Skip to main content
Amla Labs
← back to blog

a16z Calls 'Know Your Agent' a Big Idea for 2026. Here's Why.

When the architect of a $150B stablecoin calls for cryptographic agent credentials, the market is sending a signal.

market validation a16z infrastructure

a16z just published their Big Ideas for 2026, and buried across three installments is a thesis that should matter to anyone building or deploying AI agents.

Multiple partners—across Infrastructure, Apps, and Crypto teams—independently identify the same gap: agent systems need authorization infrastructure that doesn’t exist yet.

The most direct statement comes from Sean Neville, Circle cofounder and architect of USDC (the $150B+ stablecoin):

“The bottleneck for the agent economy is shifting from intelligence to identity… Agents will need cryptographically signed credentials to transact—linking the agent to its principal, its constraints, and its liability.”

He calls this “Know Your Agent” (KYA)—the agent equivalent of KYC for financial systems.

This isn’t a fringe prediction. It’s the Circle cofounder saying that until agents have cryptographic credentials linking them to constraints and accountability, “merchants will keep blocking agents at the firewall.”

The Infrastructure Gap

Malika Aubakirova, from a16z’s Infrastructure team, describes why current systems break:

“We’re shifting from human-speed traffic that’s predictable and low concurrency to ‘agent-speed’ workloads that’re recursive, bursty, and massive.”

“The enterprise backend of today was built for a 1:1 ratio of human action-to-system response. It’s not architected for a single agentic ‘goal’ to trigger a recursive fan-out of 5,000 sub-tasks, database queries, and internal API calls in under milliseconds.”

To legacy infrastructure, an agent workflow “looks like a DDoS attack.” Rate limiters can’t distinguish between an attack and legitimate agent fan-out.

Her conclusion:

“The bottleneck becomes coordination: routing, locking, state management, and policy enforcement across massive parallel execution.”

Policy enforcement at agent speed requires something different than bearer tokens validated against a policy server. When 5,000 sub-tasks fan out in milliseconds, you need authorization that travels with the request—not authorization that requires a round-trip to verify.

Systems of Coordination

Seema Amble, from the Apps team, frames the enterprise need:

“Enterprises will shift further from isolated AI tools to multi-agent systems that will need to behave like coordinated digital teams.”

“On top of today’s systems of record, enterprises will need systems of coordination: new layers to manage multi-agent interactions, adjudicate context, and ensure reliability across autonomous workflows.”

“Adjudicating context across autonomous workflows” is the key phrase. When Agent A delegates to Agent B, and B delegates to C, how do you verify that C’s request is the legitimate continuation of A’s original authorization?

Current identity systems verify who an agent is. They don’t verify whether a specific request is the authorized continuation of a specific transaction chain.

Handoffs Without Authority

Alex Immerman, from the Growth team, identifies why vertical AI needs multi-party coordination:

“Vertical work is inherently multi-party. If agents are going to represent labor, they need to collaborate.”

“Today, each party uses AI in isolation, which creates handoffs without authority. The AI analyzing purchase agreements doesn’t talk to the CFO for its model adjustments.”

“Handoffs without authority” captures the problem precisely. When agents communicate across organizational boundaries, authorization evaporates. The receiving agent sees a request, but has no cryptographic proof that the request is authorized by the original principal.

Immerman’s solution:

“Multiplayer changes by coordinating across stakeholders: routing to functional specialists, maintaining context, syncing changes. Counterparty AIs negotiate within parameters and flag asymmetries for human review.”

“Maintaining context” across stakeholders requires more than passing messages. It requires passing cryptographic proof of authorization history.

Programmable Access Rules

Adeniyi Abiodun, CPO of Mysten Labs, describes the primitive that’s missing:

“New technologies that can provide programmable, native data access rules; client-side encryption; and decentralized key management enforcing who can decrypt what, under which conditions, and for how long.”

“Programmable data access rules enforcing who can access what, under which conditions, and for how long” is capability-based authorization. It’s what Biscuit tokens provide at the function level—constraints that travel with the credential and get verified at execution time.

What a16z Isn’t Saying

Notably, a16z doesn’t mention any existing agent security startup as a “Big Idea.” They’re identifying the infrastructure gap, not endorsing current solutions.

This matters because the market is still open. The “Big Idea” is the layer itself—cryptographic credentials linking agents to principals, constraints, and liability. The companies that build this layer don’t exist at scale yet.

The Timing Signal

Read across all three Big Ideas installments, and a thesis emerges:

  1. Agent infrastructure is the next platform shift
  2. Current systems (identity, auth, coordination) weren’t designed for agents
  3. Winners will be agent-native from the ground up
  4. Security, coordination, and trust are the bottlenecks—not intelligence

When the Circle cofounder, a16z Infrastructure partners, and enterprise software investors independently call out the same gap, that’s a timing signal.

This is part of a series on AI agent security. Next: The Missing Layer—why identity providers can’t fill this gap.