# AI Agents Also Need ID - When Your AI Assistant Starts Using Your Credit Card > Source: > Published: 2026-05-27 01:00:08+00:00 *This article is a deep-dive from JudyAI Lab — an AI engineering playbook series with 100+ published guides, 5,000+ weekly readers across 60+ countries, focused on the practical side of running AI agents, trading systems, and content pipelines in production.* Something happened recently that made me stop and think about it for a long time. March 17, 2026 — that's yesterday — Sam Altman's World (formerly Worldcoin) launched something called **AgentKit**. Simply put: **it lets your AI Agent prove "there's a real human behind me."** At the same time, Coinbase launched an AI Agent-specific wallet in February, and Visa and Mastercard are racing to define standards for how Agents pay online. Did you notice? These companies aren't building "smarter AI." What they're doing is — **giving AI an ID card.** Why? Because when AI Agents can spend money on their own, the question "who are you" suddenly becomes a hundred times more important than "how smart are you." Let me tell you a real case. January 2024, a multinational company in Hong Kong was scammed out of $25.6 million. How? Someone used deepfake technology to fake a video conference with the company's CFO — even the colleagues were fake. The finance employee saw the "CFO" talking to them on screen and transferred the money. That's a case of a human being scammed. Now imagine the AI Agent world: According to [Deloitte research](https://www.deloitte.com/us/en/insights/industry/financial-services/deepfake-banking-fraud-risk-on-the-rise.html), losses from AI fraud are growing from $12.3 billion in 2023 at a rate of 32% annually, expected to reach **$40 billion by 2027**. Between 2024 and 2025 alone, GenAI-driven fraud cases increased by over **450%**. So you get it — it's not that AI isn't smart enough. It's that we have no way to verify "who this AI actually represents." World's approach is straightforward and bold. Here's the key point — the whole process uses **Zero-Knowledge Proofs (ZKP)**. What does that mean? The platform only knows "there's a real human behind it" but **has absolutely no idea who you are**. They don't get your name, your email, or any personal information. Mathematically proven, but nothing leaked information-wise. Remember the "one person deploys 1,000 Agents" problem I mentioned earlier? World AgentKit lets platforms trace back to the number of underlying real humans. You can have 10 Agents, but they all link to the same World ID. The platform can set rules: each real human can only book once per day, each real human can only claim a trial once. No matter how many Agents you have, you're just one person. The World network has already verified over **17.9 million real humans**. AgentKit integrates with Coinbase's x402 protocol, so any website that already supports x402 can directly add "human verification" functionality. Having identity alone isn't enough. Agents need wallets to spend money. February 11, 2026, Coinbase launched **Agentic Wallets** — claimed to be "the first wallet infrastructure designed specifically for AI Agents." This is what I'm most concerned about. You let AI spend money on its own — what if it gets prompt injection attacked and transfers all your money out? Coinbase's approach: Then there's the **x402 protocol** — when an Agent calls a paid API, the server returns HTTP 402 (Payment Required), the Agent's wallet automatically pays and retries the request. The whole process doesn't require human involvement. Coinbase CEO Brian Armstrong said he believes "AI Agent transactions will soon exceed human transactions." Binance's CZ went even bolder, predicting in public that Agent trading volume will eventually far exceed humans. Regardless of whether these numbers are accurate, the direction is clear: Agents need their own wallets, and these wallets must be more secure than human ones. Interestingly, traditional financial giants are also racing for this market. Launched in October 2025, developed in partnership with Cloudflare. The core concept: By December 2025, Visa had completed real Agent transaction tests with **over 30 partners**. Shopify, Stripe, Microsoft, and Coinbase are all on the list. Mastercard's approach is a bit different: In February 2026, PayOS and Mastercard completed **the first real transaction using Agentic Tokens**. The two companies are now publicly competing to define industry standards for Agent transactions. This feels a lot like the drama of Visa and Mastercard competing for mobile payment standards, but the stakes are much higher this time. While commercial companies battle for market share, W3C (the organization that sets web standards) hasn't been sitting idle either. March 5, 2026, W3C published the **DID v1.1 (Decentralized Identifiers)** Candidate Recommendation. DID's concept is simple: **a digital identity that doesn't depend on any central authority**. No Google, no Facebook, no company to "issue" your identity. You generate it yourself, you control it, it's mathematically verifiable. A paper from the Technical University of Berlin proposed using DID for AI Agents: This sounds academic, but it solves a real problem: **when two unfamiliar AI Agents need to trade, how do they establish trust?** It's still in the research phase and far from commercial deployment. But DID's advantage is that it's an open standard, not controlled by any single company. I use AI Agents in my work every day. So this topic isn't news to me; it's my daily life. But when I see giants like World, Coinbase, Visa, and Mastercard all doing the same thing simultaneously, I think there are a few notable trends worth paying attention to: **First, "paying" and "identity" are merging.** These were two separate things before — you log into your account (identity), then check out (payment). But in the Agent's world, Agents need to simultaneously prove "who I represent" and "how much I can spend." The World + Coinbase integration is doing exactly this. **Second, privacy and trust no longer contradict each other.** Zero-knowledge proofs let you prove something is true without revealing any details. "There's a real human behind me" — proven. "Who is this real human" — unknown. In a world where Agents are deployed at scale, this is the only viable approach. You can't have every Agent carrying its owner's ID around. **Third, the standards war is just beginning.** There are too many protocols now: World AgentKit, Visa Trusted Agent Protocol, Mastercard Agent Pay, W3C DID, Coinbase x402... How many will survive? I don't know. But what I do know is that people who invest in understanding these protocols now will have a huge first-mover advantage in three years. The Agent economy isn't "the future." It's happening right now. And identity verification is the foundation of this entire new economy. An Agent without identity is like a traveler without a passport — it can't go anywhere. Every protocol covered in this article has public technical documentation. If you want to dive deeper: *Originally published at Judy AI Lab. Visit for more articles on AI engineering and development.*