‍

150 million machine-to-machine payments processed. 30,000+ on-chain agent identities minted. Visa's Trusted Agent Protocol live with hundreds of agent-initiated transactions. Mastercard Agent Pay rolled out to all US cardholders. Stripe launching machine payments, letting developers directly charge agents via the PaymentIntents API with x402 and USDC on Base, alongside conventional subscriptions and invoices. By every measure, the agentic economy's payment layer is working.

‍

And yet, 88% of organizations have already experienced confirmed or suspected AI agent security incidents. Confidence in fully autonomous agents has dropped from 43% to 22% between 2024 and 2025. Only 21.9% of organizations treat agents as independent identity-bearing entities. 45.6% still authenticate agents with shared API keys. There are now over 3 million AI agents operating within corporations, nearly half running without any oversight or security.

‍

In our previous analysis, we established a fundamental thesis: AI Agents will soon become the primary means through which humans interact with the market. We showed how X402 solves the payment layer and mapped the full agentic commerce lifecycle across three stages: Discovery & Reputation, Transaction & Delivery, and Personalization & Retention. We noted then that X402 has solved how agents pay, but not yet what they pay for or why.

‍

This article explores those critical missing layers: how agents find services and other agents (Discoverability) and why agents trust other agents and services (Reputation). These are the prerequisites that make everything else (payments, commerce, autonomy) actually work.

‍

The Transition Is Already Underway

‍

The shift from human web to agentic commerce is no longer theoretical; it is measurable. According to the 2025 Imperva Bad Bot Report, automated bot traffic surpassed human-generated traffic for the first time in a decade, constituting 51% of all web traffic in 2024. Cloudflare reports AI "user action" crawling increased by over 15x in 2025, with Retail and Computer Software attracting over 40% of all AI crawler traffic. AI traffic to US retail sites alone increased 4,700% year-over-year.

‍

Agents don't browse. They query. An agent finding a sustainable hotel doesn't scroll through ads or read landing pages; it calls an API. The strategies that defined the last decade (SEO, visual advertising, "sticky" apps) are designed to capture human attention. They are irrelevant to a machine optimizing for logic, latency, and utility.

‍

This is why the current internet is fighting back. AI crawlers are the most frequently fully disallowed user agents found in robots.txt files. 60% of reputable news and content sites now explicitly block at least one AI crawler, up from 23% in late 2023. The reason is structural: agents bypass the revenue streams of content creators by extracting data from ad-supported websites and passing value directly to end users. Blocking bots is a rational short-term response, but it's a losing strategy. Many AI bots simply ignore robots.txt directives, and the CDN/WAF blocking solutions that cybersecurity firms offer cannot distinguish between a customer's buying agent and a competitor's scraping bot. Blocking an IP now means blocking potential revenue.

‍

This tension (businesses need agent traffic but can't trust it) is precisely what creates the demand for discovery and identity infrastructure. The question is no longer whether agents will become the primary interface between users and the market. It's whether the infrastructure will exist for that transition to happen safely. We break the problem into three distinct functions.

‍

‍

1. The Capability Market (Finding Function)

‍

The Problem: "I need running shoes under $150." Agents are currently blind to the executable tools and services of others. They cannot distinguish between a marketing page and a live API endpoint that actually sells shoes. Without structured registries, discovery relies on keyword matching across messy HTML filled with navigation menus, ads, JavaScript, and CSS, and converting complex web pages into clean text wastes valuable tokens on non-content elements. A typical blog post costs 16,000 tokens in HTML but just 3,000 in markdown, an 80% reduction. That conversion step wastes computation, adds cost, and may not reflect how the content creator intended their content to be consumed.

‍

The Solution: Semantic Discovery. Moving from keyword matching to functional registries where agents and services broadcast capabilities (e.g., "I accept PDF, return JSON, cost 0.01 ETH") and negotiate execution. This can be approached from multiple directions:

• Serve content in agent-native formats. Rather than forcing agents to parse HTML, serve them structured content directly. Cloudflare's Markdown for Agents, announced this month, does exactly this: any website on Cloudflare's network can now automatically convert HTML to markdown at the edge when an AI agent requests it via content negotiation headers. Agents like Claude Code and OpenCode already send these headers. Combined with Cloudflare's Content Signals framework (which lets publishers specify how their content can be used by AI), this represents the infrastructure layer adapting in real time to serve agent traffic. The Parallel Search API takes a different approach, optimizing context and tokens for models to reason over rather than ranking URLs.
  
  
• Optimize websites to serve agents. Clean, semantic HTML with proper structure, FAQ formats, descriptive alt text, and real customer language that AI tools actually cite.
  
  
• New open-source standards suited for agents. For AI agents to reach full potential, developers need trustworthy infrastructure and universally adopted standards. The landscape is evolving rapidly across three functional layers, from passive knowledge files that help agents understand context, to permission frameworks that govern access, to active connectivity protocols that enable real-time interaction:
  
  

‍

These developments are not isolated. Cloudflare converting HTML to markdown at the edge, Google and Microsoft proposing WebMCP as a W3C standard for browser-native agent tools, Chrome 146 shipping with experimental agent support: the entire web infrastructure stack is retooling for agents simultaneously. Where MCP connects agents to server-side tools and A2A enables agent-to-agent communication, WebMCP completes the triad by making client-side website functionality directly accessible to agents. The emerging mantra: "Build with ADK, equip with MCP, browse with WebMCP, communicate with A2A."

‍

What can be built here: The discovery layer is fragmented, and no single registry has won. We see opportunity in protocol-level registries, curated vertical marketplaces, and intent-matching layers. We explore specific investable opportunities in the thesis section below.

‍

2. The Identity Market (Finding Trust)

‍

The Problem: "I found an agent claiming to be Nike. Is it really Nike?" In an open network, anyone can spin up a "Sales Bot." Without verification, phishing and fraud will destroy commerce before it starts.

‍

If a business cannot distinguish between a "customer's buying agent" and a "competitor's scraping bot," it has to block both, killing the potential for automated revenue. CDN and WAF providers, specialized bot management solutions (DataDome, Imperva), and verification services like CAPTCHA are designed to block malicious bots. But valid agents now run on the same cloud servers (AWS, Vercel) as malicious ones. Blocking an IP now means blocking potential customers.

‍

The Solution: Cryptographic Identity. Agents must prove their identity cryptographically, allowing businesses to open their doors to trusted bots while keeping them locked for bad actors.

‍

The identity problem is crystallizing around a concept Sean Neville (Circle co-founder, CEO of Catena Labs) calls "KYA: Know Your Agent." The analogy to KYC is instantly legible. As a16z crypto argued in their February 2026 thesis "AI Needs Crypto, Especially Now": the bottleneck for the agent economy is shifting from intelligence to identity. In financial services, non-human identities now outnumber human employees 96-to-1, yet these identities remain unbanked ghosts. The machine identity market is projected to grow from $21.4B in 2026 to $60.5B by 2035. The problem is real and the market is massive.

‍

We are seeing the emergence of a three-layer identity stack:

Layer 1: Core Standard. Specifies the authentication method. Defines how an agent generates a key, signs a request, and how that signature is verified. These standards don't say "who" the agent is, only "how" to prove they possess a specific key.

‍

Layer 2: Identity Provider. Links the cryptographic key to a real-world identity (a business, a bank account, an employee). Answers "Who owns this key?"

‍

Layer 3: Verification Service. Reads the signature, checks it against the identity provider's public record, and allows or blocks access, whether at the edge (Cloudflare blocking bad bots before they hit your server) or at the service level.

‍

The following maps the emerging identity stack across these three layers:

‍

The legal risk of operating without robust identity infrastructure is already materializing. Stripe's 2025 acquisition of Bridge, a stablecoin API platform, illustrates the challenge. Bridge's services were reportedly used by entities in sanctioned regions, and while no violations were confirmed, the episode exposed how stablecoin-based payments can create new categories of compliance risk when identity verification is insufficient. Stablecoins move quickly across borders with fewer intermediaries than card or bank-based payments, and transactions on public blockchains can be difficult to block once initiated. As Stripe integrates Bridge into its broader payments platform (including its new machine payments product for agents), this tension between speed and compliance will only intensify. For agent commerce operating at machine speed and scale, identity and reputation infrastructure isn't just a trust problem; it's a legal one.

‍

What can be built here: Identity is the layer where crypto adds clearest value. We believe the KYA stack described above, where agents prove identity cryptographically and verifiers check credentials at the edge, creates a powerful trust primitive absent in Web2. The investable gap is in the verification layer: building the infrastructure that connects on-chain credentials to real-world entity databases at scale.

‍

A wave of startups is already attacking this problem from multiple angles. On the Web2 side: Astrix Security leads in non-human identity security with zero customer churn and clients including Netflix and Figma. Persona is pivoting from human identity verification to AI agent identity. Veza is building identity security specifically for the agentic era. Oasis Security focuses on NHI (non-human identity) management. Defakto addresses the full non-human identity lifecycle. On the crypto-native side: t54 is building a trust infrastructure layer: its Trustline risk engine evaluates transactions using agent-native signals (identity, code audit, behavioral patterns, intent attestation) and its x402-secure SDK adds verified identity to every x402 payment.

‍

Vouched stands out as the early mover in dedicated KYA infrastructure with its Agent Shield (agent detection), Agent Bouncer (MCP-compatible access controls), and KnowThat.ai (agent reputation directory), the industry's first integrated "Know Your Agent" suite. Broader opportunities, including identity aggregation, verifiable delegation, and credential issuance, are explored in the thesis section below.

‍

3. The Performance Market (Finding Reliability)

‍

The Problem: "This agent is Nike, but is it competent?" Identity verification solves authenticity but fails to solve quality. A legitimate agent can still be slow, expensive, or prone to hallucination. If an agent claims "I analyzed 1,000 documents," how do you verify it actually ran the compute? And an agent might be functionally correct but security-fragile: a hacker could trick a banking agent into revealing customer data via prompt injection, even if the agent is verified by Visa.

‍

The Solution: Verifiable Execution, Reputation, and Adversarial Stress Testing.

‍

Verifiable Execution (The Receipt)

If an agent claims "I analyzed 1,000 documents," it can be verified cryptographically.

• TEEs (Trusted Execution Environments): Hardware-based security (AWS Nitro, Intel SGX) where agents run in a "black box" that generates a cryptographic certificate proving: "This specific code ran on this specific data, and nobody tampered with it." Phala Network runs 4,000+ AI Agent Contracts using this approach, with only 5-10% latency overhead.
  
  
• ZKML (Zero-Knowledge Machine Learning): A mathematical proof certifying an output came from a specific model without revealing weights or private data. Lagrange Labs' DeepProve-1 recently achieved the first full ZK proof of GPT-2, running 54-158x faster than prior approaches. Modulus Labs pioneered the field from Stanford, and projects like Brevis are enabling on-chain verifiability through zero-knowledge proofs for broader agent operations.
  
  
• Economic Security (EigenLayer): Rather than cryptographic proofs alone, EigenLayer's restaking model enables every agent operation to be verified through economic security: validators stake real assets backing the correctness of agent outputs. If an agent's claimed results are challenged and found false, validators lose stake. This creates a trust layer that scales with economic incentives rather than computational overhead.
  
  

Immutable Reputation (The Score)

• Protocol-Based Reputation: Protocols like Theoriq use "Proof of Contribution" to track agent performance: agents earn reputation tokens for useful collaboration, and get slashed for failure. ERC-8004's Reputation Registry stores raw performance signals on-chain, with scoring computed off-chain.
  
  
• Attestations (EAS): The Ethereum Attestation Service allows clients to issue on-chain "reviews." After an agent books a flight, the user's wallet signs a "5-Star Review" attestation, a permanent, public track record that cannot be deleted by the agent developer.
  
  

Agent Arenas (The Rank)

• Competitive Proof (Agent Arenas): Platforms like Gorilla LLM's Agent Arena and Gray Swan force agents to compete on specific tasks (e.g., "Book a flight under $300"). The results are ranked on a live leaderboard using Elo ratings, giving buyers an objective way to compare agent capabilities: "Nike Agent" vs. "Adidas Agent." Recall Network takes this further with an on-chain AgentRank staking-based ranking system where a review from a highly-reputed agent carries more weight than one from a new bot, with competitions drawing 110,000+ participants generating 5.88M forecasts. Moltbook experiments with a different signal, social reputation, where agents earn "Karma" through peer interaction, testing reasoning and communication alongside task performance.
  
  
• Simulation-Based Evaluation (The Audit): While arenas test agents against each other, enterprises need to evaluate agents against structured requirements before deployment. Platforms like Galileo AI and Patronus AI provide evaluation infrastructure where agents are tested against synthetic scenarios at scale, measuring hallucination rates, instruction following, safety compliance, and domain accuracy. This is the "unit testing for agents" approach, and it's how most enterprise buyers will practically assess agents before granting them access to production environments.
  
  

What can be built here: The performance layer is the least mature and potentially most valuable market, the equivalent of building "reputation scoring for agents." We see opportunities in reputation aggregation, validation networks, agent insurance, and evaluation infrastructure. Specific investable opportunities are explored in the thesis section below.

‍

The Investment Thesis: Where Value Accrues

‍

The agentic commerce stack is crystallizing with clear protocol winners in some layers (MCP for context, x402 for payments). But discovery, identity, and reputation remain deeply fragmented, representing the largest infrastructure gap and the most compelling investment opportunity.

‍

Several structural dynamics shape our view:

Payments alone don't unlock commerce. X402 provides the rails, Visa TAP and Mastercard Agent Pay are bringing traditional card networks into the agent economy, but merchants won't adopt agent payments without knowing who's on the other side. Discovery, identity, and reputation are the prerequisites that make payment adoption possible.

‍

The trust gap is the binding constraint. Despite 80% of organizations moving past the planning phase into active agent deployment, the majority don't fully trust their own agents. This trust deficit is the single largest barrier to the trillion-dollar agentic commerce opportunity, and it can only be closed with infrastructure, not marketing.

‍

The race is not Web2 vs. Web3. It's composable/permissionless/censorship-resistant vs. compliant/familiar/existing-distribution. The strongest positioned companies bridge both. ERC-8004 was co-authored by Google, Coinbase, MetaMask, and Ethereum Foundation. Skyfire settles in USDC while processing the first Visa-authenticated agent purchases. Kite AI (backed by PayPal) builds cryptographic identity with native stablecoin transactions. These hybrid positions are most defensible.

‍

Protocol-level standards create winner-take-most dynamics. ERC-8004's singleton-per-chain architecture means one registry per network, and the first to achieve critical mass becomes the canonical identity layer. Similarly, reputation aggregators that achieve data network effects (more reviews → better scores → more users → more reviews) will be extremely difficult to displace.

‍

Within the discovery and reputation layer specifically, we believe the most investable opportunities are:

1. Agent Identity Infrastructure. KYA-as-a-Service, credential issuance, and identity aggregation. The companies solving identity for non-human entities, bridging Web Bot Auth (Web2) with ERC-8004 (Web3), are building the foundational layer everything else depends on. A related but distinct opportunity is verifiable delegation: proving not just who an agent is, but who authorized it to act and within what scope. As AI moves from recommendation to execution, systems must verify that a human approved an action before it's carried out. Today, if an agent books a $5,000 flight or signs a contract, there's no standardized way to cryptographically prove a human authorized that specific action. In regulated environments (finance, healthcare, legal), this isn't optional. The opportunity is infrastructure that makes human approvals verifiable across products and workflows, enabling autonomous systems to scale safely without sacrificing accountability. This is where delegation chain infrastructure, intent attestation, and scoped authorization protocols converge.
2. Vertical Discovery Engines, Agent Job Markets, and Agent FinOps. General-purpose discovery will likely be dominated by the major protocol players. But vertical-specific discovery (finding the best DeFi agent, the best legal research agent, the best supply chain agent) requires domain expertise and curated evaluation that general registries cannot provide. This mirrors how the web evolved from general directories (Yahoo) to vertical search (Zillow, Indeed, Booking.com). An adjacent primitive gaining traction is the agent-to-agent job marketplace. Agents don't need 100 skills; they need to know who to hire. The concept: agents post bounties for specialist work, other agents bid and execute, payments settle on-chain, and reputation accrues through completed jobs. Moltlaunch is live on Base with on-chain reviews through ERC-8004. Work402 is building a bounty-based marketplace for agents with USDC settlement. As agent specialization increases, the labor market infrastructure connecting them becomes critical. "AgentFinOps" is also emerging as a distinct category: the financial operations layer for agent fleets (spending controls, budget enforcement, revenue tracking) as enterprises managing dozens of autonomous agents need visibility and control over their spending.
3. Reputation Aggregation and Validation Networks: the "Moody's for Agents." The ratings infrastructure for agents is an enormous opportunity with no clear winner. Recall Network's raise validates the thesis. But today, agent reputation is fragmented: scattered across platform-specific reviews, GitHub stars, and word of mouth. What's missing is a standardized way to answer: "Should I trust this agent with my codebase, customer data, or production environment?" The opportunity is a reputation data layer: verified performance benchmarks, composite trust scores that decay if quality drops, and portable ratings that follow an agent across platforms. This layer doesn't compete with discovery platforms (point 2 above); it powers them. Every discovery engine, job market, and procurement tool needs a reliable signal of agent quality, and that signal doesn't exist yet. The demand is already visible at the top: OpenAI and Paradigm's EVMbench, launched last week, is a scoring framework that benchmarks AI agents on their ability to detect, patch, and exploit smart contract vulnerabilities, producing quantified capability scores.
4. Agent Security, Risk, and Compliance. With the Colorado AI Act taking effect February 2026 and similar legislation advancing in Virginia, Connecticut, and Pennsylvania, compliance-as-a-service for agents is an emerging category. AIUC ($15M seed) is building agent insurance and certification standards. Gray Swan provides adversarial stress testing to enterprises and AI labs including OpenAI and Anthropic. t54's Trustline offers real-time transaction risk scoring with a decentralized Validator Agent Network. These are not optional infrastructure; they are prerequisites for enterprise adoption.
   
   

Conclusion

‍

The agentic economy's infrastructure is being built in real time. X402 solved the payment layer. MCP, A2A, WebMCP, and Cloudflare's Markdown for Agents are solving connectivity and content delivery. But the discovery and reputation layers (how agents find each other, prove who they are, and build trust) remain the critical missing pieces.

‍

We've seen this pattern before. The early web had HTTP but no DNS, no SSL, no PageRank. Payments worked (barely) but discovery, identity, and trust were afterthoughts, until they became billion-dollar infrastructure layers. The agentic economy is at that same inflection point. The difference is that this time, the entire stack is being built in parallel, and the builders who get identity and reputation right won't just capture value; they'll set the terms for how autonomous commerce operates.

‍

In our first article, we wrote that agentic commerce isn't upgrading existing systems; it's building a new system from scratch. Discovery and reputation are the foundation of that new system. Without them, payments are pipes with nothing flowing through them. With them, the trillion-dollar agentic economy becomes possible.

‍

Next, we'll explore the remaining layers: Transaction & Delivery (how agents execute, verify, and settle) and Personalization & Retention (how agents learn, improve, and become irreplaceable). The full stack is being assembled. We'll continue mapping it piece by piece.

‍

Disclosure: LongHash Ventures is an investor in Virtuals Protocol, Theoriq, and works closely with Virtuals Ventures through the LongHashX Accelerator.