1 hour ago
2
Here’s a question that’s about to define the next era of the internet: when an AI agent books your flight, transfers your money, or signs a contract on your behalf, how does the other side know it’s actually acting for you?
Proof, an identity authorization company that has secured over $640 billion in transactions across more than 9,000 organizations, thinks it has the answer. The company launched x401, an open protocol that extends HTTP to let AI agents present cryptographic proof of verified human identity and scoped authorization.
How x401 actually works
The protocol uses HTTP 401-style challenges, the same type of “unauthorized” response your browser gets when you try to access a protected webpage. But instead of prompting for a username and password, x401 lets agents respond with cryptographically signed Verifiable Credentials that support selective disclosure and zero-knowledge proofs. That means the agent can prove you’re over 18 without revealing your birthday, or prove you’re a US resident without handing over your address.
Proof CEO Pat Kinsel has emphasized the importance of knowing who authorizes AI-generated actions. The protocol isn’t trying to verify the AI itself. It’s verifying the human behind it.
The initial implementation runs through Proof’s Digital ID and cloud wallet, with live demos and documentation already accessible. The full specification and contributor list are available at x401.id.
The contributor list reads like a tech industry all-star roster
Circle, OpenAI, Google, and Okta all contributed to x401’s development.
The collaboration with Circle is particularly worth noting. x401 is designed to complement x402, a payment-focused standard that Circle co-contributed. Together, they enable what Proof calls “full agentic transactions,” combining both payment and identity verification in a single flow.
Proof also joined the FIDO Alliance as a Sponsor member in May 2026, positioning itself within the organization that helped standardize passkeys and hardware security keys.
The protocol is described as “issuer-neutral,” meaning it doesn’t care which organization issued the underlying identity credential. Government IDs, corporate badges, decentralized identifiers: they all work within the same framework.
What this means for investors and the broader market
There’s no token launch here and no immediate market-moving event. The “agentic internet,” where AI agents act autonomously on behalf of humans, is the direction every major tech company is heading. The problem is that the current internet was built for humans clicking buttons, not for autonomous software making decisions. There’s no standardized way for a service to verify that an AI agent has legitimate authority to act. x401 attempts to fill that gap.
Proof’s existing footprint, securing over $640 billion in transactions with NIST IAL2 and WebTrust-audited capabilities, gives it credibility that many crypto-native identity projects lack. The company isn’t pitching a whitepaper. It’s shipping a standard backed by organizations that collectively touch billions of users.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
English (US) · 