Snippings

xxx

he AI Agent Mesh is the data plane where AI agents communicate with each other to complete tasks assigned to them

From: Solving the Identity Crisis for AI Agents.

xxx

In the United Kingdom we are about to ask a hundred random people to design our national digital identity scheme. Seriously. Invitations went out to 36,000 UK addresses (mine wasn’t one of them) asking recipients to comment on “How should we design a Digital ID system for the UK?”. Of those who respond, the government will choose (via some opaque process) somewhere between 100 and 120 of them to come to central Birmingham for a couple of weekend sessions (plus some Zoom sessions in the week). The government says that those chosen will represent “a cross-section of the UK population”. Who knows what they will come up with.

Meanwhile, in advanced nations, life goes on. China has just announced that robots will be getting digital identities and launched the Humanoid Full Lifecycle Management Service Platform to manage them. The identities will be used to track the robots from assembly through to recycling in a programme led by the Humanoid Robotics and Embodied Intelligence Standardization (HEIS) committee, part of the country’s Ministry of Industry and Information Technology.

That fact is that the demands of the economy mean that digital identities not only for people but for businesses and bots are a priority, a foundational layer for not only the economy but for a safe and secure society. If we want economic growth, we have get this layer in place.

Noelle Acheson, who knows her onions* when it comes to real-world markets, says “It’s unlikely a tokenized share in Palantir will be able to ‘seamlessly’ plug into a Russian DeFi application, for instance, or any DeFi application that has no KYC unless we finally sort out the onchain identity issue”. I am a big believer in digital assets and tokens and next-generation financial market infrastructure (FMI) and all that jazz but Noelle is right.

In the Bank for International Settlement (BIS) white paper on the topic of next generation FMI, they themselves frame digital identity as a fundamental platform on which the financial internet (that is, the “finternet”) needs. Until there is a working identity infrastruture in place, the finternet cannot happen.

Now, that identity infrastructure does not need to a global ID solution used for everything or network of national IDs or anything like it. It might well be an identity infrastructure solely for financial services. Some kind of financial services passport, for want of a better term. I think that one way we can make some progress is by focusing on a practical solution here rather than try to boil the ocean and solve the entire world’s superset of (wholly different) identity problems.

What if financial instutitions got together to solve this problem for themselves?

It is a fairly straightforward idea, after all. The first time you come into contact with the financial system, you are KYCd, AMLd, CTFd and PEPd up the wazoo: folded, spindled and mutilated until you are a certified player, at which point you would be issued with a financial services passport that you can use to visit other institutions, accountants, lawyers and so on. Then, instead of sending your personally-identifiable information with a transaction, you need only send a pointer to the passport (a public key, in essence). There will be a visa to the land of (eg) Barclays stamped inside the passport (a verifiable credential, in essence) which testifies to your certified playerness. You can show this visa to anyone: they can’t copy it our counterfeit it because they do not have access the private key, which is locked away in secure hardware somewhere.

In one of their reports last year, McKinsey said that what they label “credentialling and identity” is the first of their key control points in the agentic economy becaue agents need secure, user-granted permission before they can initiate transactions across multiple institutions. Indeed they do and therefore, organisations that already manage high-trust credentials start with a clear advantage. They go on to highlight some success factors: zero-trust architectures that never assume persistent access, dynamic consent via standardized protocols (for example, OAuth2/OpenID Connect) and continuous audit trails.

All of these ought to be 

 

 

 

* I deliberately used onions here, rather than apples or SEC rules, because the trading of onion futures in the US is illegal, a fact that to my mind at least highlights just why markets are not just about technology.

xxx

The eMarketer analysis of Stripe’s annual letter notes that in 2026, 95% of e-commerce sales driven by AI platforms will still be completed off the AI platform and on the merchant site. The agent drives discovery. The human still clicks “buy.”

From: (1) Simon Taylor on X: “The 5 Levels of Agentic Commerce” / X.

xxx

xxx

When you click a link inside your LLM or ask your agent to, the link now needs to carry a payload linking the AI citation to the merchant’s site, with consent signals (like a cookie, saying you consented to the agent doing this). In UCP it works like this:
The LLM looks for a file at [merchant.com/.well-known/ucp]. This manifest tells the LLM what the store is capable of (e.g., guest checkout, identity linking, or loyalty points).
The “link” carries a UCP Context Object. This tells the merchant site that the user didn’t just stumble upon the page — they were sent by an agent with a specific Intent.

From: (1) Simon Taylor on X: “The 5 Levels of Agentic Commerce” / X.

xxx

xxx

If you think about the 5 levels of autonomy in self-driving cars, Stripe had a similar model for commerce. These levels are typically: no automation, AI assistance, partial autonomy, full autonomy in certain conditions, high autonomy for some flows (or geographies), and finally full autonomy for any payment anywhere, any time.

From: (1) Simon Taylor on X: “The 5 Levels of Agentic Commerce” / X.

xxx

xxx

A threat actor took a “leisurely tour” of the city’s online resources and had started messing around with conference room projectors and other relatively harmless endpoints. Then they realized that they could change settings with the water utility where they switched many controls off, potentially endangering the water supply.

When Beckwith investigated, she found that all of the mischief was performed by an account that belonged to “Greg from Auditing.” There was just one problem. Greg hadn’t worked for the city for many years.
Unfortunately, even though Greg was no longer around, his account was, and it retained extensive privileges, including domain admin rights, SCADA (Supervisory Control and Data Acquisition) operator access, and even the ability to perform help desk functions. It’s unclear if someone from auditing ever needed this level of access, but a former employee definitely did not.

From: Zombie user account let hackers control the city’s water.

xxx

xxx

Millions of UK consumers are turning to social media influencers for financial guidance without checking their credentials, potentially putting their credit health at risk, according to new researchi commissioned by TransUnion.

The survey found that 14% of consumers, around 7.7 million peopleii, have taken financial advice from a social media personality or online influencer with a quarter (25%) of these consumers, approximately 1.9 million peopleiii, admitting they did not check whether the influencer had any formal financial qualifications or credentials before acting on the advice.

Among Gen Z consumers (aged 18-24), the use of financial influences rises sharply to 29% – roughly 1.4 million young peopleiv with almost a third (32%) of 18-24 year olds admitting they did not check the influencers qualifications before acting on the advice.

While some younger consumers reported benefits, the findings underline clear risks. Among 18-24 year olds who followed influencer advice, 39% said they gained useful financial knowledge and 31% said it helped them choose a good credit or financial product. However, 15% said following financial influencer advice negatively affected their credit score, led to financial losses or resulted in them being scammed.

From: Almost Two Million UK Consumers Take Financial Advice from Influencers Without Checking Their Credentials.

xxx

Here is an example: an impostor called Alight’s Benefits Information Center. She gave the mark’s name, the last four digits of her Social Security Number, her date of birth and a mailing address that matched what they had on file. That was enough to clear the security check and within a few weeks a check (yes, this was in America) for the full $750k from the account had been sent to an address in Las Vegas.

How can presenting publicly available information be considered adequate to pass a security check for a retirement savings account?

xxx

The article continues by noting that banks do not seem to be making as much of this interesting new technology as they might and that “what may prove to be more serious is the determination to cling to time-honoured procedures”. Well, yes indeed.

From: Editing “Ledgers and innovation in banking” – Substack.

xxx

xxx

Today at Google I/O 2026, we shared more about intelligent eyewear: glasses that deliver help in the moment without taking you out of it. There will be two types of intelligent eyewear: audio glasses that offer spoken help in your ear, and display glasses that show you the information you need, right when you need it. Both let you stay hands-free and heads up, and get you help from Gemini just by asking.

From: Intelligent eyewear with Gemini is coming this fall.

xxx