World, the identity project co-founded by Sam Altman, launched AgentKit on March 17, 2026 — a developer toolkit that lets AI agents carry cryptographic proof they are backed by a unique, verified human. The launch arrives at the exact moment AI agents are flooding the web with autonomous commerce. But x402 gave agents a way to pay. AgentKit now gives them a way to prove who is behind the wallet. Together, they form the first complete trust stack for the agentic internet — and developers need to understand both layers right now.
What You Need to Know
AgentKit links multiple agents to a single verified person using zero-knowledge proofs and Orb-based biometrics, enabling platforms to cap usage per human and positioning World as a foundational identity layer for an AI-driven web. x402, the underlying payment protocol from Coinbase and Cloudflare, embeds stablecoin micropayments directly into web interactions so AI agents can transact without accounts, subscriptions, or API keys.
- Switch to AgentKit if you are building agents that book, buy, or access rate-limited services on behalf of users.
- Integrate x402 if you are a developer monetizing an API or data endpoint per-request — it is live, has processed over 100 million payments, and World's AgentKit now plugs directly into it.
- Ignore both for now if your AI agents operate only inside closed, authenticated enterprise environments where public-web trust signals are irrelevant.
What Launched and Why It Matters
The problem World is solving is real and growing fast. As AI agents increasingly transact, shop, and act autonomously online — a market that can reach $3 trillion to $5 trillion by 2030 — a key issue comes into focus: how to verify that a real person is behind the activity.
Most websites today block all automated traffic as a blunt defense against bots. But a growing share of agent traffic is productive. When your AI assistant tries to book a table at a restaurant or check flight prices on your behalf, it runs into the same wall.
AgentKit attacks this from the identity side. Through World ID, individuals can prove uniqueness anonymously using cryptographic verification, allowing platforms to establish trust signals without collecting or storing personal data.
The x402 protocol attacks it from the payments side. By leveraging the HTTP "402 Payment Required" status code, x402 embeds payments directly into web interactions, enabling AI agents, APIs, and apps to transact value as seamlessly as they exchange data.
AgentKit is built as a complementary extension to the x402 v2 protocol, in coordination with Coinbase. The integration is designed so that any website already using x402 can enable proof of unique human verification alongside — or instead of — micropayments.
Here is how the complete stack layers together:---
How World ID Works
World ID is the biometric credential at the foundation of the system. To fully verify your World ID and receive your "proof of human" credential, you must visit an Orb in-person. The Orb takes photos of your eyes and face, creates a unique code based on those photos, sends them to your device, and permanently deletes them from the Orb.
After verification, the data is encrypted, sent to your phone, and permanently deleted from the Orb. Only your phone holds your data and your World ID.
The system uses zero-knowledge proofs to keep verification private. The system uses zero-knowledge proofs so platforms can verify that an agent represents a real person without collecting or storing personal data, a design World claims is required for scaling identity in an AI-driven web.
As of March 2026, World ID has enrolled over 38 million users, with approximately 18 million completing full verification through the Orb.
| Credential tier | Method | Privacy | Status |
|---|---|---|---|
| Full "proof of human" | Orb iris scan | Zero-knowledge proof | Live |
| Passport-linked ID | NFC passport | ZK proof of attributes | Beta |
| NFC national ID | ID card scan | ZK proof of attributes | Planned |
| Device verification | Phone-based (lighter) | Limited proof | Planned |
How x402 Works
x402 is the payment rail that operates below the identity layer. The core concept is elegant: HTTP 402 Payment Required has sat unused in the web spec for 30 years. x402 gives developers a clear, open protocol for websites and automated agents to negotiate payments across the globe.
The transaction flow is three steps:
A client attempts to access a resource gated by x402. The server responds with the 402 status code. The response body contains payment instructions including the payment amount and recipient. The client requests the gated resource with the payment authorization header. The payment facilitator verifies the payment payload and settles the transaction.
The result: clients and servers capable of interpreting the x402 protocol are able to transact without the need for accounts, subscriptions, or API keys.
In six months, x402 reportedly processed over 100 million payments across various APIs, apps, and AI agents. Coinbase and Cloudflare co-founded the x402 Foundation to establish this as an open universal standard. Coinbase designs the payment protocol, while Cloudflare ensures it can operate reliably within live web environments, with servers deployed in more than 120 countries.
| Feature | x402 | Traditional payment API |
|---|---|---|
| Account required | No | Yes |
| Minimum payment | Sub-cent | ~$0.30+ |
| Human intervention | Optional | Usually required |
| API key needed | No | Yes |
| Settlement currency | USDC stablecoin | Fiat |
| Integration | One HTTP middleware | Multi-step setup |
| Agent-native | Yes | No |
How AgentKit Combines Both
The AgentKit flow is straightforward. A verified World ID holder registers their agent through a standard World ID verification. When an agent interacts with a compatible website, the platform can request payment, proof of unique human identity, or both, before granting access.
A single human can delegate their World ID to multiple agents. Platforms can recognize that those agents originate from the same individual. This is the key control mechanism. Platforms can allow legitimate multi-agent use while still enforcing per-human limits.
The World official blog offers concrete examples of what this unlocks: a service can offer five free requests per unique human, giving agents the ability to evaluate a service before committing to paid access, while preventing abuse. For phone numbers, a service can ensure that each unique human receives one number, shared across all of their agents.
AgentKit is available in limited beta to developers who are building agents and hold a verified World ID. A full 1.0 version is planned when the next generation of the World ID protocol rolls out.
There is one naming confusion worth flagging: Coinbase already has its own product called AgentKit, a separate framework introduced in 2024 to help developers build onchain AI agents. World's AgentKit beta is a different product entirely, even though it integrates with Coinbase's x402 ecosystem.
The Surprising Finding: Real-World x402 Volume Is Tiny
The launch narrative positions World AgentKit and x402 as the infrastructure backbone of a multi-trillion-dollar agentic economy. The actual transaction data tells a different story.
Despite a roughly $7 billion ecosystem valuation, onchain data shows that x402 currently processes only about $28,000 in daily volume, much of it from testing and "gamed" transactions rather than real commerce. Onchain analysis from Artemis found roughly half of observed x402 transactions reflect artificial activity — "gamified" activities rather than genuine commerce. Recent daily snapshots show about 131,000 transactions generating roughly $28,000 in volume, with the average payment worth around $0.20.
This does not mean x402 or AgentKit are destined to fail. The merchant side of the equation — services built to accept these protocols — is still nascent. Supporters argue that x402's true utility will emerge as more AI-driven, pay-per-use services come online, but the narrative around agentic commerce is running ahead of actual adoption.
The identity layer faces its own adoption challenge. World ID requires an Orb visit. The service has debuted in six major US cities — Atlanta, Austin, Los Angeles, Miami, Nashville, and San Francisco. Globally, regulatory pressure is real: countries including Brazil, Germany, Hong Kong, India, Kenya, Portugal, Spain, and South Korea are investigating the solution for privacy violations or have already banned the use of the Orb.
Who This Actually Affects
Build with AgentKit now if you are:
- A developer building consumer agents that book travel, compare prices, or access ticketing. Human-backed agents will gain access where unverified bots are blocked.
- Building on top of x402-gated APIs. AgentKit adds a second trust signal alongside payment — useful for services where proving uniqueness matters more than payment.
- Designing platforms that want per-human rate limits across any number of AI agents a user might deploy.
Wait if you are:
- Outside the cities and countries where Orb verification is available. The beta requires verified World ID, which still depends on in-person Orb access.
- Building enterprise-internal agents that operate behind your own authentication. Public-web trust infrastructure is not relevant to your use case.
- Skeptical of biometric identity systems. Critics have long argued that building a global identity layer on top of biometric iris scans introduces systemic risks that clever cryptography alone cannot resolve. That concern does not disappear when the system is extended to agents.
Monitor but do not prioritize if you are:
- A platform operator considering requiring x402 or AgentKit for access. With only $28,000 in daily real volume, the agent commerce ecosystem you would be designing for does not yet exist at scale.
What to Watch Next
Tools for Humanity has already partnered with Gap, Visa, and Tinder to promote World ID — these integrations will be the first real test of consumer adoption outside crypto-native audiences. Watch whether Tinder's Japan pilot converts mainstream users who have no crypto background.
On the x402 side, the x402 Foundation is adding members from consumer, enterprise, e-commerce, and AI companies. Future versions of x402 may be agnostic of payment rails, accommodating credit cards and bank accounts in addition to stablecoins. That expansion, if it arrives, would remove the biggest friction point for mainstream developer adoption.
World also plans to expand AgentKit beyond Orb-only verification to include NFC passport credentials — a move that would open the system to anyone with a modern passport, no Orb visit required.
Conclusion
World AgentKit and x402 together form the first serious answer to one of the agentic web's defining problems: if AI agents are going to transact online at scale, platforms need to know who sent them and trust that payment is legitimate. As Erik Reppel of Coinbase Developer Platform summarized: "Payments are the 'how' of agentic commerce, but identity is the 'who.' By integrating World ID with the x402 protocol, developers now have a complete trust stack."
The architecture is sound. The adoption gap is real — $28,000 in daily volume is not the backbone of a $3 trillion market. But the infrastructure is being laid now, and the developers building on it today will have a meaningful head start. If you are building agents that interact with public-web services, get a verified World ID, access the beta documentation at docs.world.org/agents/agent-kit, and start testing before the next version locks in its developer patterns.
