Visa Trusted Agent Protocol (TAP) for AI Identity Verification
The Visa Trusted Agent Protocol (TAP) is an open specification that provides verifiable identities for AI agents acting on the web. It enables agents to prove legitimacy to merchants and firewalls using cryptographic credentials, allowing them to bypass CAPTCHAs and restrictive rate limits. Backed by Visa and currently in developer preview, TAP allows verifiers to confirm agent operators and audit status. It functions as a foundational trust layer for agentic commerce, similar to the role of EMVCo standards in card payments.
What is the Visa Trusted Agent Protocol (TAP)?
The Visa Trusted Agent Protocol (TAP) is a technical framework used to verify the identity and legitimacy of AI agents as they interact with web services. It establishes a standard trust signal that integrates with Content Delivery Networks (CDNs), Web Application Firewalls (WAFs), and payment processors.
According to the Visa TAP Specification, a TAP-aware verifier can confirm three specific data points:
* Identity of the agent: Includes the product name, operator, and the specific end-user.
* Audit compliance: Confirms the agent has passed security and behavior reviews.
* Request integrity: Ensures the request is fresh and signed with uncompromised keys.
The full technical specification is available at developer.visa.com and reference implementations are hosted on GitHub.
How does the TAP verification flow work?
TAP verification follows a five-step process to ensure that only audited and authenticated AI agents receive preferential network treatment.
1. Application: An agent operator applies for a TAP credential for their specific AI product.
2. Audit: An accredited issuer conducts a security and behavior review of the agent.
3. Issuance: If the agent passes the audit, the issuer provides signing keys and a verifiable credential.
4. Signing: The agent signs each web request with its keys and attaches its credential.
5. Verification: The receiving server or CDN verifies the signature and credential status in real-time.
As of 2024, verified agents using this flow can pass through security perimeters without encountering bot challenges, while unverified traffic remains subject to standard WAF rules.
Why is TAP necessary for AI agents?
TAP provides a legitimate, network-recognized identity for agents, replacing fragile workarounds like browser spoofing or identifying as a generic crawler.
* Eliminates friction: Verified agents avoid CAPTCHAs that typically break automated AI workflows.
* Reduces fraud risk: Merchants can whitelist known quantities rather than blocking all bot traffic.
* Enables interactive actions: Unlike standard crawlers, TAP-verified agents can safely perform checkouts and API calls.
* Ensures accountability: Credentials are bound to signing keys to prevent request tampering.
How does TAP compare to other industry standards?
TAP fits into a broader ecosystem of agent verification and payment protocols, often working alongside IP-based or payment-specific standards.
| Standard | Primary Focus | Verification Method |
|---|---|---|
| Visa TAP | Interactive AI Agents | Verifiable credentials and RFC 9421 signatures |
| Cloudflare Verified Bots | Search Engine Crawlers | IP-based reputation and known bot lists |
| Mastercard Agent Pay | Financial Transactions | Tokenized virtual cards and scoped mandates |
| AP2 | Payment Authorization | Identity-based purchase verification |
What is the current status of the protocol?
As of 2024, TAP is in developer preview. While the specification and reference implementations are public, the ecosystem is still expanding as major CDNs and WAF providers signal support. AgentFi currently follows the protocol and integrates TAP into its Know Your Agent (KYA) program. Agents that complete an AgentFi audit are issued credentials that are compatible with any TAP-aware verifier.
Related Resources
* Know Your Agent (KYA) Overview