Know Your Agent (KYA)

Definition. Know Your Agent is a defensive registry. It governs which AI agents and bots you allow or deny per tenant. As the agentic web grows, more of your traffic is automated software acting on a human’s behalf — some of it welcome, some of it not. KYA is where you decide which is which.

KYA governs trust, not action. It does not enable agents to do anything. It is the policy that says this agent may be treated as trusted and that one may not — a verification and gate, sitting in front of your application.

How Noxtica does it

KYA identifies agents by durable, cryptographic identity rather than by an easily-forged user-agent string:

• JWK thumbprints — an agent is recognized by the thumbprint of its public key, so identity can’t be spoofed by changing a header.
• Signature-Agent hosts — the host an agent declares as its signing authority, checked rather than trusted on its word.
• Web Bot Auth verification — KYA integrates with Web Bot Auth, the emerging standard for agents to cryptographically prove who they are. A verified agent’s claim is checked against your allow/deny policy.

You maintain the allow/deny lists per tenant. A request from a known, allowed agent can be treated accordingly; an unknown or denied one is governed by your policy. The decision of what happens to a denied agent — challenge, block, observe — is carried out by the Browser Security layer and the risk-action engine.

What KYA is not

KYA is deliberately distinct from its neighbors on the agentic spine:

• It is not MCP. MCP is how your agents read Noxtica. KYA is how you govern which agents reach your site.
• It is not the AI Assistant. The assistant helps you operate the console. KYA is a registry you configure.
• It does not enable agents to act. It governs whether you trust them. The word “agent” in KYA means the agents arriving at your site, and the verb is govern, never empower.

Where it fits

KYA is the agent half of the Intelligence pillar and a load-bearing part of the agentic spine — specifically the “police the agentic web” meaning of agentic security. See Agentic Security for how the three meanings tie together.

Read deeper

• Agentic Security — KYA’s place in the three honest meanings of “agentic”.
• Browser Security — how a deny decision is enforced.
• Threat categories — the automated-traffic patterns KYA helps you reason about.