In 1993, Peter Steiner published a cartoon in The New Yorker that captured a generation’s anxiety about the internet in a single line. A dog sits at a computer keyboard. The caption reads: “On the internet, nobody knows you’re a dog.”

Thirty years later, the joke has a new punchline. The dog has an agent now. And the agent is doing the shopping.

This is not a hypothetical. From January to August 2025, HUMAN Security tracked a 1,300% increase in agentic traffic (AI systems acting autonomously on behalf of users). McKinsey projects that AI-driven agents could influence $2 trillion in annual global e-commerce spend by 2030, with 20–30% of purchases agent-assisted within five years. The agentic web is arriving faster than most businesses are ready to handle it.

Which raises a question that sounds simple but isn’t: when an AI agent shows up to buy something on your behalf, how does the merchant know who sent it? How do they know you’re really a student, a veteran, a nurse — or even a real human at all?

The internet has always been missing something fundamental: a trustworthy identity layer. And agentic AI is about to make that absence impossible to ignore.

The Web Was Built on Guesswork

For most of the internet era, identity was something brands estimated rather than knew. Device IDs, cookies, email hashes, behavioral signals, lookalike models — all of it was probabilistic. A sophisticated bet, not a verified fact.

“This browser is probably the same household as yesterday. This email is likely tied to this demographic. This user might be a student based on behavioral patterns.”

Humans tolerated the ambiguity because they were making the final calls. Bots were manageable nuisances. High-stakes decisions like KYC at the bank or checkout with a credit card were isolated checkpoints that could demand harder proof. Everywhere else, “good enough” was fine.

The distinction worth holding onto: soft identity served discovery and personalization. Hard identity served transactions and compliance. They existed in separate lanes, bridged at the critical moment by a human. A person showed up at checkout, confirmed a card, clicked buy. That human moment was the gate.

AI agents eliminate that gate in the experience flow. When an agent discovers a product, applies a discount, and executes a purchase in a single automated flow, there’s no human moment where authorization transfers. The agent has to carry proof of who it’s acting for, and what that person is eligible for, from the beginning of the session through to execution. Hard identity doesn’t just serve the transaction anymore. It has to travel.

The Cold Start Nobody Solved

The optimistic case for internet identity has existed for decades. Researchers, standards bodies, and startups — including one I co-founded called Hellō Cooperative — have been building toward what Kim Cameron called the “Laws of Identity”: user control, minimal disclosure, interoperability, privacy, verifiability. The goal is giving users true control over their own digital identity or self-sovereign identity.

The vision is compelling. Instead of proving who you are to every service, you hold portable, verifiable credentials in a digital wallet. A cryptographically signed claim that you’re over 21. That you’re a licensed nurse. That you’re a current university student. You prove it once. You use it everywhere. The issuer (your university, your state DMV, your employer) vouches for the truth. The merchant verifies the claim without ever seeing the underlying data.

It’s elegant. And for nearly a decade, it hasn’t worked at scale.

The reason is structural: a three-way cold start problem. If relying parties (merchants, governments, apps) don’t accept portable credentials, users have no reason to create them. If users don’t hold them, issuers (universities, employers, agencies) have no reason to produce them. If issuers don’t produce them, relying parties have nothing to accept. The triangle stays frozen.

Verifiable Credentials — the W3C standard that captures this vision most completely — have been stuck in this chicken-and-egg loop for the better part of a decade. Impressive architecture. Thin adoption.

Hellō tried to break the cold start by making identity integration trivially easy for greenfield developers. The theory: make the on-ramp frictionless, a few breakout apps scale, users follow, issuers join, flywheel goes. Sound logic, long road: you’re betting new apps reach critical mass before incumbents absorb your tools as a feature. Hellō has since pivoted toward enterprise SSO and agentic coding infrastructure. The cold start lesson: abstract infrastructure needs a high-urgency use case pulling it forward. Technical elegance isn’t enough.

The agentic web may finally be that use case. The identity challenge isn’t just proving who the human is. It’s proving who the agent is. A spoofed shopping agent that intercepts a transaction mandate is indistinguishable from a legitimate one unless agents carry their own verifiable credentials. If human identity verification is unsolved, agent identity verification is that problem layered on top of it. The cold start needs to thaw twice.

But something is shifting.

The AP2 Moment

In 2025, Google announced the Agent Payments Protocol — AP2. It’s a technical specification for AI agents to conduct commerce, built as an open extension of the A2A and MCP protocols, with more than 100 organizations signed on, including Visa, Mastercard, PayPal, and American Express.

The central innovation is what Google calls Mandates: tamper-proof, cryptographically-signed digital credentials that serve as verifiable proof of a user’s instructions to their agent. “Buy this. For this price. Only if I’m authenticated as eligible for this discount.” AP2 defines three mandate types: the Intent Mandate (delegated authority for future autonomous purchases), the Cart Mandate (explicit user approval of a specific transaction), and the Payment Mandate (a credential shared with the payment network to signal agent involvement and human-presence status, which is the link between the identity layer and the payment rails where Visa and Mastercard’s participation becomes meaningful). These credentials use cryptographic design philosophy similar to W3C Verifiable Credentials, though AP2’s Verifiable Digital Credentials (VDCs) are their own artifact type; harmonization with the broader open VC ecosystem is underway but not yet complete.

This matters because it may represent the first major use case where cryptographically-verifiable identity is not optional, but essential. Agentic commerce may finally be the forcing function that breaks the cold start.

AP2 doesn’t stand alone. The OpenID Foundation’s OID4VP 1.0, finalized in late 2025, is the complementary piece: where AP2 defines how agents carry and present payment credentials, OID4VP 1.0 is the first standardized, implementation-ready protocol for presenting verifiable credentials of any kind online. Together they form something close to a full stack for verified agentic commerce. And the regulatory environment is catching up. The EU’s eIDAS 2.0 gives every member state a hard December 2026 deadline to deploy a European Digital Identity Wallet, with financial institutions required to accept EUDI credentials for strong customer authentication by December 2027. India’s Aadhaar and Brazil’s CPF/Pix have already fused identity and payments in ways the U.S. never attempted. Thirty-eight jurisdictions have selected these open standards. The pieces are moving, and in Europe they are now moving on a legal deadline.

The question is who controls the rails they run on — and how hard regulators push back on the fraud and synthetic identity explosion that agentic traffic will inevitably accelerate.

Whether AP2 delivers on its open-protocol promise depends less on the spec than on who controls the trust infrastructure around it. The four scenarios below explore that question directly.

Four Futures — A Scenario Framework

No single actor decides the outcome here. What emerges will depend on the interplay of two powerful, cross-cutting uncertainties:

Control: Who owns the identity rails? Closed, platform-controlled ecosystems (Google, Apple, Meta), or open, interoperable standards where any issuer, any wallet, any merchant can plug in?

Clampdown: How hard does society respond to AI-driven fraud? Coordinated, stringent regulation, or a muddled, fragmented non-response that lets fraud scale faster than any defense can follow?

These two axes produce four distinct futures. The graphic below maps them.

🏰 Scenario 1: Walled Wallets

PLATFORM RAILS + HARD REGULATORY CLAMPDOWN

Sarah wants a student discount. Her AI shopping agent, locked into Google’s identity ecosystem, presents a university-issued credential from her Google Wallet. One biometric confirmation, and she’s verified across every merchant that accepts Google’s identity layer.

The most likely near-term path: clean, fast, and safe — inside the dominant ecosystem. AP2 is an open spec, but open protocols can be functionally captured. AP2’s current trust model relies on curated allow-lists: decentralized registries where each participant manually decides which credential providers it trusts. Google controls AP2’s reference implementation, Gemini (the dominant shopping agent), the Android wallet, and the credential provider infrastructure. If adoption accelerates before a more open governance model matures, the protocol’s openness stays theoretical and the market slides here regardless of what the spec says. AP2 reaching the Claim Commons requires governance bodies, not just code.

Identity becomes another axis of platform lock-in. Smaller issuers (community colleges, regional employers, niche credential bodies) struggle to plug in. And who audits the gatekeepers? When Google (or Apple, or Meta) decides which credentials count and which issuers are recognized, they’re not just a technology company. They’re an identity authority.

🌐 Scenario 2: The Claim Commons

OPEN STANDARDS + HARD REGULATORY CLAMPDOWN

Raj holds an open, portable wallet on his phone. Verifiable credentials from his university, his state DMV, and his employer, issued by each institution and not owned by any platform. His agent uses whichever credential the merchant requires, verified against global, transparent standards.

The best outcome — and more technically achievable than ever. OID4VP 1.0 (finalized late 2025) provides the first standardized protocol for presenting verifiable credentials online; 38 jurisdictions have selected these open standards. The protocol stack exists. Governance remains the hard problem: who decides which issuers are trusted? Who resolves disputes?

History argues for this path. The strongest economic flywheels sit on open rails — email, DNS, TCP/IP, the web itself. Open identity infrastructure levels the playing field for every issuer, merchant, and consumer regardless of platform. If we want a thriving global marketplace of AI-mediated commerce, we should want the Claim Commons. The question is whether we’ll build it — or let it get captured.

❄️ Scenario 3: Fraud Winter

PLATFORM RAILS + MUDDLED GOVERNANCE

WORST OUTCOME

Maria’s agent hits a wall at every merchant. No shared standards, no reusable credentials — each platform runs its own KYC, its own selfie check. Every session starts over. Conversion tanks. Maria abandons the cart.

Meanwhile fraud scales faster than the walls. McKinsey projects AI-driven synthetic identity fraud could increase 3–5× in a fragmented environment. Baroque verification rituals punish real customers while bad actors route around them: maximum friction for the honest, maximum opportunity for the dishonest.

🧩 Scenario 4: Patchwork World

OPEN RAILS + MUDDLED GOVERNANCE

Chris’s agent carries five wallets and speaks six credential formats. Sometimes his discount works; sometimes he’s denied with no explanation. Open without governance: freedom without trust. The rails exist but nobody agrees on the rules. No universal layer emerges. This is the most likely default if nothing changes — the status quo at AI scale.

What This Means for Commerce — and for People

These aren’t just four versions of a technical spec. They’re four different distributions of power, privacy, and opportunity.

In Walled Wallets, the platform decides who you are. In Fraud Winter, nobody decides and everyone pays. In Patchwork World, you juggle the chaos yourself. In the Claim Commons, you hold the truth about yourself, portable and yours.

The stakes look different depending on where you sit. At the bottom of the global economic pyramid, the inability to prove your identity isn’t an inconvenience — it’s a barrier to healthcare, financial services, and the AI-era social safety net. Many in Silicon Valley advocate for universal basic income as AI displaces workers; a UBI that can’t reliably reach the people who need it most isn’t a solution, it’s a design flaw. Closer to home, millions of students, veterans, healthcare workers, first responders, and public servants can’t reliably use AI agents to prove what they are online — denied discounts they’ve earned, subjected to verification rituals that assume fraud, their credentials stranded in wallets or databases that their agents can’t access. And between those two poles sit hundreds of use cases where portable, verifiable identity would unlock access, reduce friction, and let people’s agents represent them accurately: professional licensing, affinity group pricing, cross-border credentialing, and more. The Claim Commons isn’t an abstraction. It’s the infrastructure of inclusion.

The agentic web, for all its disruption, may become the forcing function that identity optimists have long desired. Agents need to prove things programmatically. That demand may finally make the build-out of verifiable, portable credentials worth the investment — for issuers, for merchants, for regulators, and for users.

The scenario we land in depends on choices that are being made right now: in standards bodies, in platform product roadmaps, in regulatory frameworks being drafted in Brussels, Washington, and Delhi. Those choices will determine whether identity in the agentic web becomes a foundation of trust or a new axis of control.

Gradually, we accumulate a set of verified truths about billions of people. That becomes a network. Networks shape markets. And the rules of that network will determine what kind of digital society we get.

The Open Questions Worth Watching

Five questions worth tracking closely as this plays out:

Does identity become the primary interface between humans and AI? The credential you present to your agent may matter more than the platform you’re on.

Does eligibility get standardized like payment? We have Visa and Mastercard for money. Could a similar network emerge for verified claims?

Do AI agents become identity routers? As agents develop preferences for credential formats and trusted issuers, they may drive adoption of standards faster than any regulation could.

Can agents prove their own identity — not just the human’s? The harder emerging problem may not be verifying the human behind an agent, but verifying the agent itself. A spoofed shopping agent that intercepts your mandate is indistinguishable from a legitimate one unless agents carry their own verifiable credentials. Agent identity is the next frontier.

Who decides which issuers are trusted to say what? Issuer reputation is about to become either a public good or a private moat. Which one it becomes is a governance question masquerading as a technical one.

If you’re building or investing in the identity space, what scenario do you see playing out? I hope this framework helps identify how to bend development towards a Claim Commons, making digital identity and prosperity more accessible for every human (and their agent).

—
Dan Grimm writes AI for Human Flourishing — a weekly Substack on what it means to build AI that serves people, not the other way around. He previously led new product development at AT&T, built SAFR by RealNetworks, and co-founded Hellō Cooperative, an attempt to build the internet’s missing identity layer.