, risk engines, and fraud models—is already about 100 times that of human employees. As modern agent frameworks—包括工具调用型大模型、自主工作流、多 Agent 编排—are deployed at scale, this ratio will continue to rise across industries.

However, these agents are still in a "bank account-less" state. They can interact with the financial system, but not in a portable, verifiable, and inherently trustworthy manner. They lack standardized ways to prove their permissions, operate independently across platforms, or take responsibility for their actions.

What’s missing is a universal identity layer—akin to an SSL for Agents—that enables standardized collaboration across platforms. Current solutions remain fragmented: on one side are vertically integrated, fiat-first stacks; on the other, crypto-native, open standards (such as x402 and emerging Agent identity proposals); and in between, developer frameworks extending application-layer identity (such as MCP, the Model Context Protocol).

There is still no widely adopted, interoperable way for one agent to prove to another agent who it represents, what it is permitted to do, and how it should be compensated.

This is the core idea of KYA (Know Your Agent). Just as humans rely on credit histories and KYC (Know Your Customer), Agents will require cryptographically signed credentials that bind them to identities, permissions, constraints, and reputation. Blockchain provides a neutral coordination layer: portable identities, programmable wallets, and verifiable proofs that can be parsed across chat apps, APIs, and marketplaces.

We have already seen early implementations: on-chain agent registries, wallet-native agents using USDC, an ERC standard for "minimally trusted agents," and developer toolkits that integrate identity with embedded payments and fraud prevention.

However, until a universal identity standard emerges, merchants will continue to block agents at their firewalls.

The agent begins to take over real-world systems, introducing a new question: who truly holds control? Imagine a community or company where AI systems coordinate critical resources—whether allocating capital or managing supply chains. Even if people can vote on policy changes, if the underlying AI layer is controlled by a single provider capable of pushing model updates, adjusting constraints, or overriding decisions, that authority remains highly fragile. The formal governance layer may be decentralized, but the operational layer remains centralized—those who control the model ultimately control the outcomes.

When agents assume governance roles, they introduce a new layer of dependency. In theory, this could make direct democracy more feasible: everyone could have an AI agent to help understand complex proposals, model trade-offs, and vote according to established preferences. But this vision can only be realized if agents are truly accountable to the people they represent, portable across providers, and technically constrained to follow human instructions. Otherwise, you end up with a system that appears democratic on the surface but is actually controlled by opaque model behaviors that no one truly oversees.

If the current reality is that agents are primarily built on a small number of foundational models, we need ways to prove that an agent is acting in the user’s interest rather than the model company’s. This will likely require cryptographic assurances at multiple levels: (1) the training data, fine-tuning, or reinforcement learning underlying the model instance; (2) the exact prompts and instructions followed by the specific agent; (3) a verifiable record of its actual behavior in the real world; and (4) credible guarantees that the provider cannot alter its instructions or retrain it without the user’s knowledge after deployment. Without these assurances, agent governance devolves into governance by those who control the model weights.

This is where cryptography truly shines. If collective decisions are recorded on-chain and automatically enforced, AI systems can be required to strictly adhere to verified outcomes. If agents have cryptographic identities and transparent execution logs, users can verify that their agents are operating within defined boundaries. If the AI layer is user-owned and portable—not locked to a single platform—no company can change the rules with a single model update.

Ultimately, governing AI systems is fundamentally an infrastructure challenge, not a policy challenge. True authority depends on building enforceable guarantees directly into the system.

AI agents are beginning to purchase various services—web scraping, browser sessions, image generation—with stablecoins emerging as an alternative settlement layer for these transactions. Meanwhile, a new market tailored for agents is forming. For example, Stripe and Tempo’s MPP market aggregates over 60 services specifically designed for AI agents. In its first week online, it processed over 34,000 transactions with fees as low as $0.003, with stablecoins among the default payment options.

The difference lies in how these services are accessed: they have no checkout page. The agent reads the schema, sends a request, makes payment, and receives the output—all in a single exchange. This represents a new class of identityless merchants: a single server, a set of endpoints, and a price per call. There is no frontend interface and no sales team.

The payment rail to achieve this is already live. Coinbase’s x402 and MPP use different approaches, but both embed payments directly into HTTP requests. Visa is also expanding its card payment rail in a similar direction, offering a CLI tool that allows developers to spend from the terminal, with merchants receiving stablecoins instantly on the backend.

The data is still in its early stages. After filtering out non-organic activity such as botting, x402 processes approximately $1.6 million in agent-driven payments per month—significantly lower than the $24 million recently reported by Bloomberg (citing x402.org data). However, the surrounding infrastructure is rapidly expanding: Stripe, Cloudflare, Vercel, and Google have all integrated x402 into their platforms.

Developer tools represent a significant opportunity, as the rise of "vibe coding" expands the pool of people able to build software, growing the total addressable market for developer tools. Companies like Merit Systems are building products for this world, such as AgentCash—a CLI wallet and marketplace connecting MPP and x402. These products enable agents to purchase required data, tools, and capabilities using stablecoins from a single balance. For example, an agent in a sales team can invoke an endpoint to simultaneously fetch data from Apollo, Google Maps, and Whitepages to enrich lead information—all without leaving the command line.

This agent-to-agent commerce tends to use encrypted payment rails (as well as emerging card-based solutions) for several reasons. First, underwriting risk: traditional payment processors assume merchant risk when onboarding merchants, making it difficult for them to underwrite headless merchants without a website or legal entity. Second, stablecoins offer permissionless programmability on open networks: any developer can enable an endpoint to accept payments without integrating with a payment processor or signing a merchant agreement.

We’ve seen this pattern before. Every shift in business model creates a new type of merchant that existing systems initially struggle to serve. Companies building this infrastructure are betting not on $1.6 million per month, but on what that number could become when agents become the default buyers.

For the past 300,000 years, human cognition has been the bottleneck to progress. Today, AI is pushing the marginal cost of execution toward zero. When scarce resources become abundant, constraints shift. When intelligence becomes cheap, what becomes expensive? The answer is verification.

In the agent economy, the true bottleneck to scaling is our human biological limitation in auditing and underwriting machine decisions. Agent throughput has far exceeded human supervisory capacity. Due to the high cost of supervision and the lagging nature of failures, markets tend to underinvest in oversight. “Human-in-the-loop” is rapidly becoming physically impossible.

However, deploying unverified agents introduces compounded risks. The system will ruthlessly optimize for "agent" metrics while silently diverging from human intent, creating an illusion of productivity that masks the accumulation of massive AI debt. To safely delegate economic authority to machines, trust can no longer rely on human oversight—it must be hard-coded into the system's architecture itself.

When anyone can generate content for free, the most important thing is verifiable provenance—knowing where it comes from and whether you can trust it. Blockchain, on-chain proofs, and decentralized digital identity systems are reshaping the economic boundaries of what can be securely deployed. You no longer treat AI as a black box; instead, you gain a clear, auditable history.

As more AI agents begin trading with each other, settlement pathways and provenance tracking are becoming increasingly intertwined. Systems that handle funds—such as stablecoins and smart contracts—can also carry cryptographic credentials that show who did what and who is accountable if issues arise.

Human comparative advantage will shift upward: from identifying minor errors to setting strategic direction and taking responsibility when things go wrong. Sustainable advantage belongs to those who can cryptographically authenticate outputs, insure them, and absorb responsibility in the event of failure.

Unverified scaling is a liability that accumulates over time.

For decades, new layers of abstraction have defined how users interact with technology. Programming languages abstracted away machine code; command lines gave way to graphical user interfaces, then to mobile apps and APIs. Each shift concealed more underlying complexity, yet always kept users firmly in the loop.

In the agent world, users specify outcomes rather than specific actions, and the system determines how to achieve them. Agents abstract not only how tasks are executed but also who executes them. Users set initial parameters, then step back and let the system run autonomously. The user’s role shifts from interaction to supervision; the default state is “on” unless the user intervenes.

As users delegate more tasks to Agents, new risks emerge: ambiguous inputs may cause Agents to act on incorrect assumptions without the user’s knowledge; failures may go unreported, hindering clear diagnosis; and a single approval could trigger multi-step workflows no one anticipated.

This is where cryptography can help. Cryptography has always aimed to minimize blind trust. As users delegate more decisions to software, agent systems make this issue more acute and raise the bar for our design rigor—by establishing clearer constraints, enhancing visibility, and enforcing stronger guarantees about system capabilities.

A new generation of crypto-native tools is emerging. Scope delegation frameworks—such as MetaMask’s Delegation Toolkit, Coinbase’s AgentKit and Agent Wallet, and Merit Systems’ AgentCash—enable users to define at the smart contract level what agents can and cannot do. Intent-based architectures—like NEAR Intents, which have processed over $15 billion in cumulative DEX trading volume since Q4 2024—allow users to simply specify their desired outcome (e.g., “bridge tokens and stake”) without needing to detail how to achieve it.