The Rise of Identity-Verified AI Agents, And the New QA Reality

For a long time, we spoke about “AI agents” like they were a future concept, something that might eventually book flights, run workflows, or make payments on our behalf.

, Delivery Excellence Practitioner, Testlio

But 2025 changed that. This was the first year I saw identity providers, payment networks, banks, and enterprise platforms actually ship the foundations for agent-driven transactions in the real world.

Below is a breakdown of what is happening right now and the uncomfortable shift we need to prepare for in AI QA.

Agents Now Have Identity

KYA + Digital Agent Passport (DAP)

Trulioo publicly introduced Know Your Agent (KYA) in collaboration with PayOS, describing it as an identity and trust framework for AI agents.

KYA uses a Digital Agent Passport (DAP), described as a lightweight, tamper-resistant identity token that ties together:

  • Verification of the business behind the agent (via KYB)
  • Code fingerprinting of the agent’s build
  • User permission and consent rules (e.g., spend limits, allowed actions)
  • Bindings to payment workflows
  • A cryptographically signed identity document that the agent presents when acting

Worldpay has publicly announced it will use KYA to help merchants verify AI agents at checkout.

This is the first time we have seen a complete identity + trust + audit model built specifically for agents. The message is clear: any agent acting in the world must be verifiable.

Okta for AI Agents + Cross App Access (XAA)

Okta also publicly launched its model for agent identity:

  • “Okta for AI Agents” treats AI agents as first-class identities, similar to employees or service accounts
  • They support provisioning, authentication, authorization, and risk-based access policies for agents
  • Okta introduced Cross App Access (XAA), an extension to OAuth/OIDC that lets agents (called “requesting apps”) securely access other applications (“resource apps”) with auditability and clear governance

This means that agent identity will soon be governed similarly to human identity, with permission scopes, revocation, and access boundaries that QA must actively test.

Payments Quietly Entered the Agent Era

This is the part that surprised me most.

Stripe, PayPal, Visa, and Mastercard have all already shipped or piloted real agent-driven payment mechanisms.

Agent Payments Protocol (AP2)

AP2 is an open protocol developed with CSA participation. It uses W3C Verifiable Credentials to define “Mandates” – structured authorizations describing:

  • Spending limits
  • Merchant categories
  • Time windows
  • Recurrence
  • Delegated authority

AP2’s goal is to make agent-initiated payments auditable, verifiable, and policy-constrained.

Stripe + OpenAI: Agentic Commerce Protocol (ACP)

In September 2025, Stripe and OpenAI jointly announced Agentic Commerce Protocol (ACP).

ACP powers Instant Checkout in ChatGPT, where:

  • US ChatGPT users can purchase from US Etsy merchants
  • Shopify merchants are “coming soon”

Stripe handles payment authentication, fraud controls, and merchant routing behind ACP.

This is a large-scale example of AI agents completing real purchases inside a conversational interface.

PayPal Joins ACP

On October 28, 2025, PayPal announced that it will adopt the open Agentic Commerce Protocol (ACP) to power payments and commerce in ChatGPT, allowing ChatGPT users to check out instantly with PayPal while using PayPal’s wallet, funding options, and buyer and seller protections for agent-initiated purchases.

Visa – Trusted Agent Protocol (TAP)

Visa announced Trusted Agent Protocol (TAP) in October 2025. TAP enables merchants to distinguish trusted AI agents from bots by using verifiable signatures and identity signals. Visa publicly stated that TAP is being piloted with partners like Cloudflare and Nuvei. Visa’s framing indicates they expect agents to become normal actors at checkout and are preparing the ecosystem now.

Mastercard – Agent Pay

Mastercard launched Agent Pay in April 2025. It includes an Agent Pay Acceptance Framework and has announced collaborations with partners, including:

Agent Pay is already in pilot environments. Mastercard is openly preparing for agents to behave like cardholders: with identity, permission scopes, and network policies.

Governance is becoming the Real Backbone of Agent Systems

The regulatory landscape has matured quickly: NIST’s AI Risk Management Framework emphasizes human oversight, transparency, robustness, and continuous monitoring; ISO/IEC 42001 introduces the first formal AI Management System standard with requirements for lifecycle governance, documentation, and risk controls; and the EU AI Act sets explicit obligations for logging, traceability, human-in-the-loop controls, and ongoing behavioural monitoring for high-risk AI systems.

These rules were not written with agents in mind, but they apply directly the moment an agent touches payments, eligibility, onboarding, fraud checks, or any sensitive decision-making. When you combine these regulatory expectations with industry frameworks such as KYA, AP2, and Okta XAA, a clear pattern emerges: agents must be identifiable, accountable, continuously monitored, and bounded by enforceable permissions.

The Implications for QA

This new agent world dramatically expands the QA surface. We have to verify whether agents actually respect their Mandates under AP2, whether every high-impact action is tied to a valid identity, and whether cross-app permissions are being honoured instead of quietly bypassed. We need to check that memory does not reuse expired consent, that planning logic does not sneak around human-in-the-loop rules, that revocation truly stops an agent in real time, and that any drift in identity or code fingerprint triggers the right blocks. We are now testing digital actors that carry identity, authority, and the power to cause real-world impact if we get it wrong.

Final Thoughts

Looking back at 2025, it’s hard to pretend that agents are just another UX layer on top of LLMs. This was the year identity providers, payment networks, and enterprise platforms started wiring in real support for agents.

From a QA standpoint, that quietly raises the bar. The moment an agent carries a verifiable identity, operates under a mandate, or triggers a payment, we are testing something much closer to a digital actor inside a regulated ecosystem. That actor can now be tied to a business, a code fingerprint, a consent record, and a transaction trail, and if anything goes wrong, there will be an audit trail and someone asking, “Who tested this, and how?”

The governance side is moving in parallel. Frameworks like NIST AI RMF and ISO/IEC 42001, plus laws like the EU AI Act and emerging US state rules, all point in the same direction: traceability, human oversight, risk management, logging, and continuous monitoring are not optional. When you overlay that with KYA, AP2, XAA, and the payment protocols, you can see the picture forming: agents will need to be identifiable, permissioned, monitored, and stoppable. That’s the environment QA is walking into.

For me, the big mindset shift is that we are helping decide whether these systems are safe to delegate real authority to. That means designing tests that probe how agents behave under ambiguity, how they handle consent expiry and revocation, how they act when mandates are tight or incomplete, and how they respond when governance rules and real-world pressure collide. 

If there’s one thing I am taking forward from 2025, it’s that agents change the definition of “done” for QA. A green test run or a nice accuracy score is not enough when the system can move money or act on someone’s behalf. “Done” now has to include: we know who this agent is, we know what it’s allowed to do, we have to test those boundaries, and we have to show evidence to prove it. The teams that adapt to that reality early will be the ones who can ship agentic systems with confidence.