World Expands AgentKit so AI Agents Can Prove a Unique Human Is Behind Them

For thirty years the internet ran on a simple prejudice: humans were welcome and automation was suspect , and the entire apparatus of online trust, from the CAPTCHA to the IP blocklist to the robots.txt file, existed to keep the machines on the other side of the glass. \ That prejudice has now collided with arithmetic. Automated traffic crossed half of all web activity in 2024 for the first time in a decade , bad bots alone account for more than a third of everything moving across the network, and the trend line points in only one direction, which means the web's founding assumption, that a visitor is probably a person, is now false more often than it is true. \ \ This is the backdrop against which World , the proof-of-personhood network co-founded by Sam Altman, Max Novendstern, and Alex Blania, expanded access this week to AgentKit , the framework that lets a verified person hand their World ID to an AI agent and send it out to act on their behalf. The announcement reads like a developer-tooling update, complete with a list of newly supported agents (Claude Code, Codex, Cursor, Hermes, OpenClaw) and a ToolRouter flow that takes a few minutes to wire up. What World is building is not another way to log in. It is a way to make a single human being countable in a world where everything else has become infinitely copyable. \ The Internet's Immune System Is Now Attacking Healthy Cells The problem AgentKit addresses is not that bots exist. It is that the defenses built to stop bad bots cannot tell them apart from good ones, and the category of good ones just exploded into existence. When your agent visits a restaurant page to book a table, or walks a retailer's checkout to buy the thing you asked for, it arrives looking exactly like the scraper hoarding inventory and the script testing stolen cards: automated, fast, and faceless. The site's only learned response is to throw up a wall. That made sense when almost all automation was malicious . It makes no sense now, when the automation might be a paying customer's deputy, and it leaves every platform stuck between blocking the agents that bring revenue and admitting the swarms that strip it. \ The numbers underneath that bind are not subtle. Account-takeover attacks rose forty percent year on year , more than a fifth of bot attacks now hide behind residential proxies that make them look like home broadband, and the cheapening of AI tooling has turned bot-building into something a teenager can do over a weekend. Cloudflare, which sees a meaningful slice of global traffic, now fields more than ten billion AI bot requests a week and expects bot traffic to pass human traffic on its own network by 2027. The old immune system, in other words, is firing constantly and still cannot distinguish friend from pathogen. \ What World Actually Shipped, and What It Quietly Means AgentKit's mechanics are easy to state. A verified user cryptographically delegates their World ID to an agent , the agent carries a zero-knowledge proof that a unique human stands behind it, and a website can demand that proof before letting the agent through, all without ever learning who the human is. Tiago Sada, the chief product officer at Tools for Humanity, describes the arrangement as giving an agent power of attorney , which is the right metaphor: the agent acts independently, but it acts as someone, and that someone can be held to account. \ Underneath sits x402 , the micropayment protocol built with Coinbase and Cloudflare, so that a site can ask an arriving agent for a small payment, a proof of human backing, or both before it opens the door. Erik Reppel, who runs engineering on Coinbase's developer platform and created x402, put the division of labor cleanly: payments are the how of agentic commerce, and identity is the who, and bolting World ID onto x402 is meant to give developers both halves of the handshake in one place. The expansion announced this week widens that handshake, adding delegation integrations with Okta, Shopify, Vercel, Browserbase, and Exa, which is the unglamorous connective work that decides whether a standard gets used or admired. \ The demonstration World ran to prove the thing worked was deliberately small and slightly absurd: a limited drop of 500 "Human in the Loop" hats , available only to verified World ID holders, which agents had to discover, qualify for, navigate to, and buy on their owners' behalf while the platform held a hard limit of one hat per human. Every hat went to a distinct verified person across the United States, Germany, Japan, and the United Kingdom. As theater it is forgettable. As a proof it is the whole argument, because it shows an autonomous agent completing a purchase while a one-per-person rule held against exactly the kind of bulk-buying swarm that breaks every sneaker drop and concert sale, and it held not because the site charged a punitive fee or solved a puzzle, but because it could see that each agent traced back to a different human. \ Everyone Is Building the Same Layer, and Leaving the Same Gap To understand why that matters, look at who else is racing to make agents trustworthy, because the field is crowded and the crowd is bunched. Google's Agent Payments Protocol wraps a purchase in signed mandates that prove a user authorized a specific transaction. Visa's Trusted Agent Protocol and Mastercard's Agent Pay sign the agent's identity into the request so a merchant can confirm it is a registered, approved shopper rather than a scam bot. Cloudflare's Web Bot Auth, the connective tissue beneath the card-network schemes, authenticates that a request came from a known agent using cryptographic signatures instead of spoofable headers. Each of these is real, well-built, and backed by some of the largest names in payments and infrastructure. \ And every one of them answers a question about the transaction or the agent, not about the person. The payment rails confirm that money can move. The bot-auth layer confirms that the agent is registered. The mandate confirms that a human clicked approve. None of them confirms that there is exactly one unique human behind the agent, and that omission is not an oversight, it is by design: the Web Bot Auth working group explicitly placed end-user authentication out of scope , leaving the judgment of who is really there to some other layer. World is volunteering to be that other layer. The Real Product Is Scarcity, Not Identity Here is the insight the tooling language buries, and it is the one worth paying for. World ID's value was never that it knows who you are, because conventional know-your-customer checks already do that and do it with a passport. Its value is that it knows you are exactly one, that you have never verified before and cannot verify twice, and in an economy about to be flooded with agents that cost nothing to spin up by the thousand, the single scarcest object is a unique human. World is not selling identity. It is selling uniqueness, and uniqueness is the only property that makes a one-per-person rule enforceable when the buyers are software. \ Strip the announcement down and this is what is left. A scalper's power has always come from multiplicity, the ability to be a thousand shoppers at once, and every defense against scalping has been a losing attempt to raise the cost of being many: rate limits, puzzles, phone verification, all of which a determined operation simply pays to defeat. Proof of uniqueness inverts the contest. It does not try to make being many expensive. It makes being many impossible, because each agent has to carry a different human behind it, and there are only so many humans. One analyst described the effect precisely, that AgentKit reintroduces scarcity and fairness at the human level while keeping the efficiency of autonomous agents intact. That is the product. The hats were just the proof of concept. \ A Market Worth Trillions, If Anyone Can Agree What It Is The reason this fight is worth having is that the prize is enormous and almost comically ill-defined. McKinsey puts agentic commerce at three to five trillion dollars by 2030 . Bain expects AI agents to drive up to a quarter of US e-commerce in the same window, and reports that thirty to forty-five percent of American consumers already lean on generative AI to research and compare what they buy. Yet the formal estimates range from $144 billion to $9 trillion , a spread of more than sixty times, and that gap is not sloppy forecasting. It is a definition problem: the narrow number counts only checkouts that close inside an AI platform, while the broad one counts every purchase an agent so much as touches. \ \ What decides which number turns out to be real is not model quality or checkout design. It is trust. Juniper Research, surveying the field this spring, named trust the single largest barrier to agentic commerce , ahead of every technical concern, and the logic is plain enough: merchants will not let agents transact freely until they can tell a customer's deputy from a fraud ring's foot soldier, and consumers will not delegate spending to software they cannot trust to be treated as themselves. Whoever supplies the trust that unlocks the larger number captures a structural position in the market it unlocks, which is exactly the real estate World is trying to claim before the card networks and the CDNs finish claiming the rest. \ The Demand Is Not Theoretical, and It Is Not Patient It would be easy to file all of this under speculation if the agents were still a promise, but they are arriving at a pace that makes the trust gap urgent rather than hypothetical. Agents registered to the on-chain ERC-8004 identity standard grew from a few hundred at the start of 2026 to roughly 130,000 within months , a near four-hundred-fold rise, and that is one standard on one substrate. Generative-AI traffic to US retail sites jumped several thousand percent year on year, the x402 rail has already cleared more than a hundred million agent transactions , and the answer engines steering all of it, from Gemini to ChatGPT, count their users in the hundreds of millions. The swarm is not coming. It is here, and every platform it touches has to decide, today, how to tell the helpful deputies from the hostile multitudes. \ The Asset Is the Eighteen Million What gives World a credible claim to this layer, rather than just a clever pitch for it, is the network it spent three controversial years building. Roughly eighteen million people across more than 160 countries now hold a verified World ID, the result of a global rollout of iris-scanning Orbs that no competitor has come close to matching, and that base is already wired into recognizable consumer surfaces, with partnerships spanning Tinder, Zoom, DocuSign, and Ticketmaster and a Visa debit card in the works. AgentKit does not have to build a proof-of-personhood network from scratch, because the network exists, and the genuinely hard part, convincing eighteen million people to prove their uniqueness with their own eyes, is already paid for. AgentKit is the interface that turns that human graph into infrastructure for the agent era. \ \ That is the moat and the bet in one. A payment protocol can be cloned in a quarter and a bot-auth scheme can be standardized by a committee, but a global network of biometrically verified unique humans takes years, hardware, and a tolerance for controversy that few companies possess. If proof of uniqueness becomes a thing the agent economy actually requires, World starts from a lead that is expensive to copy. If it does not, the lead is a stranded asset. \ What Has to Go Right Honest assessment means naming the ways this breaks, and there are several worth taking seriously. \ The first is the Orb itself, which is both the source of World's advantage and its deepest liability. The iris-scanning hardware has been banned, suspended, or investigated across a long list of jurisdictions including Spain, Portugal, Hong Kong, Kenya, Brazil, Germany, South Korea, and India, on privacy grounds that will not evaporate because a developer toolkit shipped on top. AgentKit currently leans on Orb-based verification for its strongest assurance, which means the agent product inherits the regulatory exposure of the most contested piece of biometric infrastructure in consumer technology, and World's plan to broaden into passport credentials lowers the assurance level exactly where uniqueness matters most. \ The second is centralization. Tools for Humanity still controls Orb issuance and much of the stack, and the promise to decentralize sits in the future tense, which is an awkward foundation for a layer whose entire pitch is trust. The third is the chicken-and-egg problem that kills most infrastructure: AgentKit is only valuable if merchants demand proof of uniqueness and agents carry World ID, and today most merchants are integrating Visa, Mastercard, and Cloudflare, none of which require World to function. The fourth is that the standards bodies are converging without World at the center, with the FIDO Alliance, NIST, and the IETF's Web Bot Auth group all building agent-authentication frameworks that could route around proof of personhood entirely, leaving World adjacent to the stack rather than embedded in it. \ And the fifth is the subtle one. A model that binds one human to many agents invites exactly the market it is designed to prevent, because if a verified World ID can be delegated, it can in principle be rented, and a black market in human-backed delegation would reintroduce the Sybil problem through the side door. World's answer is that biometric re-verification and on-device controls make this hard, which is a reasonable claim and not yet a proven one. \ The Bet Strip away the hats and the toolkits and the announcement is a wager about which scarce thing the agent economy will end up paying for. The consensus money is going into the plumbing of payment and authentication, on the theory that the bottleneck is moving dollars and verifying signatures. World is wagering that once agents are everywhere and cost nothing, the bottleneck moves up a level, to the question of whether there is a real and singular person anywhere in the loop, and that the answer to that question becomes the most valuable handshake on the internet. \ It is a contrarian bet, it carries real regulatory and competitive risk, and it rests on a piece of hardware half the world's privacy regulators distrust. But it is also the only bet in the category aimed at the one property that cannot be cloned, spoofed, or scaled, and in an internet that is now majority machine, scarcity of the human may turn out to be the asset everything else is priced against. The test is simple and not far off: either platforms start demanding proof of a unique person before they let an agent transact, or they decide payment and registration are enough and World's eighteen million eyeballs become a beautiful, expensive answer to a question nobody asked. \ Don't forget to like and share the story! :::tip Vested Interest Disclosure: This author is an independent contributor publishing through our brand-as-author program. HackerNoon has reviewed the report for quality, but the claims herein belong to the author. #DYOR. ::: \