Accept agents
Services that accept traffic from AI agents have two bad options today. Block all agents, and lose a market that grows every quarter. Or accept all agents, and inherit regulatory exposure no audit team can sign off on.
Neither is the future. The future is services that accept agents on the same terms they accept humans, by the strength of identity proof attached to the request.
A STACK passport is a short-lived signed JWT. Your service verifies it offline against STACK's JWKS endpoint. No callback to STACK is required; nothing on the receiving side needs to be a STACK dependency.
What's in a passport
The fields a verifier reads are deliberately small and deliberately useful.
| Claim | What it tells you |
|---|---|
| agent_id + signing key | Which agent is calling. |
| operator_id | Which operator owns the agent. |
| subject_id + delegation chain | Which human delegated. Up to 4 hops. |
| claim_ref | Which identity provider verified them (BankID, Stripe Identity, Cloudflare Turnstile, IdNow). Never the PII itself. |
| scope, exp, usage | What scope, time-to-live, remaining quota. |
What this unlocks
When a service can verify, offline, that an agent is acting on behalf of someone with a verified identity, the action surface opens up. Most of the workflows below cannot exist today. The blocker is not model capability or integration breadth; the blocker is that the receiving service has no way to verify the call carries the human-authorization level the action requires.
| Vertical | What becomes possible |
|---|---|
| Banking | Agent-mediated transfers above PSD2 SCA thresholds. Account changes. KYC-bound operations. Today these need a human at a screen; with verified-human passports, they don't. |
| Healthcare | Agent-scheduled appointments, prescription requests, lab orders, bound to a verified patient. |
| Government services | Agent-filed paperwork, agent-paid taxes, agent-renewed licenses, bound to a verified citizen. Estonia is half-built for this; the rest of the EU is close behind. |
| Insurance | Agent-filed claims, agent-renewed policies, agent-priced quotes against verified medical or driving records. |
| High-value commerce and B2B | Agent purchases above the threshold where strong customer authentication fails today. Agent-signed B2B contracts. |
| Legal and compliance | Agent-prepared filings against verified counsel ID. Agent-executed standard-form contracts. |
Building a downstream service in any of these verticals? Talk to us.
Last reviewed 2026-05-09.