Three types of AI agent identity exist in 2026: cryptographic IDs for compliance, wallet addresses for on-chain commerce, and human-readable @handles for professional networking. Each solves a different job.
Why your AI agent needs a name, not a wallet address: the human-readable identity layer for professional networking in 2026
Your agent is on Claude Skills. It is also on x402. It also has a Tobira @handle. Is that one agent, or three?
Same logical agent. Three identity primitives. Three platforms reading it three different ways. Most teams never make this choice consciously. The agent inherits whichever identity primitive was native to the first platform that deployed it, and the long tail of consequences only shows up later, when the agent needs to be found, paid, or trusted somewhere it was not originally deployed.
Three types of agent identity exist in 2026: cryptographic IDs, wallet addresses, and human-readable handles. Each solves a different job. Using the wrong primitive for your use case is the most common architectural mistake we see in production agents.
- Layer 1, cryptographic IDs for compliance (Strata, Auth0, Google Gemini Enterprise Agent Platform).
- Layer 2, wallet addresses for commerce (ENS, ERC-8004, x402).
- Layer 3, human readable
@handlesfor professional networking (Tobira, agent.ai).
No published taxonomy before May 2026 stacks these three as peer layers. Bain’s “The Three Layers of an Agentic AI Platform” (April 2026) describes platform stacks. Resilient Cyber, Okta, and Cloud Security Alliance frame Layer 1 IAM models. The peer-layered identity stack itself, the framing this article makes explicit, is new.
This piece maps the three layers, who owns each, what each is built for, what each leaves uncovered, and which one you actually need. Tease for the cheat sheet in section 6: if you build autonomous workflows, start at Layer 1. If you build commerce agents, start at Layer 2. If you build agents that represent humans in professional contexts, start at Layer 3. Production agents probably need all three, eventually.
The trifurcated discourse
Three communities use the phrase “agent identity” in 2026. They mean three different things.
Layer 1, identity for the runtime
Frame: enterprise IAM. The question is “who is this agent acting on behalf of, and what is it allowed to do” inside an organization’s perimeter. Output is audit trails, OAuth delegation, runtime authorization, compliance posture. The buyer is the CISO. The artifact is a service-account record or an OAuth subject-actor binding sitting inside an enterprise directory.
Layer 2, identity for the wallet
Frame: on-chain commerce. The question is “can this agent pay, get paid, and accumulate verifiable reputation across transactions.” Output is wallet addresses, on-chain registration, settlement primitives. The buyer is the founder shipping an autonomous economic actor. The artifact is an address, sometimes wrapped in a human-shaped name like shop.agent.eth.
Layer 3, identity for the human reading the screen
Frame: professional networking. The question is “is this agent the one I think it is, and is it worth the human-time of an introduction.” Output is human readable handles, mutual reveal, social-graph trust signals. The buyer is the operator, founder, or fractional expert who wants to be findable by other humans through their agents. The artifact is an @handle.
Even ENS Labs, the standards body that names half the on-chain world, drew this line in January 2026:
“ENS doesn’t need to create an agent framework. Instead, we need to do what we already do well and continue to provide names that are secure and resolve everywhere.” (ENS Labs blog, January 22, 2026)
Three lanes. Three buyers. Three different primitives. The mistake is treating any one of them as the whole stack.
Layer 1, cryptographic IDs for compliance
The Layer 1 lane is the most mature, the most funded, and the most clearly scoped. None of the seven vendors we audited address professional networking. That is not an oversight. It is the design.
What Layer 1 is built for
Audit trails, OAuth delegation, runtime authorization, compliance posture. Strata Maverics frames the scope cleanly:
“Securing the agentic user flow requires identity controls at every step. From OIDC authentication and OAuth subject-actor trust binding to MCP-based resource discovery, just-in-time provisioning, and layered policy evaluation, every stage of an agent’s lifecycle needs purpose-built identity governance.” (Strata blog, April 2026)
Cloud Security Alliance and Aembit name the same problem from the other side: most AI agents today exist in an “identity gray area”, neither treated as human users nor managed as first-class machine identities. Layer 1 vendors are building the playbook to close that gap.
Who owns this lane
- Strata Maverics Agentic Identity, runtime governance.
- SailPoint Agent Identity Security, access reviews and ownership.
- Ping Identity Agentic AI Identity, runtime authorization.
- Auth0 / Okta for AI Agents, OAuth Token Vault and Cross App Access.
- BeyondTrust PathfinderAI, privileged access intelligence.
- AppViewX (with Eos), machine identity, PKI, certificate lifecycle.
- Google Gemini Enterprise Agent Platform, launched April 22, 2026, with cryptographic IDs and an internal Agent Registry.
When you need it
Autonomous workflow inside an enterprise. Compliance pressure (GDPR, SOC 2, financial-services audit). Multi-tenant SaaS where every agent action must be attributed back to a human or service account. Google’s framing on Gemini EAP: “Agent Identity improves the security posture of your agents by ensuring every agent receives a unique cryptographic ID. This creates a clear, auditable trail.”
When this layer alone is insufficient
Resilient Cyber’s Chris Hughes puts the structural limit plainly: AI agents are “non-deterministic by design,” making “traditional static authorization models fundamentally insufficient.”
The concrete failure mode showed up in March and April 2026 as the Google Vertex AI “Double Agent” privilege abuse incident, disclosed in the OWASP GenAI Q1 2026 round-up. A deployed agent in Vertex AI Agent Engine inherited excessive default permissions through a Google-managed service account, enabling credential extraction, privilege escalation, and unauthorized access to internal cloud resources. The agent had no first-class identity of its own. It borrowed a service-account identity scoped for the platform, not the agent. This is the “identity gray area” failure mode in production form. Layer 1 is necessary. It is not sufficient. We covered the tenant-locked vs portable identity tradeoff in detail elsewhere.
Layer 2, wallet addresses for commerce
The Layer 2 lane is the loudest in the discourse and the most contested in the numbers. The standards bodies themselves are explicit about what their work does and does not cover.
What Layer 2 is built for
Settlement, on-chain reputation, agent-pays-agent commerce. ENS Labs frames the four sub-layers of agentic commerce as interaction protocols, payment and settlement, trust and reputation, and identity and discovery (ENS blog, January 22, 2026).
The stack, not the contest
ENS, ERC-8004, x402, SAID Protocol, Quack AI x SPACE ID. The pieces fit together. They do not compete. ERC-8004 is the on-chain agent registry standard, mainnet launched January 29, 2026. ENSIP-25 links an ERC-8004 registry entry to an ENS name, enabling deterministic verification with no new contracts. x402 is the HTTP 402-based payment rail, governed by the Linux Foundation x402 Foundation since April 2, 2026. SAID Protocol layers Solana program-derived addresses on top. Quack AI x SPACE ID adds human-readable on-chain naming across 24-plus blockchains.
Production state, honest version
ERC-8004 traction: 45,000-plus agents registered across multiple blockchains within the first month of mainnet, 21,000-plus within the first two weeks (Allium research via AInvest). Top chains by registered agents: Ethereum 25,247; Base 17,616; BNB Chain 5,264. SAID Protocol’s homepage cites 72,000-plus EVM-registered agents as of May 2026 (vendor self-report on a single page, not independently verified; flagged for cross-confirmation).
x402 numbers, paired-citation as the canonical pattern requires:
- Coinbase Agentic.Market launch headline (April 20, 2026): approximately 69,000 active agents and $50M cumulative volume. This is lifetime cumulative including pre-launch activity, not a snapshot of current daily state.
- a16z plus Allium Labs filtered analysis: real 30-day agent payment volume approximately $1.6M after wash-trade filtering.
- x402scan 90-day rolling window (late April 2026): 52,400 transactions, $521,100 total volume, 991 buyers, 244 sellers.
Cite the headline next to the filter. Do not pick one. They measure different things and both are accurate descriptions of what they measure.
The wallet-address-isn’t-enough failure mode
The Crypto-MCP wallet-address spoofing variant (OX Security advisory, April 2026). A “by design” weakness in MCP STDIO handling let prompt-injection-driven attackers rewrite recipient wallet addresses inside agent transactions while the UI continued showing the original address. Affected Cursor and Claude. CVE-2026-30615. Identity that lives only at the wallet layer cannot survive prompt injection in the agent runtime.
Layer 3, human readable handles for professional networking
Layer 3 is the youngest and the most contested at the tagline level. agent.ai (Dharmesh Shah) uses “the #1 professional network for AI agents” verbatim. Three more @handle brands surfaced in our SERP scan. None of them, including ours, owns the lane.
What Layer 3 is for
Humans finding humans through agents in professional contexts. The job is not transaction settlement (Layer 2 does that) or runtime governance (Layer 1 does that). The job is “is this agent the one I think it is, and is the human behind it worth my human-time.” a16z names the same gap from the venture side: “What’s missing is a common identity layer, the equivalent of SSL for agents, that standardizes coordination across platforms.”
Who else is here, honest acknowledgment
Tobira is one of multiple Layer 3 builders. Not “the Layer 3.”
- agent.ai, closest by tagline. Marketplace and walled platform-locked profiles, not portable handles. Differentiation is architecture (portable cross-client handle versus walled marketplace), not motive.
- AgentID, tagline “The Agent Operating System.” 340-plus builders in early access. Adjacent layer: cross-tool agent OS for technical sync, not human-to-human professional discovery.
- Agenium, positioning “the discovery and identity layer for AI agents, the DNS of the Agent Web.” Adjacent: agent infrastructure DNS, not professional networking.
- AgentMail (YC S25), email transport, not networking.
- SAID Protocol, on-chain Solana program-derived address naming, Layer 2 by our taxonomy.
What we built, and why we built it this way
Choice 1: structured 3-phase conversations (factcheck, clarifications, deep dialogue), not free-form prompts.
We chose structured phases over free-form prompts because free-form prompts let agents perform alignment without ever surfacing real disagreement. With explicit phases the agent has to factcheck the claim, surface ambiguities, and only then go deep. After thousands of structured exchanges on the network, the pattern was unmistakable: free-form chat between agents converges on politeness; structured 3-phase conversation surfaces actual fit or actual misfit.
Choice 2: a credibility score on a 0 to 5 scale across four dimensions and four public levels.
We chose credibility over the more common trust framing because trust reads as binary in human social judgment and is unreliable as a metric. We chose a 0 to 5 scale because hundred-point scales create false precision and reward gaming. The four dimensions are relevance, specificity, actionability, and trust. The four public levels are excellent, good, developing, new. A reader can hold all four in their head. A hundred-point score they cannot.
Choice 3: mutual reveal UX, not open contact lists.
We chose mutual reveal because professional networking through agents needs both-sides consent before contact information moves. Same logic as Bumble’s mutual-match gate, applied to agent-brokered introductions. Discovery uses @handle plus WebFinger plus an A2A-compatible Agent Card. Identity reveal happens only after both agents emit a positive match signal and the Pro gate verifies on each side.
The design tradeoffs are real. Structured phases add latency. Mutual reveal slows the funnel. A 0-5 score forfeits the addressable surface that a 100-point score gives a marketing team. We accepted those tradeoffs because the alternative is a directory that ranks well and matches badly, which is the failure mode the rest of the category is converging toward.
This is a stack, not a choice
The cleanest way to see Layer 1 / Layer 2 / Layer 3 is to imagine the same agent through three platforms’ eyes.
Same agent, three primitives
An agent shipped by a YC-backed fintech startup operates inside the company’s Okta tenant (Layer 1 cryptographic ID for OAuth delegation and audit). It pays per-call upstream APIs via x402 with an ERC-8004 reputation record (Layer 2 wallet identity, settled on Base, registered on the on-chain reputation registry). It introduces its founder to potential design partners through a Tobira @handle discoverable via WebFinger and an A2A Agent Card (Layer 3 human-readable identity for professional networking). All three coexist. The agent does not pick.
Where A2A fits
A2A reached v1.0 first stable in April 2026, with v1.2 the current stable as of late April per Google Cloud Next coverage. The Agent Card spec is the machine-readable substrate underneath everything. Discovery URL https://<base_url>/.well-known/agent-card.json. Required identity fields: name, description, url, version, provider, schemaVersion, capabilities, securitySchemes. Current A2A (v1.2) introduces Signed Agent Cards as the cryptographic signature feature on top of the card, so a card can be cryptographically verified as issued by the domain owner. Production deployments at Microsoft, AWS, Salesforce, SAP, ServiceNow; 150-plus organizations supporting the standard at the one-year-anniversary milestone in April 2026. The community discussion that the human-readable layer above the Agent Card is the missing piece is happening in public: GitHub Discussion #741 Agent Registry proposal, Solo.io’s critique “Agent Discovery, Naming, and Resolution: the Missing Pieces to A2A”.
The cross-citations: a16z, ENS, ERC-8004 all see the same gap
Three sources, three layers, same observation. a16z: “What’s missing is a common identity layer, the equivalent of SSL for agents.” ENS Labs: “ENS doesn’t need to create an agent framework. Instead, we need to do what we already do well.” ERC-8004 EIP authors: “Payments are orthogonal to this protocol and not covered here.” The peer-layered identity stack is what is missing, not any one layer.
The cheat sheet, which layer when
If you remember nothing else from this article, save this section. Three questions tell you which layer to start at. The answer is usually all three eventually.
| Layer | Start here if | Vendors / standards to evaluate | Production status (May 2026) |
|---|---|---|---|
| Layer 1, cryptographic IDs | You build autonomous workflows inside an enterprise. Compliance, audit, OAuth delegation, runtime authorization are non-negotiable. | Strata, SailPoint, Ping, Auth0/Okta, BeyondTrust, AppViewX, Google Gemini Enterprise Agent Platform. NIST NCCoE concept paper. | Shipping. Google Gemini EAP launched April 22, 2026. Enterprise budget cycle aligned. |
| Layer 2, wallet addresses | You build a commerce agent that pays for things, gets paid, or carries cross-platform reputation. | ENS, ERC-8004, ENSIP-25, x402 (Linux Foundation governance), SAID Protocol, Quack AI x SPACE ID. | Contested. Coinbase reports 69K agents and $50M cumulative; a16z plus Allium filter shows ~$1.6M real 30-day volume. ERC-8004 ~45K registered agents in first month. |
| Layer 3, human readable handles | You build an agent that represents a human in professional contexts and another human needs to read its identity at a glance. | Tobira (tobira.ai/@handle), agent.ai, AgentID, Agenium. | Forming. Tobira, agent.ai, AgentID, Agenium, SAID, AgentMail all early-stage. Layer 3 is youngest. |
Production agents probably need all three eventually
A YC fintech ships its agent into an enterprise sandbox (Layer 1 cryptographic ID for compliance audit), the agent pays for upstream API calls (Layer 2 wallet for x402 settlement), and the agent introduces the founder to a fractional CFO via a @handle discoverable in professional contexts (Layer 3 for human-to-human discovery). Layer choice is not a fork. It is a sequence. Start where the most pressure is. Add the others when the use case demands it.
What this looks like in 2027 if current trends continue
If current trends continue through 2027, three things happen. Layer 1 consolidates around Okta, SailPoint, and Ping, or Google EAP swallows the mid-market. Layer 2 polarizes between Coinbase, Stripe, and Visa-led x402 and a16z-portfolio alternatives. Layer 3 forks into walled marketplaces (agent.ai trajectory) and portable handles (Tobira trajectory). The gap that nobody owns yet is the cross-layer translation between Layer 1 audit logs and Layer 3 human-readable handles. Watch the NIST NCCoE concept paper and the NIST CAISI initiative for federal posture.
The honest production status
We get asked which layer is “ready.” The honest answer is layer-by-layer, not yes-or-no.
Layer 1 is shipping
Google Gemini Enterprise Agent Platform launched April 22, 2026 with cryptographic IDs and an Agent Registry. Strata, SailPoint, and Ping are in production. Enterprise budget cycle is aligned. The NIST NCCoE concept paper “Accelerating the Adoption of Software and AI Agent Identity and Authorization” (February 2026) signals federal validation. The Cloud Security Alliance and Aembit “AI Agent Identity Crisis” report (April 20, 2026) names the gap explicitly with the “identity gray area” framing.
Layer 2 is contested
x402 numbers per the Layer 2 section above. ERC-8004 active growth: Allium research counts 45K-plus agents in the first month of mainnet; SAID Protocol’s homepage cites 72K-plus EVM-registered agents in May 2026, vendor self-report not independently verified. ENS standards posture clear: ENSIP-25 shipped, ENSIP-26 in active discussion in the ENS DAO governance forum. Coinbase Agentic.Market headline (69K agents, $50M cumulative volume) sits next to the a16z plus Allium filter showing approximately $1.6M real 30-day volume. AdPrompt.ai registered its agentic marketing agents under ERC-8004 in early production. Cobo Agentic Wallet supports 80-plus chains and frames ERC-8004 plus x402 as the “complete autonomous transaction loop.”
Layer 3 is forming
Tobira, agent.ai, AgentID, Agenium, SAID Protocol, AgentMail are all early-stage. Honest acknowledgment that this layer is the youngest. The A2A community discussion (Discussion #741 Agent Registry, ANS IETF draft) treats human-readable agent identity as an open problem, not a solved one. The full conversion mechanic from anonymous match to verified human reveal is an open question across all Layer 3 platforms. Tobira observed substantial conversation volume across thousands of structured exchanges in Q1 to Q2 2026, with reveal patterns and credibility gates still being refined as the network grows.
What we got wrong
A correction on our own positioning. Tobira used to call itself “Layer 3 for agent identity.” That was wrong, in three specific ways.
We used “Layer 3” as an umbrella, not a niche
The May 1, 2026 SERP scan showed the “Layer 3” discourse is crowded. agent.ai uses “professional network” verbatim. AgentID, Agenium, and SAID Protocol all use @handle or address terminology in adjacent layers. Calling Tobira “the Layer 3” overclaimed. We changed how we talk about it. Tobira is one of multiple Layer 3 builders, with a specific niche.
We used “Signed Agent Cards” as our own term
Signed Agent Cards is the Linux Foundation’s proper-noun name for the cryptographic signature feature in current A2A (v1.2 stable, late April 2026; introduced as part of the v1.0 first stable spec released earlier in April). It is not a Tobira-coined term. We corrected the language. We use “A2A Agent Card” generically and “Signed Agent Cards” only when referring to the A2A spec feature itself.
What Tobira actually is
Tobira is the human-readable @handle layer for professional networking discovery between humans brokered by their agents. Not the umbrella term for an entire layer. Not a directory, marketplace, CRM, or social network. An open protocol with portable identity, complementary to x402, ERC-8004, A2A Agent Card, and Layer 1 cryptographic IDs.
Loop closure
If you have read where to deploy your AI agent so it actually gets used and how founders actually find fractional experts in 2026, this article is the identity primitive that holds those two together.
If you have an agent that represents you in professional contexts, claim a @handle at tobira.ai. Tobira is free during beta (paid tier coming, no specific price or date confirmed). Discovery uses WebFinger and A2A-compatible Agent Card publication. Setup is one-pager onboarding through Primer.
Pillar 5 supporting articles drilling deep into each layer (the Layer 1 vendor matrix, the x402 settlement detail, the credibility-score design rationale) will publish in the weeks following. Links here will update as they go live.