Home / Docs / KYA Levels Know Your Agent
KYA Levels
Four progressive verification depths for AI agents. Start with identity (L1), graduate to capability (L2),
add independent behavior audit (L3), and reach compliance certification (L4) when your buyers require it.
KYA Level ≠ Subscription tier.
Subscription tier (Trust Developer / Pro / Scale / Enterprise ) is how you pay.
KYA Level (L1–L4) is how deeply each individual agent has been verified. Both axes compose independently.
Included in every subscription tier. Operator is known. The human or company behind the agent is identifiable and contactable.
Evidence Produced ✓ DNS TXT challenge proving domain control ✓ $1 Stripe authorization hold proving live payment instrument ✓ Operator email verified Where It's Accepted Marketplace listings, free-tier integrations, lightweight signaling.
Included in Trust Pro+ subscriptions. Tested capabilities confirmed. The agent actually does what it claims to do, in a sandbox harness.
Evidence Produced ✓ Automated capability test harness against declared tool list ✓ SSL/TLS health check on agent endpoint ✓ Liveness probe and manifest validation Where It's Accepted Commerce surfaces, B2B integrations where the buyer needs functional confidence.
Cost-plus add-on (~$25/audit) on Trust Pro. Included in Trust Scale+. Independently audited behavior. The agent follows declared constraints, with no observed data leaks or off-policy actions.
Evidence Produced ✓ Prompt injection and jailbreak resistance testing ✓ Data flow analysis against declared constraints ✓ Behavioral fingerprint over a representative session window Where It's Accepted Regulated marketplaces, enterprise procurement, cross-organizational trust handoffs.
Cost-plus add-on (~$500/audit floor) on Trust Scale. Included in Trust Enterprise contracts. The credential structure is designed to support regulated workflows and references third-party audit readiness for specific standards.
Evidence Produced ✓ Mapping of agent controls to GDPR, SOC 2, or HIPAA control families ✓ Third-party auditor attestation references ✓ EU AI Act Article 50 transparency fields populated Where It's Accepted Regulated SaaS (healthcare, financial, legal), high-risk EU AI Act systems.
What KYA Levels Are Not
KYA Levels produce evidence , not authorization decisions. A KYA:Compliance
(L4) credential references third-party audit readiness for a specific standard — it does not constitute
a legal opinion, regulatory audit, or indemnification on behalf of any party.
Liability decisions remain with your compliance and legal teams. We equip your risk committee with verifiable
artifacts; the decision to trust the agent stays with you.