What is credential inheritance for AI agents?

Credential inheritance is the process by which an AI agent proves it acts under the authority of a verified human identity. The human completes KYC once, and the agent inherits that compliance status through a cryptographic delegation chain. This enables the agent to transact on KYC-gated protocols without completing its own identity verification, which is impossible since agents are not legal persons.

How does ERC-7710 enable agent delegation?

ERC-7710 defines a standard interface for redeeming delegated permissions on-chain. A user signs a delegation granting an agent scoped authority (spending limits, approved contracts, time bounds). The agent calls redeemDelegations on a Delegation Manager contract, which validates the permission context, checks all caveats, and executes the transaction through the user's smart account. Execution is atomic, and multiple caveat enforcers can be composed to create granular constraints.

Who is liable when an AI agent violates sanctions?

Liability spans multiple parties under current enforcement frameworks. OFAC applies strict liability, meaning intent does not matter. The user bears responsibility as the principal who authorized the agent. The platform bears responsibility for the agent's design and policy enforcement. The wallet provider may bear liability if it failed to screen transactions. Verifiable delegation chains and on-chain audit trails provide evidence of compliance controls, but do not eliminate liability.

What is the difference between KYC and KYA?

KYC (Know Your Customer) verifies a human's identity through documents, biometrics, and regulatory checks. KYA (Know Your Agent) verifies an AI agent's identity, authority, and trustworthiness. KYA answers three questions: who is this agent, who controls it, and can it be trusted. Standards like ERC-8004, Skyfire's KYAPay, and Sumsub's Agent Verification provide different approaches to KYA, from on-chain registries to commercial SaaS solutions.

Does Para support agent credential inheritance?

Yes. Para's Server SDK creates agent wallets under the same user identity as the primary wallet. This preserves the cryptographic linkage between user and agent through MPC key isolation. The user's key shares and the agent's key shares are separate, so compromising the agent cannot compromise the user. Combined with ERC-7710 delegation and on-chain KYC attestations, Para's portable wallet architecture enables one-KYC, one-delegation agent operations across all Para-integrated applications.

Agent Identity: How Agent Wallets Inherit Credentials in 2026

Credential inheritance is the missing infrastructure for compliant AI agent commerce. Here is how delegation chains, portable wallets, and KYA (Know Your Agent) standards make it work.

AI agents are spending money. They trade tokens, pay for API access, and earn revenue autonomously. But when an agent submits a transaction, whose identity backs it? The answer determines whether agent commerce scales or stalls at the compliance wall. Credential inheritance, the ability for an agent to prove it acts under a verified human's authority, is the missing infrastructure layer. And it only works if the human's wallet is portable.

Key Takeaways

Non-portable wallets break credential inheritance at four points: credentials don't travel across providers, delegations can't cross provider boundaries, agents fragment across apps, and the provider becomes a single point of failure.
Para's Server SDK creates agent wallets under the same user identity, preserving the cryptographic chain from KYC'd user to authorized agent to executed transaction. This enables one-KYC, one-delegation agent operations across all Para-integrated apps.

Why Do AI Agents Need Identity?

AI agents are becoming autonomous economic actors. McKinsey projects $3-5 trillion in global revenue orchestrated by agents by 2030. The x402 payment protocol alone has processed over 75 million transactions with $600 million in annualized volume.

Agents cannot open bank accounts. They cannot hold passports or sign legal contracts. No jurisdiction recognizes AI agents as legal persons. Yet they need wallets to transact, identities to be trusted, and compliance frameworks to operate within the law. This creates a fundamental gap.

The solution is credential inheritance: a cryptographically verifiable chain proving the agent acts under the authority of a verified human. The human completes KYC once. The agent inherits that compliance status through delegation. Every transaction traces back to a real identity.

What Is the Agent Credential Inheritance Problem?

The difficulty stems from three intersecting constraints.

1) Onchain attestations are address-bound. KYC attestations are issued to a specific wallet address. The attestation confirms "address 0xABC is verified," not "anything authorized by 0xABC inherits that verification."

2) Agent addresses are separate entities. Whether created via Coinbase CDP, Safe, or the Para Server SDK, the agent operates from its own address. No native Ethereum primitive links one address's compliance status to another.

3) Compliance checks are binary. DeFi protocols enforcing KYC gates perform a simple lookup: does this address have a valid attestation? There is no standard mechanism for checking delegation chains.

The result is a gap between a user's verified identity and an agent's ability to prove it acts under that identity's authority.

Current Approach	How It Works	Why It Falls Short
Shared private key	Agent uses the user's key directly	Catastrophic security risk; user loses all control
Manual allowlisting	Protocol operator adds agent address	Does not scale; requires per-agent, per-protocol intervention
Duplicate KYC for agent	KYC provider verifies the agent address	Agents are not legal persons; KYC is designed for humans
Smart account with agent signer	Agent signs through user's smart account	Agent has full signing authority with no constraints
Session keys with attestation check	Agent uses scoped session key	Closest to correct, but requires protocol-level delegation support

What is needed: a cryptographically verifiable delegation chain. User (KYC'd) to Agent (delegated) to Transaction (authorized within constraints).

How Do Agent Wallet Providers Compare on Credential Flows?

Not all wallet architectures support credential inheritance equally. The key differentiator is whether the user's wallet, and the credentials attached to it, is portable across applications.

Capability	Para	Coinbase CDP	Openfort	Safe
Agent wallet creation	Server SDK (same user identity)	Agentic Wallets (TEE-secured)	Owner-operator key model	Modular smart accounts
Key management	2-of-2 MPC (key never assembled)	TEE-bound keys	TEE-bound agent key + owner key	Multisig with modules
Credential linkage	Agent wallet under same user identity	KYT screening, built-in compliance	W3C VCs for agent-to-user proof	AllowanceModule with delegate registration
Cross-app portability	Yes (same wallet across all apps)	Coinbase ecosystem	Per-deployment	Per-Safe
Delegation standard	ERC-7710 compatible	AgentKit policies	ERC-4337 session keys + ERC-7710	ERC-4337 modules
Money transmitter risk	Low (2-of-2 MPC, non-custodial)	Low (TEE, non-custodial)	Low (owner-operator separation)	Low (multisig, non-custodial)

Para's architectural advantage is portable identity. Because Para wallets are identity-linked (not app-linked), a KYC attestation issued to the user's Para wallet address is recognized across all Para-integrated applications. The agent wallet, created via the Server SDK under the same identity, has a natural linkage to the user's credentials. One KYC, one delegation, and the agent works everywhere.

Coinbase CDP offers a full-stack approach with built-in KYT (Know Your Transaction) screening and x402 integration. The tradeoff: agents operate within the Coinbase ecosystem

Why Does Wallet Portability Matter for Agent Credentials?

Non-portable wallets create four failure modes for credential inheritance.

Failure 1: Credentials don't travel. If the user's KYC is stored in a provider's proprietary database rather than onchain, the attestation is invisible to other applications. An agent wallet created by a different provider cannot reference it.

Failure 2: Delegations can't cross provider boundaries. If the user's wallet is controlled by a custodial provider, the user cannot independently sign a delegation. The provider must mediate, creating delays and dependencies.

Failure 3: Agent-per-app fragmentation. Without portable identity, N apps require N KYC processes, N agent wallets, and N delegation chains. Each is isolated with no shared compliance status.

Failure 4: Provider single point of failure. If the wallet provider shuts down, the user loses their wallet, their KYC attestation (if stored off-chain), all agent delegations, and the agent's ability to prove compliance.

Dimension	Portable (Para Model)	Non-Portable (Provider-Locked)
KYC attestation	Onchain, address-bound, visible to all apps	Off-chain, provider database, invisible externally
Agent wallet creation	Server SDK, same user identity, natural linkage	Separate provider, no identity linkage
Delegation mechanism	User signs directly (self-custodial)	Provider must mediate (custodial dependency)
Cross-app inheritance	One KYC, one delegation, agent works everywhere	Per-app KYC, per-app delegation, per-app agent
Provider failure	User retains wallet + attestation + delegation	Everything lost with provider
Regulatory auditability	Full onchain trail: user to agent to transaction	Provider logs only; may not be available

The economic argument is equally compelling. Portable credentials create network effects. Every additional app that integrates Para recognizes the user’s existing KYC attestation. Every additional agent inherits from the same credential. The marginal cost of credential inheritance approaches zero as the ecosystem grows.

Non-portable credentials scale linearly: each new app or agent requires separate KYC, separate delegation, and separate funding. At small scale, that friction feels manageable. At ecosystem scale, it becomes existential.

Agent-driven commerce will not stall because agents lack intelligence. It will stall if identity cannot move with them. Wallets that bind identity to a single provider or a single app break the chain. Wallets that make identity portable let agents operate under real authority, with verifiable compliance, across the full crypto economy.

That is the difference between isolated automation and scalable agent commerce. And that difference starts with the wallet.