VeryAI leverages palm biometrics to bind AI agents to users

A new Know Your Agent (KYA) protocol from VeryAI aims to answer the question of how to govern AI agentic AI. The AG9 palm biometrics platform, says a release, is “designed to solve one of the most pressing infrastructure challenges of the AI era: how to identify, authenticate, and trust AI agents operating autonomously across the web.”

AG9 performs biometric verification to prove a real person owns and authorizes an AI agent. VeryAI scans the user’s palm biometrics, to which their agents can now be cryptographically bound. Agents are registered with a declared identity, owner context, and permitted behavior scope, and each agent receives a signed cryptographic credential, like an agentic passport, which is compatible with leading identity standards.

This, the company says, “combats anonymous agent deployment and Sybil attacks at the root, creating an unbreakable chain of accountability from agent action back to the human owner, even as the agent moves across vendors, services and enterprises.” Platforms can then query in real time whether an agent is owned by a verified human, and get a response in under two seconds.

KYC? More like KYC-ya

Existing tools like CAPTCHA and Cloudflare, designed for human users, are failing to distinguish legitimate agents from malicious bots. And traditional KYC is no longer cutting it.

“KYC answers the question ‘who is this user?’,” says Zach Meltzer, CEO of VeryAI. “That’s no longer enough. A single person can now deploy thousands of agents acting, transacting, and interacting autonomously with zero accountability. The question that platforms need to answer is, ‘Who or what is acting right now, and where does the responsibility lie?’ KYC wasn’t built to answer that. AG9 is.”

AG9 is designed for a single integration into existing infrastructure, with minimal configuration.

“The user opens the VeryAI app, scans the agent’s pairing QR, reviews what the agent is authorized to do, and scans their palm to confirm. The agent is now cryptographically bound to that human,” says VeryAI. Then, “when an agent attempts something sensitive, like a payment, a publish or a transfer, the partner pings AG9. The user receives a push notification to approve the action with a palm scan.”

The product aims to support enterprises deploying internal agent fleets; security and DDoS providers like Cloudflare seeking machine-readable trust signals; API-first platforms looking to authorize legitimate agents while preventing scraping and credential stuffing; LLM framework developers building on LangChain, AutoGen, OpenAI and similar tools; and regulated industries in finance, healthcare, and legal, with strict audit and accountability requirements.

Article Topics

AI agents  |  biometric authentication  |  digital identity  |  identity verification  |  KYA  |  KYC  |  palm biometrics  |  VeryAI