Know Your Agent is a new layer, not a new silo. The tools below each solve part of the agent-trust problem. Paphwey is the part that turns a person's scoped approval into an attestation a regulated business can defend — and it's built to sit alongside what you already run, not replace it.
§ · The four neighboursStrong at · Doesn't answer · Where Paphwey sits
Where each stops
Four tools that solve part of the agent-trust problem.
Each category below is read at an evergreen, category level — this space moves monthly. The point is not who wins; it's which question each one answers, and where Paphwey picks up the question they leave open.
Horizontal identity platforms
e.g. Auth0 / Okta · Descope · Stytch · Microsoft Entra Agent ID
Strong at
Machine and agent identity, OAuth for agents, token issuance, IdP integration at enterprise scale.
Doesn't answer
Tying a specific agent action to a specific person's per-action approval on a separate device, and emitting a regulator-readable attestation mapped to PSD2 SCA, MLR, and NIST. Their authorization is access-centric, not action-and-evidence-centric.
Where Paphwey sits
On top of, or alongside — Paphwey consumes identity and produces per-action human-authority evidence.
Agentic payment rails & protocols
e.g. AP2 · ACP · Visa TAP · Mastercard Agent Pay · Skyfire
Strong at
Standardising how an agent pays and how a transaction mandate is carried, with enormous network reach.
Doesn't answer
The broader set of regulated business challenges beyond payment — onboarding, account change, source-of-funds, age and identity step-up — where the question is what did the human authorise, and can we prove it. These are rails, not the human-authority evidence layer.
Where Paphwey sits
Paphwey rides these rails — it's standards-compatible — and supplies the human approval and signed attestation the rails assume already happened upstream.
KYC / identity-verification vendors
e.g. Onfido · Persona · Jumio · Sumsub
Strong at
Verifying a human is real, once, at onboarding — and increasingly bolting on agent checks.
Doesn't answer
The per-action, scoped, revocable delegation question for an agent acting later. KYC answers "is this person real"; KYA answers "under what authority is this agent acting right now, and is it inside what the user allowed."
Where Paphwey sits
Explicitly downstream. Paphwey consumes the KYC signal and never replaces it.
MCP-native OAuth / building it yourself
e.g. rolling your own on top of MCP + OAuth 2.1
Strong at
Free, standard, fine for low-stakes tool access, and maturing quickly.
Doesn't answer
Out of the box it gives you no user-held wallet, no key-bound agent proof-of-possession, no scoped-and-revocable delegation credential, no signed denial-with-reason, and no tamper-evident audit anchor an MLRO can read. You'd be rebuilding Paphwey by hand — and maintaining it.
Where Paphwey sits
The productised, evidence-grade version of what teams would otherwise hand-roll on top of MCP and OAuth.
Identity platforms tell you who an agent is. Payment rails tell you how it pays. KYC tells you the human is real. Paphwey proves what that human authorised this agent to do — and lets a regulated business rely on the answer.
