AI agents already account for a growing share of global web traffic. Fastly’s own threat research found that bots accounted for 29% of all requests across its network in late 2025, with AI crawlers and fetchers responsible for an increasing share of that volume. HUMAN Security’s State of AI Traffic report, released in March 2026, went further: automated traffic grew nearly eight times faster than human activity last year, and agentic traffic surged almost 8,000% over the prior year.
The trajectory is clear. The question is what happens when those agents try to do something useful.
Today, most websites treat every non-human visitor the same way: as a threat. Bot management systems are designed to detect and block automated traffic because, until recently, web automation was almost always adversarial. Scraping. Credential stuffing. Inventory hoarding. The security industry built its playbook around a binary: human traffic is good, bot traffic is bad.
That binary is breaking down. An AI agent dispatched by a real person to compare hotel prices, restock office supplies, or negotiate a SaaS renewal is not a scraper. It has a human or a business it represents. It may carry a budget. It expects to pay. But when it arrives at a merchant’s front door, it looks identical to the malicious bots that same merchant spent years learning to block.
This is the identity gap that Skyfire was built to close.
What Skyfire does
Skyfire is agentic commerce infrastructure. The platform gives AI agents and the platforms that host them two things they currently lack: verified identity and the ability to pay.
On the identity side, Skyfire issues Know Your Agent (KYA) credentials (tokenized identity that travels with the agent as a standard JSON Web Token). A KYA token tells a merchant or service provider who the agent is, which human or enterprise it represents, and whether it has been verified through Skyfire’s registration process. The design borrows from established compliance frameworks like Know Your Customer (KYC) and Know Your Business (KYB), adapted for a class of actors that don’t have driver’s licenses or incorporation documents.
On the payment side, Skyfire provides wallets that support both stablecoins and tokenized credit cards, allowing agents to complete transactions in real time. An agent carrying Skyfire credentials can check out through a standard e-commerce flow, pay for API access on a per-call basis, or settle a micropayment without requiring a human to pull out a credit card at the moment of purchase.
For businesses on the receiving end, Skyfire provides the verification layer that lets them distinguish a funded, accountable agent from anonymous automation. Publishers, merchants, and data providers can accept agent traffic through their existing web infrastructure, security controls, and authentication layers—no re-platforming required.
Where Fastly fits in
The problem with running identity checks and payment validation against every incoming request is speed. Agents operate in tight execution windows. A round-trip verification to a centralized server introduces latency that can break a transaction or degrade the downstream experience. For high-concurrency environments such as a flash sale, a travel-booking surge, or a real-time bidding market, that latency is a dealbreaker.
Fastly solves this by moving the decision to the edge.
Fastly operates a programmable edge cloud that processes over 6.5 trillion requests per month across more than 130,000 applications and APIs. Skyfire integrated their identity and payment-backed credentials into Fastly’s programmable edge cloud platform, enabling Through its integration with Skyfire, agent identity verification and payment validation to occur at Fastly’s globally distributed points of presence in milliseconds, before a request ever reaches the origin infrastructure.
Here is what that looks like in practice. An AI agent arrives at a merchant’s website carrying a Skyfire KYA token. Fastly’s edge inspects the token, verifies the agent’s identity and payment credentials, and makes an enforcement decision all within the request lifecycle. Verified agents proceed to the origin. Unverified traffic gets handled according to the merchant’s policies. The merchant’s backend never needs to evaluate whether the requester is legitimate because that determination has already been made upstream.
This matters because Fastly’s customers are already managing a surge in AI-driven traffic. On the Q4 2025 earnings call, CEO Kip Compton described agentic AI as a structural tailwind for Fastly’s business. He noted that enterprise conversations had shifted from blocking agent traffic to figuring out how to optimize for it. Skyfire provides the mechanism for that optimization: a way to separate the agents worth doing business with from the ones that should be stopped at the gate.
How the integration works
Skyfire’s KYA protocol is built on standard web infrastructure such as JWTs, OAuth2, and JWKS, which means it fits natively into the HTTP request lifecycle that Fastly’s platform already manages: no proprietary SDKs, no middleware layer, no separate API gateway.
For businesses already using Fastly Bot Management and Protection, enabling Skyfire-verified agent traffic is a configuration change rather than an engineering project. Fastly’s programmable edge allows identity and payment logic to be introduced directly into the request path without modifying backend systems. Teams can extend existing APIs and services to support agent interactions, then tune policies dynamically based on agent identity, intent, and transaction history.
The integration supports several enforcement models. A merchant might allow verified agents to access product catalogs and complete purchases while rate-limiting unverified agent traffic. A publisher might grant full content access to agents with valid payment credentials while redirecting uncredentialed agents to a paywall. A data provider might apply tiered pricing based on the volume and frequency of agent requests, with enforcement handled automatically at the edge.
In each case, the business retains full control over its policies. Skyfire provides the identity and payment signals. Fastly provides the enforcement environment. The business decides what to do with both.
What this enables
The combination of Skyfire and Fastly creates a practical path for enterprises to participate in what is becoming an agent-driven economy without waiting for the entire internet to adopt new standards, and without exposing themselves to the fraud and abuse risks that come with accepting unverified automated traffic.
For merchants and ecommerce platforms, it means AI agents can browse catalogs, compare prices, and complete purchases through existing checkout flows. Every transaction traces back to a verified, funded account.
For publishers and content providers, it means agent traffic becomes a revenue channel rather than a cost center. Agents that pay for access can be granted it. Agents that don’t can be redirected or blocked, all enforced at the edge before a single origin resource is consumed.
For API providers and SaaS platforms, this means agents can authenticate, subscribe, and transact programmatically, opening a new customer-acquisition channel that operates at machine speed.
And for the security teams managing all of this traffic, it means identity becomes the primary control surface. Instead of applying blunt rules based on user-agent strings or request frequency, teams can enforce policy based on who is acting, what authority they carry, and whether they can pay for what they’re requesting.
Getting started
Fastly customers can enable Skyfire-verified agent traffic through Fastly Bot Management and Protection. Configuration takes minutes, not sprints. Developers and merchants interested in integrating the Skyfire KYAPay protocol directly can learn more at [skyfire.xyz](https://skyfire.xyz).
