The internet is currently undergoing a massive identity crisis. In 2024, bots already accounted for over half of all web traffic. By 2026, with the explosion of autonomous agents capable of booking flights, moving crypto, and managing calendars, that figure has only trended upward.
The problem? Most security infrastructure is still living in 2010. We are still asking sophisticated LLM-driven agents to “click all the squares with traffic lights,” a task they can now do better than most humans.
Today, VeryAI is launching AG9, a new platform that aims to replace the aging CAPTCHA/KYC (Know Your Customer) framework with a new standard: KYA, Know Your Agent, an identity layer for the agentic web
As agents move from chatbots that give advice to autonomous actors that spend money, the lack of a paper trail has become a massive security hole. Currently, a single malicious actor can spin up ten thousand agents to scrape data or overwhelm an API, and there is no cryptographic way to link those agents back to a human.
“KYC answers the question ‘who is this user?’ That’s no longer enough,” says Zach Meltzer, Founder and CEO of VeryAI. “A single person can now deploy thousands of agents acting autonomously with zero accountability. AG9 answers: ‘Who or what is acting right now, and where does the responsibility lie?’”
How it Works: Your Palm is the Key
AG9’s solution is a mix of high-end biometrics and cryptographic passports. Here is the breakdown:
- Hardware-Free Palm Scans: Users scan their palm using a standard smartphone camera through the VeryAI app.
- Cryptographic Binding: That scan creates an unbreakable link between the human and the AI agent. The agent is then issued a signed credential, essentially a digital passport, that it carries across the web.
- Real-time Approval: When an agent attempts a sensitive action (like a $5,000 wire transfer or a high-level API call), the user receives a push notification to authorize the specific action with a quick palm scan.
The tech is designed to be framework-agnostic, meaning it doesn’t matter if you’re building on OpenAI’s Assistants API, ClawdBots, LangChain, or AutoGen. If the platform integrates the AG9 check, it can verify in sub-seconds whether the agent knocking on its door is backed by a verified human or a rogue script.
Preventing the Bad Bot Economy
The stakes are high. According to the 2025 Imperva Bad Bot Report cited by VeryAI, malicious bots now account for 37% of all internet traffic, with nearly half of all advanced attacks targeting APIs specifically.
By providing a machine-readable trust signal, VeryAI is positioning itself as the security layer that allows companies to actually let agents in. Instead of blocking all automated traffic, a SaaS platform or financial institution can whitelist AG9-verified agents, knowing there is a real person liable for the agent’s actions.
Early Traction and Integration
VeryAI isn’t launching into a vacuum. The company already has a roster of partners including crypto heavyweights Moonpay and Crossmint, as well as agent platforms like RentahumanAI and SurfAI.
On the infrastructure side, AG9 is built to play nice with existing standards like Cloudflare Web Bot Auth, ERC-8004 (for on-chain identity), and Auth0.
The long-term play for VeryAI is broader than just agent identity. The company, founded by a team of biometrics and crypto veterans, is pitching a future where “hardware-free” biometrics serve as the primary defense against deepfakes and AI-driven fraud.
In a world where you can no longer trust a face on a Zoom call or a voice on the phone, VeryAI wants the palm of your hand to be the only thing the internet needs to see to know it’s really you, or at least, your authorized representative.
For more information, visit AG9.ai
