Chris Wyatt
All venture concepts
Venture Concept · Agentic Identity
In discovery

Aegis Authorize

AI agents already initiate B2B payments. The settlement layer still expects a human at the other end of the wire. Aegis is the missing identity primitive. Cryptographic. Scoped. Machine-readable. Banks and rails can accept agent transactions without lighting up every fraud control they have.

Currently in discovery. Taking calls with operators, payers, and issuers who see the same gap.

$89T
Global B2B payment flow, 2024
Juniper Research
45%
Of organizations hit by vendor-imposter fraud, 2024
AFP Payments Fraud Survey
11%
Of CFOs piloting or testing agentic AI
PYMNTS CAIO, Sept 2025

01 · The problem

Every agent transaction looks like fraud to the existing controls

When an AI agent initiates a payment today, the bank, the issuer, and the rail all see what looks like a human user with anomalous behavior. The agent has no first-class identity, no cryptographically scoped authority, and no machine-readable audit trail. Every agent transaction is one fraud-flag away from being declined.

0
Bank rails with native agent identity standards
Operator survey
$3.0B
FBI IC3 BEC losses, 2024
FBI IC3
$0
Liability frameworks defining agent-originated transactions
Regulatory survey

02 · The thesis

Agents can act. They cannot prove who authorized the action.

The agentic payments stack is being built without an authorization primitive purpose-built for it. Every existing identity standard (OAuth, mTLS, SAML) assumes a human at the end of the chain, or a service account with broad scope. Neither fits.

Aegis is a cryptographic agent-identity layer with scoped delegation, rotating credentials, and rail-readable proofs. It sits between agent frameworks and bank rails, turning every agent transaction into something issuers can underwrite and regulators can audit.

It is rail-agnostic by design, which is why it complements rather than competes with platforms like Finexio Phoenix that need an identity primitive their bank partners can verify across networks.

03 · The product

What it does

01

Agent identity primitive

Cryptographic identity per agent with rotating credentials, attested by the originating organization.

02

Scoped delegation

Spend caps, vendor allowlists, and time-bounded authority encoded into the credential itself, not enforced after the fact.

03

Rail-readable proofs

Issuers and processors verify agent legitimacy without taking custody of the agent or its prompts.

04

Machine-readable audit

Every agent transaction emits a verifiable record. Compliance, fraud, and regulator readouts are all the same primitive.

04 · Why now

The timing case

  1. 1

    Existing identity standards are being stretched into agent contexts in ways that will create production incidents within twelve months. The market will demand a purpose-built primitive.

  2. 2

    Bank rails are actively looking for ways to authorize agent transactions at scale. Without an identity layer, agentic payments either stay in pilot or run on the wrong primitive.

  3. 3

    AP2, x402, and similar agent-payment protocols are converging on an open spec for the transaction layer. None of them defines the identity layer underneath. The window to set that primitive is the next twelve to eighteen months.

  4. 4

    The category-defining moment already happened. Google announced its Agent Payments Protocol (AP2) with multiple major payment networks as partners. Cloudflare and others revived HTTP 402 as a native payment-protocol path (x402) in the same window. Visa Intelligent Commerce and Mastercard Agent Pay shipped parallel pilots. Multiple payment networks now have agent rails in production with no shared identity primitive underneath. The identity layer is the open seat at a table that is already set.

05 · Why I see it

The view from inside the work

I wrote the public thesis on this gap. The Authorization Without Identity essay frames the problem. Federal Reserve, NACHA, and HIMSS contributor work positions the standards conversation.

06 · Comparable references

What's already in the market, and where the gap is

An honest read on the adjacent landscape. Not every comparable is a competitor. Some are partners. Some are the market the venture displaces.

Reference
Auth0, Okta, Ping Identity
What they do
Human-and-service-account identity for enterprise SaaS.
Gap
Service accounts have broad scope and no transaction-level provenance. Aegis is purpose-built for scoped, auditable agent transactions.
Reference
Stripe / Adyen agent SDKs (emerging)
What they do
Wallet primitives for agents inside their own networks.
Gap
Closed-loop within a single processor. Aegis is rail-agnostic.
Reference
AP2 / Anthropic agent payments protocol
What they do
Emerging open standards for agent-initiated payments.
Gap
Standards layer. Aegis is the identity primitive that operationalizes them on real rails.
Reference
SPIFFE / SPIRE
What they do
Open-source workload identity standard for service-to-service authentication.
Gap
Built for microservices inside one trust domain. Does not handle delegated monetary authority, scoped transaction caps, or cross-network credential portability. The closest analog and still the wrong shape for agent payments.

07 · Key risks

What could break the thesis

Operator-grade pre-mortem. Surfaced because the buyers and partners worth talking to will surface them anyway.

Risk · 01

Standards bodies move slowly. Aegis could be commoditized by an open spec.

Mitigation

Lead the standards conversation rather than fight it. The reference implementation and the issuer relationships are the moat.

Risk · 02

Banks may build proprietary agent-identity layers internally.

Mitigation

Banks have historically bought the cross-rail primitive rather than build it. Aegis is rail-agnostic. A bank-built version locks them into their own walls and into the rail-by-rail integration tax that follows.

Risk · 03

Agent fraud incidents could freeze the market early.

Mitigation

Conservative scope defaults and underwriting partnerships from day one. The first incident is when issuers most need a credible identity primitive, not least.

Risk · 04

Networks absorb agent identity into their own credential stacks.

Mitigation

Visa Intelligent Commerce, Mastercard Agent Pay, and Stripe agent SDKs each have commercial incentive to own the agent identity record inside their walled garden. A rail-agnostic primitive becomes a thin abstraction over four incompatible stores if it does not anchor demand-side first. Win the bank and treasurer side. The CFO running three rails has the strongest pull for portability. Network adoption follows buyer demand, not the reverse.

08 · Proof of motion

What I've already shipped on this thesis

The artifacts that turn this from an essay into something with traction. Published work, working-group seats, operator scars.

09 · Questions partners ask

The next three follow-ups

Pre-empted because the buyers and partners worth talking to will surface them anyway.

Is this Finexio's identity layer?

No. Finexio Phoenix is one of the agent platforms that needs an identity primitive its bank partners can verify across networks. Aegis is intentionally rail-agnostic and platform-agnostic. If Aegis succeeds, Finexio benefits as a tenant. If Aegis fails, Finexio still ships, on whichever primitive wins.

Why won't Visa or Mastercard just build this?

They might. They have already started, in the form of Visa Intelligent Commerce Connect and Mastercard Track. Both are rail-specific. Neither solves the cross-rail case where an agent acts across ACH, wire, card, and FedNow inside the same workflow. The category Aegis claims is the cross-rail one.

What about AP2 and other emerging open specs?

Those are transaction-layer protocols. They define how an agent expresses intent and receives a result. They do not define the identity layer underneath. Aegis is a reference implementation of the identity primitive that AP2-style protocols call out to. Different layer of the stack.

What's the first thing you ship?

An attestation primitive plus a reference implementation against one bank rail, with one issuer partner pre-committed to underwrite agent transactions through it. Earliest customers are the bank-platform partnerships at Finexio's adjacency that I know are looking for exactly this.

AP2 already defines verifiable credentials and Intent Mandates. Why is a separate identity layer not redundant?

AP2 specifies the payload format for a single transaction. It does not specify how an agent's identity is provisioned, rotated, revoked across networks, or reconciled against the human principal across sessions. Visa, Mastercard, and PayPal each implement AP2 with their own credential stores. A treasurer using three rails needs three identity reconciliations today. Aegis sits above the protocol layer as the registry and revocation surface that AP2 assumes exists but does not provide. The protocols compete. The identity layer should not.

Status

Aegis Authorize is in discovery. I am taking calls with operators, payers, and issuers who see the same gap, and would talk to capital that wants to be early on the right founder for it.

Book a 20-min call on Aegis AuthorizeAll eight theses

Other concepts

Healthcare Adjudication

Apex Adjudication

AI claims-resolution engine for healthcare payers. Resolves manual denials at API speed.

Clearinghouse Automation

Clearing AI

Automated translation between legacy clearinghouse formats and modern APIs.

Healthcare Settlement

Ledger Health

Cryptographic settlement and audit trails for multi-party healthcare reimbursement.