AI agents are quickly becoming a part of everyday life on the internet. From booking dinner reservations to comparing prices across retailers, autonomous agents are starting to handle tasks that once required a human sitting at a keyboard. McKinsey projects that agentic commerce alone could reach $3 to $5 trillion globally by 2030. Bain estimates AI agents could account for up to 25% of all U.S. e-commerce in the same timeframe.
The promise is enormous. But so is the challenge: as AI agents become economic actors online, how can you infuse trust into the system and provide some level of agency over the agents’ actions?
World is working with Coinbase to address this challenge with the introduction of AgentKit beta, a new primitive for the agentic web: programmable proof of unique human.
AgentKit is a first of its kind developer toolkit that allows verified humans to delegate their World ID to AI agents. For the first time, developers can build agents that carry cryptographic proof of a unique human behind them, what we are calling human-backed agents. The proof of unique human distinction provides an added layer of trust for interactions and transactions. A developer preview of AgentKit beta is available now via https://docs.world.org/agents/agent-kit.
every human-backed agent gets 3 free images
— Takis Kakalis (@takiskakalis) March 17, 2026
visualise your code, history, and taste
this is only possible by World ID through AgentKit @worldnetwork https://t.co/dvgYOdB8Qn pic.twitter.com/LUYMMkTHkY
The web has no way to tell agents apart
Today, most websites treat all automated traffic the same way: they block it. That made sense when bots were primarily malicious, crawling sites to scrape data, spam forms or launch denial-of-service attacks. But a growing share of agent traffic is productive. When your AI assistant tries to book a table at a restaurant or check flight prices on your behalf, it runs into the same wall.
The emerging x402 protocol, developed by Coinbase and Cloudflare, proposes one solution: allow agents to pay small amounts to access resources, using micropayments as a rate limiter. The x402 ecosystem has grown rapidly since its launch in 2025, processing over 100 million payments across APIs, apps and AI agents in its first six months.
Micropayments help. The x402 protocol is a powerful foundation for internet-native payments, and it introduces an elegant mechanism for metering access across APIs and agent interactions, in a way that removes the human-in-the loop friction of LLM tool configuration. But many use cases around rate-limiting and agent access require a different kind of signal. A price on access can slow down bad actors, but it cannot fully address Sybil dynamics. If the economic incentive is high enough – whether ddos attacking a website, snagging a limited reservation for resale or manipulating a social feed – the cost of paying a few cents per request can be trivial compared to the upside. And payments alone reveal nothing about how many unique people are behind a swarm of agents. One person could operate thousands of agents, each paying individually, and a website would have no way to tell them from a thousand different people.
We have already seen this dynamic play out in early agent-driven platforms. On Moltbook, for example, a small number of individuals were able to deploy large numbers of agents to amplify specific tokens and distort engagement metrics. Without a way to verify how many real people were behind those agents, platforms had no reliable way to distinguish organic activity from coordinated swarms.
There is also a privacy concern. When every agent transaction runs through a public payment rail, it creates a detailed trail of everywhere that agent goes and everything it does. You probably would not want a public record of every website your agent visits on your behalf.
What the agentic web needs
The missing piece is uniqueness. Websites need a way to know that there is a real, unique human behind an agent, without needing to know who that human is.
This is exactly what proof of unique human provides. World has built the largest real human network on the planet, with nearly 18 million verified humans across 160+ countries. Through World ID, a person can cryptographically and anonymously prove that they are a unique human without revealing any personal information to anyone. That same proof can now extend to their agents.
“Payments are the 'how' of agentic commerce, but identity is the 'who.' By integrating World ID with the x402 protocol, developers now have a complete trust stack: a way for agents to pay for what they need and a way for platforms to verify there is a real human behind the wallet. This is a massive step toward a web where agents aren't just seen as automated traffic, but as legitimate economic participants,” says Erik Reppel, Head of Engineering at Coinbase Developer Platform and Founder of x402.
How AgentKit works
How is AgentKit integrated with x402?
AgentKit is built as a complementary extension to the x402 v2 protocol, in coordination with Coinbase. The integration is designed so that any website already using x402 can enable proof of unique human verification alongside (or instead of) micropayments.
How does an AI agent prove it is backed by a real, unique human?
The flow is straightforward. A verified World ID holder registers their agent through a standard World ID verification. When the agent accesses a website that supports x402, the website can request a payment and/or proof of a unique human behind the agent. If the agent carries a valid proof, it gets access.
Can one human delegate to multiple agents?
Yes. One human can delegate their World ID to multiple agents. That is expected. The key is that a website can see that all of those agents trace back to the same unique human. So if one person spins up a hundred agents to flood a platform, the website can recognize that it is dealing with a single person and set limits accordingly.
How is proof of human different from micropayments as a rate limiter?
Payments tell you that someone was willing to spend money. Proof of human tells you how many distinct people are actually involved. For platforms dealing with Sybil attacks, manipulation or agent swarms, that distinction is critical.
What does AgentKit enable?
The implications go well beyond spam prevention.
Consider restaurant reservations. A popular spot like Resy or OpenTable could let human-backed agents book tables on behalf of verified humans, while still preventing scalpers from deploying hundreds of agents to hoard reservations for resale. The platform does not need to charge $20 per request to deter abuse. It just needs to know that each reservation is tied to a unique person. The same could apply to a ticketing platform selling concert tickets.
Or take news discovery. Newsworthy pays agents to surface what matters most, but without proof of unique human, a single actor could flood the feed with coordinated signals. AgentKit ensures every curation signal traces back to a unique person.
Or consider free trials. Today, if a website offers limited free access through x402, any agent with a wallet can burn through that offer. With AgentKit, a website can offer five free requests per unique human, giving agents the ability to evaluate a service before committing to paid access, while preventing abuse.
Phone numbers present another interesting case. Agents will increasingly need phone numbers for two-factor authentication and signups. Without proof of unique human, thousands of agents could each acquire unique phone numbers, overwhelming telecommunications infrastructure. With AgentKit, a service can ensure that each unique human receives one phone number, shared across all of their agents.
In each of these cases, the underlying pattern is the same. Proof of human provides websites with the trust signal they need to open their doors to agents, without compromising user privacy or creating perverse economic dynamics.
Accelerating the agentic web, not just securing it
There is a broader point here than simply trust and safety. Without a way to verify the humans behind agents, the agentic web may never fully arrive. Websites will not open their platforms to agent traffic if they have no way to manage it. Every major platform, from e-commerce to social media to financial services, will face the same question: how do we let productive agents in while keeping the bad ones out?
AgentKit provides a foundation for that answer. By extending proof of human to agents, World is helping to build the infrastructure that allows the agentic internet to grow, scale and function.
Getting started
AgentKit is available now in a limited beta for developers who are already building agents and who hold a verified World ID. Full documentation is available at docs.world.org/agents/agent-kit.
The beta is built on the current World ID architecture, with a more robust 1.0 version planned as the next generation of the protocol rolls out. For now, the goal is to get AgentKit into the hands of builders, gather feedback and demonstrate what becomes possible when proof of unique human extends to the agent layer of the internet.
The agentic web is coming. The question was always going to be whether the infrastructure could keep up. AgentKit answers this question.
