Who's Watching Your Agents?
Knowing who authorised an AI agent and knowing who is watching what it does are two different problems.
Almost every regulated business I speak with asks me the same question about AI agents. It doesn’t matter whether they’re in financial services, legal or marketing and it comes up early in every conversation…
“What about security?”
As I dig deeper into what they are actually asking me about, I learn that it is often about access.
Can someone unauthorised get in?
Can a bot act without permission?
Can we prove a real person triggered this?
Those are legitimate concerns. But the one question that doesn’t get asked that I think is going to be more important is:
“Once the authorised person is in and the agent has done its work, who is checking what actually happened?”
There is a market forming around this. Sam Altman’s World launched a toolkit that lets humans delegate their verified identity to AI agents through iris scans and cryptographic proof. OpenAI has joined the FIDO Alliance Board of Directors, and Google and Mastercard have both contributed authentication frameworks to FIDO’s emerging work on agent identity. Vouched and Wink have built biometric verification that binds a user’s face, palm, and voice to the moment an agent is activated. The language across this space has shifted from Know Your Customer to Know Your Human.
And the money is following. According to a PYMNTS Intelligence report produced in collaboration with Trulioo, a survey of 350 global companies found that firms lose an average of 3.1 percent of annual revenue to gaps in digital identity systems, covering fraud, misidentification, and compliance failures. Verification addresses a real category of risk, and I am not going to pretend otherwise.
But that the industry is solving one problem and marketing it as if it solves two.
Verification confirms that a real, authorised person triggered an action. It answers the question “who” but it does not answer “should this have happened?”
And in a regulated business, a regulator is never going to ask whether someone’s iris scan checked out. They are going to ask whether the decision was sound, whether anyone reviewed the output or whether a person with enough context to intervene actually did.
This is the difference between a receipt and a control. Verification documents consent and it proves that someone was there. But being there and paying attention are two very different things, and judgement lives in the second one, in the gap between an agent producing a result and someone deciding to act on it.
When a business buys the verification layer and ticks the governance box, it has done something worse than leaving the box empty by creating documentation that it was in control, while removing the thing that was the actual control.
As a human, there are things I can feel but can’t fully defend, and I think this is one of them.
You know those moments when something feels wrong and there is a tightening that fires before reasoning catches up? That.
Most of the time, I am fairly sure it is a heuristic, fast pattern-matching on experience I can’t consciously retrieve. But sometimes, my brain and my gut land in different places, where the reasoning says this looks fine and the body says wait. I’ve sat with that split enough to know I can’t always tell whether the flinch is buried signal or buried bias.
I don’t think that uncertainty weakens the point. Either way, the flinch is what the verification layer doesn’t reach. Confirming an identity and catching that an output doesn’t look right are completely different faculties, and the second one requires a person with domain knowledge, time, and a reason to look.
No authentication product is going to manufacture that.
I should say that I am not outside this problem. I build and consult in AI governance and observability, and a dashboard nobody looks at is just as empty as a biometric no one questions.
The thing that makes any of it real is the same in both cases, a person with the time and the standing to actually look, designed deliberately into how decisions move through an organisation.
So the question I would want any leader hearing the Know Your Human pitch to ask themselves is this:
”Where in your workflow does an agent’s manager actually review the agent’s output, and what have you done to make sure they (the human) have the time and the authority to act on what they see?”
If you can answer that specifically, you are a step ahead.
All the Zest 🍋
Cien
Cien Solon is a founder and AI transformation strategist working at the intersection of people, platforms, and power. Through LaunchLemonade, she helps organisations design AI systems that are dependable, governable, and human-centred.
Sources and further reading
World AgentKit launch and proof-of-personhood toolkit, CoinDesk, March 2026
Vouched and Wink biometric proof-of-personhood for AI agents, Vouched, April 2026
OpenAI joins FIDO Alliance Board of Directors, ID Tech Wire, April 2026
Google and Mastercard contribute authentication frameworks to FIDO agent identity work, BusinessWire, May 2026
PYMNTS Intelligence and Trulioo: identity gap costs across 350 global companies, PYMNTS, February 2026