Vouched has closed a $17 million Series A led by Spring Rock Ventures to accelerate its Know Your Agent (KYA) platform and the KnowThat.ai Agent Reputation Directory—positioning the company to set trust standards for both autonomous software agents and humans across regulated and high-transaction industries. “We are doubling down on KYA’s vision of trustworthy autonomous agents and scaling our platform to match the pace of a rapidly evolving digital world,” said CEO Peter Horadan.
Enterprises built the last decade of digital growth on Know Your Customer (KYC)—verifying a person before a transaction proceeds. The next decade adds a twist: software agents will increasingly act on a person’s behalf. That shift breaks old assumptions about identity, accountability, and permissions. Vouched’s KYA pushes identity from people to agents: establishing verifiable agent identities, binding them to the humans they represent, and tracking runtime reputation so counterparties can decide what those agents are allowed to do. The company introduced KYA alongside KnowThat.ai, a public Agent Reputation Directory meant to surface identity and behavior signals before agents are permitted to act.
KYA is built around the Model Context Protocol (MCP)—an open standard for connecting AI systems to data and tools—and Vouched’s proposed MCP-Identity (MCP-I) extension, which adds cryptographic identity and delegation so agents can prove who they are, who authorized them, and what they’re allowed to do. In practice, that means an agent presents credentials and delegated rights at the moment of action, and the receiving system can authenticate, authorize, and audit—not unlike how modern API clients are gated, but with user-to-agent links built in.
To make that deployable, Vouched offers developer-friendly infrastructure: a turnkey MCP-Identity server for enterprises that want drop-in agent identity, plus SDKs and APIs to wire verification and permissions into existing stacks. The complementary KnowThat.ai directory provides a shared place to check reputation signals, encouraging an ecosystem where agents arrive with portable, verifiable histories rather than ad-hoc attestations.
The human side of the flow remains critical. Vouched’s core AI-powered ID verification handles document capture, data extraction, and selfie-based liveness, and it recently added web-based verification of Mobile Driver’s Licenses (mDL) via Google Wallet—a no-app path that uses PKI-signed credentials to reduce friction while raising assurance. In environments where mDLs aren’t available, the flow falls back to high-resolution ID capture and face matching, preserving completion rates.
Trust is now a growth lever as much as a compliance requirement. That’s why the company is pushing KYA into sectors already shaped by strict verification—telemedicine and healthcare, financial services, automotive, real estate, hospitality, gaming, and the gig economy—where agents will soon schedule care, open accounts, negotiate invoices, or update records on behalf of verified users. In these workflows, agent identity + human identity must travel together, with continuous monitoring to spot anomalous behavior before it causes damage.
The broader industry is beginning to settle around a few powerful shifts. Open orchestration standards such as MCP are moving quickly from theory to practice, giving agents a universal way to connect with software systems without relying on brittle UI workarounds. At the same time, identity and policy checks are no longer afterthoughts—they have to be enforced at protocol speed, built directly into the connective tissue of how agents operate.
In parallel, credential-first experiences like mobile driver’s licenses and other digital credentials are shifting from limited pilots into everyday use. These let people and agents disclose only what’s necessary—say, confirming age without revealing a full birthdate—while reducing friction for users and boosting security for enterprises.
As these foundations take hold, the rise of always-on agents demands something new: continuous trust. One-time verification can’t keep up with autonomous software that works around the clock. Instead, reputation and behavioral monitoring must constantly update, with permissions that flex depending on observed risk. Companies such as Vouched and others are racing to build this identity layer in a way that developers can easily adopt, enabling the safe rollout of agent-driven features. If successful, the next wave of AI won’t feel like a black box running in the background—it will feel like auditable collaboration, where agents prove who they are, what they’re authorized to do, and how they’ve behaved before they ever take a critical action.
Originally published on Unite.AI. For more details, visit the source.