Most of the conversation about agentic commerce is still arguing about the agent tech. Which model? Which framework? Which headless browser? I haven’t found those to be the critical factors in an agent’s success..
Today he hard part isn’t the agent. The hard part is the wall the agent hits the moment it tries to access a website. Can the merchant’s edge trust that this is a legitimate agent at all, or is it just one more scalper bot? And once the agent is through, can it actually drive a checkout flow to completion against an arbitrary store on the open web? Solve one without the other, and the transaction dies in the gap.
This is why we’re excited about Rye.
What each of us has been running in production
Skyfire built Know Your Agent, the identity layer that lets a merchant distinguish a verified agent from anonymous automation. KYA tokens are recognized today at the merchant edge by the bot-defense stacks that matter: F5, Akamai, Datadome, Human, Imperva, Sequentum, Fastly, and a growing list. That footprint is live traffic, today, at scale.
Rye built Universal Checkout, the execution layer that turns a product URL into a confirmed order against any store on the open web. Their API is completing real agent-driven transactions across thousands of merchants right now, with 90%+ order reliability on browser-automated flows and sub-10-second checkout latency on arbitrary sites.
KYA is being folded into Rye’s Universal Checkout as the identity layer attached to agent traffic at the merchant edge. Developers integrate Rye. They get verifiable agent identity as a native capability of the platform, with no second SDK, no keys to manage. The credential rides along with the checkout request, gets verified at the edge, and the session makes it to the cart page instead of getting killed three hops upstream.
Why the wall exists
Merchant bot-defense infrastructure was built, deliberately and at great cost, to block exactly the traffic pattern an AI agent generates. CAPTCHAs. Device fingerprinting. Velocity checks. TLS fingerprinting. Behavioral analysis. These systems work because they treat non-human traffic as guilty until proven otherwise.
They work for good reason. F5 Labs’ 2025 Advanced Persistent Bots Report found that more than one in five add-to-cart transactions on retail sites are automated by reseller bots, drawn from over 200 billion transactions observed across F5 Bot Defense customers. Merchants aren’t being paranoid. They’re correctly calibrated to the threat environment they actually live in.
The problem is that the threat environment and the agentic commerce environment generate nearly identical signals at the HTTP layer. Speed of navigation. Absence of humanlike mouse movement. Headless browser signatures. Non-human session timing. A scalper running a sneaker drop and a legitimate agent buying groceries on behalf of a verified user look, to the WAF, like the same thing.
You do not solve that problem by getting better at impersonating a human. You solve it by giving the agent a signed, accountable identity that the edge can verify.
What identity actually has to do
“This is an AI agent” is not enough. No serious merchant is going to relax a fraud stack based on a self-declaration in a user-agent string. I wouldn’t.
What a merchant can act on is a claim that looks like this: this is agent instance X, acting on behalf of verified principal Y, presenting a cryptographically signed credential mandate to complete a purchase. That claim is verifiable and accountable — if the agent’s actions are questioned, there’s a principal on the hook. Built on standard web identity primitives (JWTs, OAuth2, JWKS), so the edge validates it without a round-trip back to us.
When F5 integrated KYA into Distributed Cloud Bot Defense, the unlock wasn’t that F5 learned to recognize AI agents. It was that agent allow-listing stopped being a per-merchant engineering project and became a policy decision inside infrastructure merchants already run. F5 sits in front of more than 80% of the Fortune Global 500. You don’t have to convince everyone of those merchants to adopt a new protocol — you convince the infrastructure they already trust.
What identity doesn’t do
Identity gets the agent past the door. It does not place the order.
This is where many agentic commerce conversations quietly skip a step. Every merchant’s checkout is different. Different field names. Different form structures. Different shipping validators. Different tax logic. Different 3DS prompts. Different inventory holds. Different coupon interactions. Different address normalizers. Different regional SKU swaps. The surface area is enormous, and it is fractal: every merchant you integrate reveals three more edge cases you hadn’t seen.
An agent with perfect credentials and a funded wallet still cannot reliably convert a product URL into a confirmed order without an execution layer between it and the checkout.
That’s what Rye does. Product URL in, confirmed order out. Offer resolution in real time, tokenized payments so no raw card data touches the agent, merchant-of-record preserved so the store keeps the customer relationship. And a fraud-mitigation proxy layer that is the natural counterpart to what KYA does on the identity side.
The first time Rye transacts against a given merchant flow, it’s navigating. Successful flows get captured and converted into deterministic, reproducible workflows. Over time, the open web starts to behave more like an API. Boring infrastructure work that doesn’t get written about and is completely decisive at production scale.
The stack, stated plainly
Agentic commerce is three infrastructure problems, not one. Identity. Payments. Checkout execution. Pull any one out and the loop breaks. An agent with a verified identity and no execution layer is a trusted visitor who gets stuck on page two of checkout. An execution layer without identity is a capability without trust: the session dies at the WAF before the agent ever sees the cart. Payments without either is a funded wallet with nowhere to spend.
What the Skyfire + Rye integration delivers is a closed-loop, end-to-end process. Rye attaches a KYA credential to the agent’s outbound request. The merchant’s edge verifies it and lets the session through. Universal Checkout executes the purchase with tokenized payment and per-agent spend controls. The merchant receives a verified, accountable, fully completed order from an automated buyer it can actually charge.
One integration point for the developer. Thousands of stores in scope. No raw cards. No anonymous automation. Both layers are running in production at scale, today. The partnership is the work of wiring them together natively.
For builders
Give your agents a verifiable identity at the merchant edge. You can build and operate an identity layer yourself, or use a checkout platform that handles it. Agents you ship through Rye’s Universal Checkout will carry KYA credentials natively.
Fund agents responsibly. Tokenized payment methods, explicit per-agent spending controls, and clear mandate scoping. Handing an LLM a raw credit card and hoping is not a strategy.
Solve checkout universally, not per-merchant. Integrate Rye. KYA lives underneath Universal Checkout as the identity layer attached to agent traffic at the merchant edge. Agents routed through Rye arrive at merchants carrying verifiable KYA credentials, with no separate provisioning, no keys to manage, no second SDK.
If you’re building in agentic commerce and want to talk about how the identity and checkout layers fit together for what you’re shipping, reach out. Learn more at the Skyfire product page, or start building with Rye’s Universal Checkout docs.
