AI agents can now buy, sign, build, publish and move money. What they can't carry is proof of who authorized the agent.

Every company is racing to open its products to AI. The hard part isn't getting agents to act; it's trusting that a real person authorized them. Without that, a service has no safe way to let an agent through.

Today, Proof, the identity authorization company, launched x401, an open, issuer-neutral protocol that lets any website or API ask for and verify the identity behind agents.

With x401, a service can ask for the proof it requires: verified identity, age, membership, organizational affiliation, signing authority, proof of humanness, orf another trusted claim. The agent presents a compatible credential and authorization. The service verifies the issuer, claim, scope and action before proceeding. 

Identity establishes who or what an agent represents. Authorization establishes what it is permitted to do. x401 binds the two into proof and unlocks agents' ability to act on people’s behalf.

“AI is making actions and content effortless to generate. Trust will come from knowing who stands behind them,” said Pat Kinsel, founder and CEO of Proof. “x401 gives every service a common way to ask for proof. Proof Digital ID gives people and organizations a high-assurance way to answer—with a signed record of who authorized what.”

Open by design

x401 is an open protocol allowing any conforming issuer to deliver x401-compatible credentials. Any agent can present them. Every service determines which claims, issuers and levels of assurance it will accept.

That separation allows one protocol to support many forms of authority without forcing the internet to adopt a single identity provider or credential model.

x401 was developed by Proof with technical contributors from leading payments, identity and AI organizations. The public specification, implementation materials, and complete contributor list are available at x401.id.

Proof will submit x401 to the FIDO Alliance’s agentic authentication standards workgroup.

Built to complete the agent stack

x401 is designed to work with the protocols already emerging around agentic activity. In payments, x402 enables machines to make payments. AP2 and Verifiable Intent capture instructions and approvals in commerce. x401 now completes the missing link, when used together with these other protocols, agents can now pay, prove a person’s identity, and authorize specific actions.

“x402 is the open standard that lets agents pay for web resources over HTTP with pay-per-request settled in stablecoins, with no accounts or API keys. Through Circle Agent Stack and USDC, which settles nearly all x402 volumes, Circle has been one of its core contributors. x401, built with Proof, pairs that with identity: x402 answers how an agent pays, x401 answers who it is. Those are the first two questions any agentic transaction has to clear, and now each has an open standard. Circle is proud to be an early adopter and co-endorser of x401." — Gagan Mac, VP Product, Circle

Proof’s digital identity: A high-assurance identity that can sign

Proof is launching the first live implementation that can satisfy an x401 challenge. Built on Verifiable Credentials, Proof’s digital identity is the world’s first inline implementation of OID4VC Issuance and Presentation, allowing people to verify their identity to an IAL2 standard and enroll just-in-time or instantly reauthenticate with a biometric. Developers simply request identity and Proof manages the complexity of who is enrolled vs not.

Using selective disclosure and zero-knowledge proofs, someone can prove that they are verified, their nationality, over a required age or authorized to represent an organization without exposing their complete identity record.

In addition to credential presentation, Proof’s platform is the first to support transaction signing, which produces verifiable records. The API supports signing authorizations like AP2 with Verifiable Intent and cryptographically binds a verified identity to any payment, transaction, or payload. Verifiable records prove who you are and what you’ve authorized, creating the evidence that every industry requires in the agentic era. U.S. law has recognized agreements made by electronic agents for decades. Proof provides what's been missing: trustworthy proof of the person behind the transaction.

Proof’s digital identity is backed by Proof's Kantara-certified NIST IAL2 identity service and WebTrust-audited certificate-authority infrastructure. As a Certificate Authority that pairs a publicly trusted, audited certificate hierarchy with IAL2-grade identity proofing, Proof’s digital identity is the only legal credential that can secure everything a person signs, does in person, does online, or delegates to an agent.

x401 works end-to-end today

The documentation for x401 is live today. The public specification, technical documentation, sample apps, and contributor list are available at x401.id. 

Proof Digital ID documentation is available at dev.proof.com.

Developers can connect Proof’s live x401 MCP server to Claude and ChatGPT to use x401 in real agent workflows.

Participating organizations will announce their implementations as they become available.