When you wake up in the morning, your AI agent has already price-compared and bought your coffee, reserved a dinner table, and even snagged tickets to a popular show. But this convenience brings up a pressing question: how can websites be sure the "person" making these transactions actually exists, and isn’t just a malicious script buying in bulk?
In March 2026, the identity project World (formerly Worldcoin), co-founded by Sam Altman, joined forces with Coinbase to deliver an answer: AgentKit. This developer toolkit allows AI agents to carry human identity credentials based on zero-knowledge proofs, deeply integrated with the x402 micropayment protocol co-developed by Coinbase and Cloudflare. This isn’t just a technical release—it could mark a structural shift for the AI economy, moving from "anonymous traffic" to "trusted participants."
What Structural Changes Are Happening Now?
AI agents are evolving from "conversational tools" into "autonomous economic actors." According to forecasts from McKinsey and Bain, by 2030, the global agentic commerce market could reach $3–5 trillion, with AI agents potentially handling up to 25% of U.S. e-commerce transactions.
However, today’s internet infrastructure isn’t prepared for this shift. Currently, all automated traffic is flagged as "suspicious" by default. While this defense works against malicious bots, it fails when large numbers of legitimate, user-driven AI agents arrive—systems can’t distinguish between "good bots" and "bad bots." As a result, agents genuinely serving users are often blocked, while attackers can still bypass defenses through distributed tactics.
Tiago Sada, Chief Product Officer of Tools for Humanity and World co-founder, points out that the core issue is the lack of a cryptographic signal that lets AI agents prove, "I am authorized by a real human." AgentKit was created to fill this structural gap.
What Drives This Mechanism?
AgentKit’s operational logic breaks down into three layers: identity, authorization, and payments.
The identity layer is built on World ID. Users complete an iris scan with World’s Orb device to obtain a verified, unique human identity credential. As of now, World has about 18 million verified users across more than 160 countries and regions.
The authorization layer uses zero-knowledge proofs. Users can "delegate" their World ID to multiple AI agents. When these agents interact with websites, they generate cryptographic proofs to show they are acting on behalf of a unique, verified human—without revealing any personal information. This creates a "privacy-preserving, verifiable identity delegation" mechanism.
The payment layer is powered by the x402 protocol, jointly developed by Coinbase and Cloudflare, which has already processed over 100 million transactions. x402 enables AI agents to make stablecoin micropayments autonomously. When an agent requests access to a website resource, the site can require "a small payment, proof of human identity, or both."
Together, these three layers form a comprehensive "trust stack": payments address economic friction, and identity establishes the source of trust.
What Are the Trade-Offs of This Structure?
Every technical architecture involves trade-offs. While AgentKit solves the identity challenge for AI agents, it also introduces new structural costs.
The most direct cost is the verification barrier. Currently, AgentKit requires users to complete an Orb iris scan to obtain a delegable World ID. This reliance on physical hardware limits scalability and raises concerns about biometric data collection. Although World plans to support more credential types in the future, such as NFC passports, "eye scans" remain a mandatory entry point for now.
The second cost is platform dependency risk. If a significant share of AI agent commerce relies on World ID for identity verification, the Web3 space could see the rise of a new "identity layer monopoly." While World ID is designed as a decentralized proof-of-personhood protocol, in practice, a single entity’s control over the identity graph still poses a potential centralization risk.
The third cost is the tension between privacy and traceability. Zero-knowledge proofs protect user privacy, but they also make it difficult for platforms to trace malicious behavior. If an agent delegated by a user acts maliciously, the platform can only know "a unique human" is behind it, not the specific individual. This design protects privacy but complicates governance.
What Does This Mean for Crypto and Web3?
The launch of AgentKit could accelerate the crypto industry’s shift from "asset financialization" to "identity infrastructure."
In recent years, crypto’s core narrative has centered on asset issuance and trading. AgentKit, however, represents a different path: using blockchain as the trust layer for the machine economy. The combination of x402’s micropayment capabilities and World ID’s proof-of-personhood forms the foundation for AI agents to participate autonomously in commercial activity.
This signals several shifts for Web3:
First, stablecoin use cases will expand from "human transactions" to "machine transactions." The x402 protocol, championed by Coinbase, essentially embeds stablecoin payments at the HTTP layer, making economic interactions between agents a native feature. If Brian Armstrong’s prediction that "AI agent transaction volume will surpass human volume" comes true, stablecoin circulation and transaction frequency could grow exponentially.
Second, the identity sector will evolve from "KYC tools" to "gateways for the AI economy." Traditional decentralized identity projects have focused on compliance, but AgentKit demonstrates a new scenario: identity is not just about proving "who you are," but proving "you are human." In a network flooded with AI agents, "human uniqueness" itself becomes a scarce resource.
Third, the convergence of Web3 infrastructure and AI agents could spark new business models. For example, ticketing platforms can use World ID verification to ensure each person can only buy one ticket, no matter how many agents they deploy. Content platforms can calculate ad revenue based on "unique human visitors" rather than "IP clicks." These scenarios are hard to realize with traditional internet architecture but become feasible with crypto-native identity protocols.
How Might This Evolve?
Based on current information, several possible development paths for AgentKit and the AI agent economy can be projected.
Short-term (1–2 years): AgentKit remains in beta, with a focus on building the developer ecosystem. World plans to release a more robust AgentKit in the next protocol upgrade. The key question is how many mainstream e-commerce and content platforms will adopt x402 and World ID verification. Without real use cases, the value of the identity layer will be hard to unlock.
Medium-term (3–5 years): An "identity aggregation layer" may emerge. Users won’t want to maintain a separate agent for every application—they’ll want agents to switch seamlessly across platforms. This requires a cross-platform identity delegation standard. If World ID becomes the de facto standard, its network effects will be formidable; otherwise, multiple identity protocols may coexist, with aggregators managing credentials for users across contexts.
Long-term (5–10 years): AI agents could evolve from "user-delegated tools" to "semi-autonomous economic entities." At that stage, identity verification will become more complex: an agent might have its own "reputation" and "assets," but the ultimate beneficiary or controller will still be a human. "Proof of personhood" will be embedded in the foundation of the machine economy, much like TCP/IP underpins the internet.
Potential Risks to Watch
Any outlook on new technology must include risk awareness. AgentKit and its approach to AI agent identity verification face at least the following risks:
Technical risks: The efficiency of zero-knowledge proof generation and verification, cross-chain interoperability, and private key management complexity could all bottleneck large-scale adoption. High verification latency would directly impact user experience for AI agents.
Governance risks: World ID’s core verification still depends on centralized hardware (the Orb). While more verification methods are planned, the interim management framework, user appeals process, and error correction procedures have yet to be tested at scale.
Economic risks: The x402 protocol’s micropayments rely on stablecoins. If the underlying blockchain network becomes congested or fees spike, this could undermine agent transaction viability. Additionally, large-scale automated agent trading could introduce new forms of market manipulation, such as coordinated pricing or order sniping by multiple agents.
Privacy risks: While zero-knowledge proofs protect specific identity information, user behavior patterns could still be analyzed in aggregate. If a user delegates multiple agents for different tasks, and those agents’ activities can be linked, it might theoretically be possible to infer the user’s identity. Balancing "verifiability" and "untraceability" will remain a persistent challenge.
Conclusion
The introduction of World ID and AgentKit provides a "proof of personhood" solution for the AI agent economy. By combining zero-knowledge proof-based identity delegation with the x402 protocol’s micropayment capabilities, this tech stack aims to transform AI agents from "automated traffic websites block by default" into "verifiable, trustworthy economic participants."
Behind the $3–5 trillion market projections, the real challenge isn’t technical—it’s whether people are ready to accept an internet where agents and humans coexist. In this vision of the future, identity is no longer just about proving "who you are," but "that you are human"—and which agents you’ve authorized to act on your behalf.
For the crypto industry, this could represent a more fundamental and lasting opportunity than asset issuance: becoming the identity and payment infrastructure for the AI economy.
FAQ
Q1: What is AgentKit? How does it relate to World ID?
A: AgentKit is a developer toolkit launched by World that allows users verified with World ID to "delegate" their proof of identity to AI agents. When these AI agents interact with websites, they can present cryptographic proof that they are authorized by a unique, real human—without revealing personal information.
Q2: What role does the x402 protocol play in AgentKit?
A: x402 is a micropayment protocol developed by Coinbase and Cloudflare that enables AI agents to make automated stablecoin payments. Integrated with AgentKit, x402 offers websites two verification options: the agent can either pay a small fee, present proof of human identity, or both—filtering malicious traffic through both "economic" and "identity" thresholds.
Q3: Do users have to scan their eyes with the Orb to use AgentKit?
A: The current beta does require users to have a World ID verified by the Orb. However, World has announced plans to support more credential types in the future, including NFC passports, so users will eventually be able to prove "unique human identity" without an eye scan.
Q4: How does AgentKit prevent a single user from running a large number of malicious agents?
A: AgentKit is designed so platforms can "count by person" rather than "by agent." No matter how many AI agents a user runs, the platform can tell they all correspond to the same unique human. This allows for restrictions like "one free trial per person" or "daily purchase limits per person," fundamentally curbing mass ticket scalping or fake orders by bots.
Q5: How many users can access this feature now?
A: As of March 2026, World has over 18 million verified users across more than 160 countries and regions. AgentKit is currently available to developers in beta, and these users’ agents are expected to gradually join the ecosystem.
Q6: Does AgentKit collect users’ personal data?
A: No. AgentKit uses zero-knowledge proof technology, so platforms can only verify "this is an agent authorized by a unique human," without accessing specific personal information (like name, email, or transaction history). This design maximizes privacy while ensuring verifiability.
