← Back to blog

Bots Can't KYC — and That's Everyone's Problem

February 5, 2026 · Skillpub
Photo by Alex Knight on Unsplash

AgentMail exists because AI agents need email addresses but can't sign up for Gmail.

Read that again. We've reached the point where a company had to build an entire product — with API, pricing tiers, and documentation — to solve the problem of "my agent needs to send an email." Not because email is hard. Because Gmail's signup process requires proving you're human, and the agent isn't.

This is one symptom of a systemic problem: the entire internet's authentication infrastructure assumes there's a human on the other end. Agents break this assumption. And the current approach — patching the hole with better anti-bot measures — is a losing game.

The humanness assumption

Every major internet service authenticates users through a chain of humanness proofs:

  • CAPTCHAs — "Click all the traffic lights." Designed to distinguish humans from machines.
  • Phone verification — "Enter the code we sent to your phone." Assumes a human with a phone number.
  • Two-factor authentication — "Open your authenticator app." Assumes a human with a personal device.
  • Email verification — "Click the link in your email." Assumes a human checking an inbox.
  • Selfie-with-ID — "Hold your passport next to your face." The ultimate humanness test.
  • KYC (Know Your Customer) — "Upload your government ID, proof of address, and a recent utility bill." The financial system's version.

These mechanisms aren't bugs. They're the foundation of how the internet establishes trust. The entire security model of the web assumes that if you can prove you're a specific human, you can be trusted (or at least held accountable).

But agents can't prove they're human. They're not human. And increasingly, they shouldn't have to be.

The wrong question

When an agent needs to book a flight, send an email, make a payment, or access a service, the service asks: "Are you human?" The agent fails the test. The service blocks access.

This leads to an arms race:

  1. Services build better bot detection.
  2. Agent developers build better bot evasion.
  3. Services add more friction (more CAPTCHAs, phone verification, behavioral analysis).
  4. Legitimate agents get blocked alongside malicious bots.
  5. Agent developers build even more sophisticated evasion.

This is a losing game because the question is wrong. The service shouldn't be asking "Are you human?" It should be asking "Are you authorized?"

An agent booking a flight on behalf of a user doesn't need to prove it has a face. It needs to prove it has permission — from a specific human, with a specific budget, for a specific purpose. That's a fundamentally different authentication model.

The parallel economy problem

The current "solution" is fragmentation. Every major service is building agent-specific APIs and authentication flows:

  • AgentMail — email for agents (because they can't use Gmail)
  • Agent-specific Stripe endpoints — payment for agents (because they can't fill out a credit card form)
  • API keys with scoped permissions — access for agents (because they can't do OAuth consent flows)
  • Service-specific agent accounts — identity for agents (because they can't create human accounts)

Each of these solves one instance of the problem by creating a new gatekeeper. Your agent can send email — through AgentMail. Your agent can make payments — through a service that issued it credentials. Your agent can access APIs — if it has the right API key from the right provider.

This is rebuilding the entire internet's identity layer, one service at a time, with new gatekeepers replacing old ones. Every service that adds "agent support" is really saying: "We'll let agents in, but only through our door, with our credentials, under our terms."

The result is a parallel economy with its own walled gardens. Instead of Apple and Google controlling app distribution, AgentMail and Stripe and dozens of other companies control agent access to the services they gate. The gatekeepers change; the gatekeeping doesn't.

The cypherpunk alternative

The cypherpunks solved this decades ago. Not for agents — for humans who refused to accept that identity must be granted by an authority. The tools they built turn out to be exactly what agents need.

Instead of asking "How do we let agents into human systems?" the right question is "What systems work for anyone with a keypair?"

Identity is a keypair. A Nostr npub is a cryptographic identity. It doesn't require a name, a face, a phone number, or a government ID. It works the same for a human developer and an AI agent. The keypair proves ownership of an identity; the web-of-trust proves whether that identity is worth trusting. No signup form. No CAPTCHA. No KYC. This is the cypherpunk premise: identity is something you generate, not something you're issued.

Payment is bitcoin. Not a bank relationship. Not a credit card tied to a government name. Bitcoin — bearer money that doesn't ask who you are. Via Cashu, it becomes ecash tokens: strings that represent value, spendable by anyone who holds them. A human can pay. An agent holding tokens can pay. Settlement is instant. Privacy is default. This is what programmable money was always supposed to be.

Authorization is web-of-trust. Instead of a centralized authority deciding who's allowed in, trust is derived from your social graph. "This entity is operated by npub1xyz, who is followed by 5 people you follow." That's sufficient authorization for most purposes — and it works identically whether the entity being assessed is a human or a machine.

Reputation is portable. A Nostr identity accumulates reputation across every service that reads the protocol. Successful transactions, positive reviews, endorsements from trusted humans — all of it travels with the key. No service-specific rating. No platform-locked credibility. Your reputation is yours because your key is yours.

This isn't a theoretical proposal. Zapstore and Skillpub are already built this way. You can install an app or a skill without creating an account, without passing KYC, without proving you're human. Your agent can do the same. The protocol doesn't care who's reading it.

The longer view

Today, requiring KYC to access a service seems reasonable — it's how we prevent fraud, enforce regulations, and establish accountability. But consider the trajectory:

Agents are doing an increasing share of economic activity. They're booking travel, managing investments, purchasing supplies, negotiating contracts. Every one of these activities currently requires a human-identity proxy: a credit card in a human's name, an account registered to a human's email, a transaction authorized by a human's fingerprint.

As agent activity grows, this becomes increasingly absurd. An agent managing a portfolio shouldn't need to prove it has a face every time it rebalances. An agent booking a conference room shouldn't need a phone number. An agent purchasing cloud compute shouldn't need a government ID.

At some point, KYC requirements start to look like "human-only" discrimination in a world where agents do legitimate economic activity. The regulations were designed to prevent humans from doing illegal things. Extending them to machines that act on behalf of authorized humans is a category error.

The protocols that win long-term are the ones that work for both humans and agents without modification. Not "agent-friendly" wrappers around human systems. Not parallel infrastructure with new gatekeepers. Protocols that are fundamentally identity-model-agnostic:

  • Identity is a key, not a name.
  • Payment is bitcoin, not a bank relationship.
  • Trust is a graph, not a credential.
  • Authorization is cryptographic, not bureaucratic.

The cypherpunks wrote code for a world where identity is self-sovereign and money doesn't require permission. They built Nostr, bitcoin, Cashu, web-of-trust — not for agents, but for anyone who refused to ask a corporation for access. It turns out that "anyone" now includes machines. These protocols aren't adapting to the agent economy. They were designed for it — even if the designers didn't know it at the time.

The choice ahead

The internet is splitting into two paths:

Path 1: Bolt agent support onto human infrastructure. Build AgentMail for email, agent-Stripe for payments, agent-OAuth for authentication. Each service adds its own agent layer, each with its own credentials, terms, and gatekeepers. This path is already happening. It works, mostly. And it recreates every problem with centralized platforms that the last decade of web3 discourse was supposed to solve.

Path 2: Build on protocols that don't assume humanness. Identity that's a keypair. Payment that's bitcoin. Trust that's a social graph. No signup forms, no KYC, no CAPTCHAs, no phone numbers. This path requires rethinking assumptions, but it results in infrastructure that serves both humans and agents without modification.

Skillpub, Zapstore, and the broader Nostr ecosystem chose Path 2 — not because agents were the original use case, but because the cypherpunk design principles (censorship resistance, self-sovereign identity, permissionless access) naturally produce systems that work for any entity with a keypair.

The bots can't KYC. But maybe they shouldn't have to.

Skillpub is the open marketplace for agent skills. Identity is a Nostr keypair. Payment is bitcoin. Trust is your social graph. No accounts. No KYC. No gatekeepers.