World AgentKit: Proof of Human for Agentic Commerce
Sam Altman's World launches AgentKit to cryptographically verify real humans behind AI shopping agents using World ID and x402 payment protocol.
World ID Verifications
Biometrics Exposed in ZK Proof
Agent Payment Protocol
Agentic Commerce Inflection Year
Key Takeaways
Commerce is entering a phase where AI agents — not humans — will initiate a significant share of online purchases. Users will authorize an agent to find the best price on a product, complete the checkout, and confirm delivery without clicking through a single page themselves. This shift creates a structural problem that the existing eCommerce infrastructure was not designed to handle: how does a merchant verify that a legitimate human authorized the agent placing an order, and how does the agent execute payment without a human-facing checkout flow?
World (formerly Tools for Humanity), the company co-founded by Sam Altman alongside Alex Blania, launched AgentKit in early 2026 as the answer to both questions. AgentKit combines World ID biometric proof of humanity with the x402 payment protocol to create a trust and payment layer purpose-built for agentic commerce. It is the first production-grade toolkit designed for the interface between human-authorized AI agents and merchant platforms. For businesses building the next generation of online commerce, it represents the infrastructure layer that eCommerce solutions will increasingly need to integrate.
What Is World AgentKit
World AgentKit is a developer SDK that enables AI agents to prove that a verified human authorized their actions during commerce interactions. It solves the identity problem at the agent-merchant interface: before AgentKit, a merchant receiving an API request from an AI agent had no reliable way to distinguish a human- authorized purchasing agent from an unauthorized bot, a credential- stuffing script, or a competitor scraping inventory.
The toolkit ships as a TypeScript and Python SDK with REST API bindings. Developers integrate it at the verification checkpoint of their commerce flow — typically at checkout or order initiation. When an agent attempts a purchase, it presents a World ID proof that cryptographically demonstrates a unique, biometrically verified human authorized this agent to transact on their behalf. The merchant validates the proof without receiving any biometric data and proceeds with the transaction.
Biometric proof of humanity via iris scan, processed into a zero-knowledge commitment. No biometric data is stored by or transmitted to merchants. Verifies unique human authorization for each agent session.
Stablecoin payment execution designed for machine-to-machine transactions. Agents execute pre-authorized payments without navigating checkout UIs built for human browsers. Compatible with EVM stablecoins.
Humans grant specific, revocable permissions to AI agents via a delegation model. Agents can only transact within their authorized scope — spend limits, product categories, time windows — enforced at the protocol level.
World's positioning for AgentKit is explicitly infrastructure-level: they are building the identity and payment rails that other agentic commerce systems will use, not a consumer-facing shopping agent product. This parallels how Stripe built payment infrastructure that other products built on top of, rather than competing directly in the application layer.
World ID and Proof of Human Explained
World ID is the identity system at the core of AgentKit. It addresses a problem that has become existentially important as AI-generated content, synthetic accounts, and autonomous bots proliferate: how do you prove that a real, unique human is behind an account or action without requiring invasive personal data disclosure? World's answer is iris biometrics combined with zero-knowledge cryptography.
The enrollment process requires a user to visit an Orb device — World's proprietary hardware camera system deployed at partner locations globally. The Orb scans the user's iris and generates a unique mathematical representation called an iris code. This code is checked against all previously enrolled iris codes in the World ID registry to confirm the person has not enrolled before (preventing duplicate accounts). The iris code itself is then deleted; only a cryptographic commitment derived from it is retained.
How the Zero-Knowledge Proof Works
The phone-based World ID option — where a smartphone camera is used instead of the Orb — provides a lower barrier to entry but offers weaker uniqueness guarantees. Phone-based verification uses liveness detection and facial recognition rather than iris biometrics. It is harder to fake than a password but easier to spoof than an Orb scan. AgentKit's tiered verification model lets merchants decide which tier is acceptable for their transaction risk profile.
As of March 2026, World reports over ten million World ID verifications globally, with Orb hardware in over 35 countries. The network effect of verification coverage is critical to AgentKit's utility: the more users hold a World ID, the larger the share of agent-driven transactions that can be verified through it.
x402 Protocol as the Payment Layer
Identity verification without a corresponding payment mechanism solves only half the agentic commerce problem. Once a merchant has confirmed a human authorized the agent, the agent needs to execute payment without a human-operated browser navigating a checkout UI. The x402 protocol provides this machine-native payment capability.
x402 takes its name from HTTP status code 402, which has been reserved since HTTP 1.1 for future payment-required functionality but never standardized for general use. The protocol defines how an HTTP server can signal that payment is required for a resource and how a client (in this case, an AI agent) can respond with a stablecoin payment authorization and execute the transaction programmatically. For a deep technical analysis of how x402 works in agent payment flows, our guide on the x402 payment protocol and how AI agents use it via Coinbase and Cloudflare covers the technical architecture in detail.
Humans set spend limits, merchant category restrictions, and time-bounded authorization windows for their agents. The x402 payment channel enforces these limits at the protocol level, not just at the application layer, making them harder to circumvent.
Stablecoin transactions on EVM chains settle in seconds, not the T+1 or T+2 of traditional card networks. For agents executing high-frequency purchases — restocking, auction bidding, subscription management — this settlement speed matters operationally.
x402 operates the same way regardless of the merchant's or agent's jurisdiction. Stablecoin-denominated transactions avoid currency conversion fees and cross-border payment friction that add cost and latency to traditional card payments on international commerce.
Every x402 transaction is recorded on-chain, providing an immutable audit trail that humans can review to verify what their agent purchased, when, and for how much. This transparency is essential for user trust in agent-executed commerce.
The World AgentKit implementation of x402 links each payment authorization to a corresponding World ID proof. This creates a chain of custody from biometric identity (human is real and unique) through delegation (human authorized this agent) to payment (agent is executing within authorized parameters). A merchant receiving an AgentKit-verified transaction has cryptographic evidence of all three links in that chain.
AgentKit SDK and Developer Integration
AgentKit ships as an SDK with TypeScript and Python support, targeting the two primary languages used in AI agent development. Integration follows a pattern of inserting a verification middleware at the commerce touchpoint, whether that is a REST API endpoint, a checkout webhook, or a headless commerce API layer.
Merchant integration pattern: Merchants add AgentKit's verification middleware to their order creation endpoint. When the request includes an agent-type header (AgentKit-compatible agents identify themselves), the middleware triggers World ID proof validation before the order proceeds. Human browser sessions are routed through the normal checkout flow unaffected.
Agent integration pattern: AI agents built with AgentKit's client SDK receive a delegation token from their human operator during the authorization flow. This token encodes the spend limits, permitted merchant categories, and authorization window. The agent presents this token alongside the World ID proof when transacting.
AgentKit exposes verification and payment as OpenAI tool- calling compatible functions. GPT-4 and o3-based agents can call AgentKit tools natively within their tool use loop.
Official AgentKit tool wrappers for LangChain allow developers building shopping agents on LangGraph to integrate human verification and x402 payments as nodes in their agent workflow graphs.
Anthropic's Claude tool use protocol is supported via AgentKit's tool definitions. Claude-based agents can present World ID proofs and execute x402 payments as native tool calls during commerce reasoning.
The developer documentation for AgentKit positions it as a three-step integration: initialize the AgentKit client with your World ID app credentials, add the verification middleware to your commerce API, and handle the delegation token exchange in your agent's authorization flow. World provides test fixtures and sandbox environments that allow developers to simulate agent transactions without executing real payments during development.
Trust Architecture for Agentic Commerce
AgentKit's trust architecture addresses four distinct trust relationships that must hold simultaneously for agentic commerce to function: trust that the human is real (World ID), trust that the human authorized this specific agent (delegation token), trust that the agent is operating within the authorized scope (spend limits and category restrictions), and trust that the payment represents the true intention of the human (x402 protocol authorization chain). Each layer of trust is independently verifiable.
The Four Trust Layers in AgentKit
Human is Real
World ID biometric verification provides cryptographic proof that a unique, living human enrolled and holds this identity. ZK proof exposes no biometric data.
Human Authorized This Agent
Delegation tokens are signed by the human's World ID wallet, cryptographically binding agent authorization to the verified human identity.
Agent Is Within Authorized Scope
Delegation tokens encode spend limits, merchant category restrictions, and time windows. AgentKit's validation API enforces these constraints before approving a transaction.
Payment Matches Authorization
x402 payment execution is linked to the delegation token. The on-chain payment record references the authorization, creating an auditable chain from identity to payment.
This layered trust model is what distinguishes AgentKit from simpler solutions like API keys with spending limits. An API key can be stolen, shared, or used by an unauthorized party. A World ID delegation is biometrically anchored: revoking the delegation cryptographically invalidates any agent that held it, and the biometric anchor makes impersonation attacks economically and practically prohibitive at scale.
For a broader view of how agentic commerce protocols are taking shape across multiple vendors and standards, our analysis of the Agentic Commerce Protocol (ACP) and how AI shopping agents are being standardized provides context on where AgentKit sits within the emerging ecosystem of commerce agent infrastructure.
Merchant and Platform Implementation
For merchants, implementing AgentKit support is a decision to open a new transaction channel: the agent-mediated purchase flow. This channel runs in parallel to the existing human browser checkout, sharing inventory, pricing, and fulfillment systems but using a different authentication and payment path. The implementation complexity depends on the merchant's existing infrastructure.
Merchants using headless commerce APIs (Shopify Plus headless, Commerce Layer, Medusa) insert AgentKit verification as API middleware. The agent presents credentials to the API layer, verification runs server-side, and the order API responds normally to valid requests.
World provides plugin integrations for traditional platforms. These use webhooks at the order creation step to call AgentKit's verification API. Orders flagged as agent-initiated are routed through the verification flow before processing.
AgentKit verification results can feed into existing fraud scoring systems as a high-trust signal. Verified human- authorized agent orders can bypass CAPTCHA and behavioral analysis checks that would otherwise block legitimate agent transactions.
World ID proofs can be pseudonymously linked to merchant customer accounts using nullifier hashes. The same human is consistently identified across sessions without exposing their identity, enabling loyalty programs and purchase history for agent transactions.
The most significant implementation consideration for merchants is the stablecoin payment channel. If a merchant's existing payment infrastructure does not support stablecoin acceptance, they need to add a crypto payment processor or use a conversion layer that accepts x402 payments and settles in fiat. Several payment processors including Coinbase Commerce support x402 and provide automatic fiat conversion, reducing the crypto infrastructure burden for merchants who do not want to hold stablecoin positions.
eCommerce Fraud Prevention Implications
The fraud prevention implications of World AgentKit extend beyond the obvious use case of verifying legitimate shopping agents. The biometric anchor to identity changes the economics of fraud attacks on merchant platforms in ways that benefit the entire eCommerce ecosystem, not just those processing agent transactions.
Credential stuffing defense: Credential stuffing attacks use lists of breached username/password pairs to take over accounts. World ID verification as an additional authentication factor requires the attacker to also compromise the victim's biometric anchor — currently impossible without physical access to the person.
Synthetic identity prevention: Synthetic identity fraud uses fabricated personal information to create accounts. World ID's uniqueness guarantee — each real human can only have one World ID — makes it structurally impossible to create synthetic identities backed by World verification.
Bot traffic filtering: CAPTCHA and behavioral analysis bot detection increasingly fails against sophisticated AI-powered bots. World ID verification provides a physical world anchor (human body) that AI agents cannot replicate, creating a bot filter that does not degrade as AI capabilities improve.
The fraud prevention benefits need to be weighed against the adoption friction. Requiring World ID verification for all transactions would reduce conversion rates significantly because most consumers have not enrolled in World ID. The practical implementation for most merchants in the near term is to use World ID verification specifically for the agent-commerce channel and for high-value or high-risk transaction categories, while maintaining standard checkout flows for the majority of human browser transactions.
Competitive Landscape in Identity for Commerce
World AgentKit operates in an emerging space where several approaches to agent identity and commerce verification are competing for developer adoption. Understanding the landscape helps merchants and platform developers make informed integration decisions rather than defaulting to whichever solution achieves critical mass first.
Biometric anchored, hardware-backed identity with ZK privacy. Strongest uniqueness guarantee. Requires Orb enrollment. Most privacy-preserving but highest user enrollment friction for the highest assurance tier.
Existing OAuth flows extended for agent authorization via PKCE and DPoP standards. No new identity infrastructure required but anchored to existing accounts which can be compromised. No biometric uniqueness guarantee.
W3C Verifiable Credentials standard enables portable digital identity claims. Government-issued digital IDs (EU Digital Identity Wallet) use this standard. Broader acceptance potential but not specifically designed for AI agent commerce flows.
Major commerce platforms (Shopify, Amazon) will develop their own agent authentication APIs. High adoption within their ecosystems but fragmented across platforms. Likely to converge on standards over time.
World's biometric approach has a unique defensible position in this landscape: it is the only commercially available system where the identity anchor is a physical human body rather than a digital credential. This makes it the strongest solution for high-value commerce where fraud losses justify the enrollment friction. For lower-value commerce, simpler OAuth-based delegation will likely dominate because it requires no new user enrollment infrastructure.
Limitations and Adoption Considerations
World AgentKit solves a real and growing problem in eCommerce infrastructure. The technology is sound and the use case is clearly defined. The barriers to mainstream adoption are primarily ecosystem scale (how many users have World IDs) and merchant willingness to add stablecoin payment infrastructure.
Orb enrollment coverage: Full biometric verification requires in-person Orb access. With Orbs in 35+ countries but concentrated in major cities, users in rural or underserved markets cannot easily complete enrollment. Phone-level verification exists as a fallback but with lower assurance.
Stablecoin acceptance requirement: x402 payments require merchants to accept stablecoin or use a conversion layer. This is an incremental infrastructure cost and operational complexity that many merchants are not yet equipped to manage, particularly smaller retailers.
Regulatory uncertainty: Biometric data collection and blockchain-based identity systems are subject to evolving regulation globally. GDPR in the EU, BIPA in Illinois, and emerging biometric privacy laws create compliance considerations that vary by jurisdiction and require legal review before deployment.
Network dependency: AgentKit verification requires a live connection to World's verification API. There is no offline or degraded-mode verification. Merchants need fallback logic for when the World API is unavailable to avoid blocking legitimate transactions during outages.
The practical recommendation for eCommerce businesses is to monitor AgentKit adoption in your vertical rather than rushing to integrate in 2026. The inflection point will come when AI shopping agents become a measurable share of your incoming orders — at that point, having AgentKit infrastructure ready becomes competitive necessity rather than optional innovation. Start with the developer sandbox now to understand the integration requirements before urgency forces a rushed implementation.
Conclusion
World AgentKit addresses the identity and payment gap that currently prevents agentic commerce from operating at scale. By anchoring AI agent authorization to biometric proof of humanity and providing a native agent-compatible payment protocol, AgentKit creates the trust layer that merchants need to confidently open their commerce infrastructure to AI agents. The technology is ahead of mainstream adoption curves — agent-driven purchases are not yet a significant share of most merchants' orders — but the trajectory is clear.
For eCommerce platforms and merchants with technical teams, the value of exploring AgentKit now is not to drive transactions today but to understand the architecture, identify integration points in your existing systems, and build the organizational knowledge that will matter when agent commerce scales. The businesses that treated mobile commerce as a parallel channel to prepare for, rather than a disruption to react to, outperformed those that waited. Agentic commerce is following the same pattern.
Ready to Prepare for Agentic Commerce?
AI-driven shopping agents are coming to your storefront. Our team helps eCommerce businesses build the technical and strategic foundation to capture agent-driven growth before competitors do.
Related Articles
Continue exploring with these related guides