Skyfire was co-founded by two former Ripple executives @AmirSarhangi and DeWitt, who were responsible for building cross-border payment networks during their time at Ripple and participated in processing over $50 billion in transaction volume.

Funding Status

  • In 2024, Skyfire completed approximately $8.5 million in seed round funding, with investors including Circle, Ripple, Gemini, Tim Draper-related funds, and other crypto and financial institutions.

  • Subsequently received additional investment from Coinbase Ventures and a16z (Andreessen Horowitz) Crypto Startup Accelerator (CSX), totaling $9.5 million.

Background

As artificial intelligence shifts from content generation to autonomous agents, existing financial and identity infrastructures begin to struggle.

  • Authentication: Current authentication relies on human characteristics (phone numbers, biometrics, CAPTCHA). AI agents have no legal personality and cannot pass these verifications, even being considered "malicious bots" and intercepted.

Service providers are also quite frustrated, unable to distinguish whether this is a legitimate AI agent or a malicious crawler or even a DDoS attack.

Gemini (Sorry, I can't access the xxx webpage)

  • Payment: Existing payment tools (credit cards) are not suitable for machine use.

Easily triggers risk control and cannot support typical high-frequency micropayments (like a $0.01 API call). Moreover, directly authorizing a credit card to AI is not reassuring enough.

So the core here is to enable machines to distinguish between three roles: human / AI Agent / malicious attack bots (scripts, etc.)

Identity authentication KYAPay / differentiate KYC

KYAPay is an open standard jointly promoted by Skyfire and its partners (such as Visa, Coinbase), aimed at defining how AI agents transmit identity and payment intentions through the standard JWT (JSON Web Token) format.

"Identity is payment" (Identity-linked Payment).

In traditional e-commerce, logging in (authentication) and checking out (payment) are two steps.

In KYAPay, these two are compressed into the same data packet, completing both "Who am I" and "I want to pay" in a single HTTP request

KYA is divided into three different permissions to accommodate different scenarios.

A standard JWT field:

Issuer, Skyfire platform
Buyer ID
Receiver ID
Expiration time
Unique number to prevent replay attacks
------ (the following are dedicated fields) ------
Buyer authentication information
Payment amount
Currency unit
Unit price of the service
Project ID of the service

General process: decentralized verification mechanism (JWKS)

Skyfire employs a public key verification mechanism similar to OAuth:

  1. Signature: The buyer agent uses the private key distributed by Skyfire (or requests a signature from Skyfire via API) to generate the JWT.

  2. Verification: The seller service retrieves the public key from the standard JSON Web Key Set (JWKS) endpoint provided by Skyfire.

  3. Local verification: The seller verifies the legality of the JWT signature, whether it has expired, and if the receiver matches on the local server.

Fund settlement / identity authentication

Stablecoin: consistently using USDC (USD Coin) as the settlement currency

Skyfire is primarily deployed on Polygon and Base (Coinbase's L2 network), mainly because of the lower costs and account abstraction, and Coinbase is also an investor.

Agent's identity authentication: KYA (Know Your Agent)

  • Each AI agent's digital identity is cryptographically bound to its owner's (Controller's) legal identity.

  • Identity tokens issued by Skyfire, similar to a "digital passport", containing:

  • Verification status:Whether the agent has been verified by Skyfire or a third party (like Trulioo)
    Code fingerprint:The software version hash of the agent, ensuring that the interacting program is unmodified
    Credit score:Credit score based on on-chain historical transaction data
    Blue label certification:Similar to social media authentication (Binance OTC Shield merchants)

Roles of participants in the entire process (Participants & Roles)

User/Agent controller: AI developers, enterprises, or individuals deploying agents.

  • Need to complete KYC/KYB and bear legal responsibilities

  • Providing fiat currency and deposit channels for the Agent

  • Setting permissions, such as budgets and whitelisted merchants

Buyer agent: the AI entity executing specific procurement tasks

  • Can be autonomous programs running in the cloud, local CLI tools (like OpenCode), or browser plugins.

  • Having a unique Agent ID and API Key assigned by Skyfire (or MPC wallet shards).

  • Mainly based on the assigned tasks, autonomously deciding the required services and initiating payments

  • Buyer agent, core is 【fund usage rights】

Seller agent / service provider: provides resources, which can be API providers or another agent

  • Setting service prices

  • Deploying Skyfire's verification middleware in front of its API gateway to intercept and validate incoming JWTs

  • After verification, provide data or execute tasks for the buyer agent

  • Receiving payments, converting the buyer's commitment into USDC in the wallet

Skyfire: the trust hub and infrastructure provider connecting the aforementioned three parties.

  • Issuing KYA certificates

  • Coordinating off-chain ledger records with on-chain fund settlement

  • Monitoring network transactions, identifying abnormal patterns (such as money laundering, DDoS attacks), and implementing circuit breakers

  • Maintaining the platform, helping buyers and sellers establish connections.

For example

An AI agent named "Analyst-Bot" needs to purchase a real-time financial data report priced at 0.5 USDC.

  1. Account creation: The controller (a financial company) registers on Skyfire and completes enterprise certification (KYB).

  2. Creating an agent: Create an "Analyst-Bot" instance in the dashboard. The system generates a unique Agent_ID: uuid-1234 and API Key for it.

  3. Funds and strategy: The company deposits 1000 USDC into Skyfire and sets a strategy for "Analyst-Bot": "daily budget limit $50, single transaction limit $2".

  4. Environment integration: Developers configure Skyfire's MCP Server into the running environment of "Analyst-Bot" (like Composio or LangChain), enabling it to call payment tools.

  5. Task trigger: "Analyst-Bot" receives user instructions: "Analyze the latest Apple stock trends."

  6. Service discovery: The agent queries the Skyfire directory, discovers that the service provided by "MarketData-Provider" meets the requirements and accepts Skyfire payment.

  7. Getting quotes: The agent calls the seller's metadata endpoint, confirming price: 0.50, currency: USD.

  8. Autonomous decision-making: The agent's internal logic determines that 0.50 USDC is within budget, deciding to initiate a purchase.

  9. Request token: "Analyst-Bot" sends a request to Skyfire API: "I want to pay Seller_ID: 5678 0.50 USDC."

  10. Platform risk control (key step): Skyfire's core engine receives the request and performs the following checks: Is the agent frozen? (No) ◦ Is the master account balance sufficient? (Yes) ◦ Has the daily usage + 0.50 exceeded $50? (No) ◦ Is the transaction party on the blacklist? (No)

  11. Issuing JWT: After passing the checks, Skyfire generates an encrypted signed kya+pay JWT and reserves (locks) 0.50 USDC in the master account to prevent double spending. This JWT is returned to "Analyst-Bot."

  12. Sending request: "Analyst-Bot" sends an HTTP GET request to "MarketData-Provider"'s API, placing the obtained JWT in the Header: Authorization: Bearer <sk_token_...> Skyfire-Payment: <jwt_payload>

  13. Local verification: The server of "MarketData-Provider" receives the request. The JWT signature is verified using Skyfire's public key (JWKS). Successful verification means: ◦ The request indeed comes from a legitimate Skyfire agent. ◦ Skyfire promises to pay 0.50 USDC. ◦ The token has not expired.

  14. Service delivery: The seller's server processes the request and returns the latest financial data JSON to "Analyst-Bot."

  15. Capture: After service delivery, the seller calls Skyfire's charge API and submits the JWT.

  16. Fund transfer:Skyfire confirms that the JWT is valid and has not been settled, then executes the transfer operation.
    Off-chain accounting:In most cases, Skyfire first updates the balance in the internal database (buyer -0.50, seller +0.50), achieving instant settlement.
    On-chain settlement: Regularly or based on thresholds, Skyfire will batch execute USDC transfers on Polygon/Base to ensure the final ownership of funds is transferred.

  17. Audit log: Transaction details are written into an immutable log

The process breakdown is quite complex, but the actual completion is very quick.

Profit

Transaction commission

Each time the AI agent pays a fee through the Skyfire protocol (such as purchasing computing power, data, or subscribing to API services), the platform takes a certain percentage as a service fee.

  • Tiered pricing:
    Small transactions (under $250): 2.5%
    Large transactions: 1%

KYA (authentication) service fee

  • Developers or companies need to apply for verified digital identities for their AI agents to pass the anti-bot checks of major platforms. Skyfire charges fees for these identity authentication and maintenance services.

  • Similar to SSL certificates or enterprise certifications