Banks and software vendors have spent decades perfecting Know Your Customer (KYC) protocols to verify human identities. Now, with AI agents acting autonomously on behalf of people, the same level of scrutiny is shifting upstream — to the agents themselves. By 2026, financial institutions and identity providers are racing to implement Know Your Agent (KYA) frameworks, a suite of controls that authenticate, authorize, and audit software entities just as rigorously as their human counterparts. The catalyst? Windows Copilot’s deep delegation capabilities and the growing ubiquity of AI assistants that can move money, sign contracts, and access sensitive corporate data without a human in the loop.

The year 2026 marks a tipping point. AI agents have moved from simple chatbots to fully delegated surrogates. A Windows Copilot agent can already schedule meetings, draft emails, and adjust system settings based on a user’s historical behavior — but soon it will be able to approve expense reports, initiate wire transfers, or negotiate service agreements, all under the user’s identity. For banks and regulators, that prospect demands a new layer of defense. If a customer says “my AI didn’t authorize that transfer,” the bank must be able to prove otherwise, and the agent must have a verifiable digital identity that links back to the human principal.

From KYC to KYA: The Identity Paradigm Pivot

Traditional KYC relies on government-issued IDs, biometrics, and background checks to ensure that a customer is who they claim to be. KYA extends this logic to non-human actors. An AI agent, whether it’s a Windows Copilot skill, a banking trojan legitimately installed by the user, or a third-party merchant bot, must undergo identity proofing, credential issuance, and continuous authorization. This isn’t just about a single API key. It means the agent carries a verifiable certificate, operates within scoped permissions, and leaves an immutable audit trail.

“Machines can now act for people and on their behalf at scale,” explains a senior architect at a global identity provider, echoing the excerpt from a recent industry forum. “The same way we know a customer via passport checks, we now need to know the agent: who built it, what is it allowed to do, who is responsible for its actions.” For banks, this translates into a requirement to authenticate not just the human account holder but also the software delegate — particularly when high-risk transactions originate from an AI-initiated session.

Microsoft’s own security ecosystem is already laying the groundwork. Windows Hello for Business provides biometric-backed, passwordless authentication for humans. For agents, Microsoft’s Entra ID (formerly Azure AD) can issue workload identities — digital credentials assigned to applications rather than people. In a KYA future, every Windows Copilot delegate might need its own workload identity, complete with Conditional Access policies that limit what it can do based on device health, geolocation, or the sensitivity of the data it touches.

Windows Copilot Delegation: The Front Line of Agent Governance

Windows Copilot in 2026 is not merely a chat sidebar. It integrates deeply with the operating system and Microsoft 365 graph, acting as a coordinator for a fleet of specialized sub-agents. A finance agent knows the user’s typical quarterly budgeting patterns and can request approval for purchases under a certain threshold. A scheduling agent negotiates meeting times across organizational boundaries. Each of these mini-agents must be separately identifiable and auditable under KYA rules.

Consider a scenario: A CFO uses Windows Copilot to delegate quarterly invoice approvals to an AI agent trained on the company’s payment history. The agent logs in via the CFO’s account but operates with delegated permissions. Under KYA, the bank receiving those payment instructions would first verify that the authorization token came from a whitelisted agent, check the CFO’s delegation registry (perhaps stored on a blockchain-based identity ledger), and confirm that the agent’s behavior matches its expected risk profile. Only then would the payment proceed.

This requires a shift in Windows admin governance. IT administrators, who today manage user permissions through Active Directory or Intune, will need to onboard and life-cycle agents. They’ll define policies like: “Agent X can transfer up to $5,000 from account Y only during business hours when the CFO’s work PC is unlocked via Windows Hello.” Microsoft’s Privileged Identity Management (PIM) and Just-In-Time (JIT) access can be extended to cover agent roles, ensuring that even a delegated AI can’t go rogue without multiple controls tripping.

Banking Compliance: The Clock Is Ticking

Regulators are already watching. The European Union’s Digital Operational Resilience Act (DORA) and the updated Payment Services Directive (PSD3) both emphasize third-party risk management and strong customer authentication — concepts that naturally encompass AI agents. In the U.S., the Office of the Comptroller of the Currency (OCC) and FINRA have begun issuing guidance that blurs the line between human and machine accountability. By 2026, expect formal KYA mandates that require banks to:

  • Maintain a register of authorized AI delegates for each customer account.
  • Verify the provenance and integrity of each agent via cryptographic attestation.
  • Implement real-time transaction monitoring that looks for anomalies specific to agent behavior (e.g., a sudden change in the size or frequency of agent-initiated payments).
  • Ensure that the agent’s identity can be traced back to a legally recognized entity — either the human user or the corporate developer that assumes liability.

For merchants and software vendors, KYA introduces a new compliance cost. A fintech startup that builds a shopping bot for Windows Copilot must submit to a thorough security assessment before its agent can interact with bank APIs. This may involve Standardized Agent Identity Tokens (SAITs), a concept being explored by banking consortia. Similar to PSD2’s eIDAS certificates, SAITs would allow a bank to instantly trust an agent’s claims without requiring a direct integration with every software house.

Technology Building Blocks: How KYA Works in Practice

Implementing KYA requires a convergence of several technologies already in use, but repurposed for machine identity:

  • Verifiable Credentials: Decentralized identifiers (DIDs) and verifiable credentials, already backed by Microsoft’s Entra Verified ID platform, can be issued to AI agents. An agent would present a credential attesting that it was built by an audited developer, has passed a security review, and is bound to a specific user’s delegation policy.
  • Behavioral Biometrics for Agents: Just as banks analyze keystroke dynamics to detect human impostors, KYA systems will profile how an agent interacts with APIs. Deviations from a typical interaction graph — say, an agent suddenly accessing a never-before-touched endpoint — trigger step-up authentication or a kill switch.
  • Continuous Authentication Protocols: With Continuous Access Evaluation (CAE), already part of Entra ID, a session token can be revoked in real time if risk conditions change. For agents, a CAE event might fire if the agent’s OS environment becomes non-compliant (e.g., the Windows machine lacks the latest security patch), immediately blocking further delegated actions.
  • Policy as Code: Windows administrators can use PowerShell or Microsoft Graph to define agent policies programmatically. “Only allow the Copilot delegated agent from my accounting software to read invoices and create payments, but never modify vendor details,” becomes a portable policy enforced at both the endpoint and the cloud directory.

The Role of Windows Hello and the Trusted Platform Module

Windows Hello for Business and the Trusted Platform Module (TPM) become foundational to KYA. A user’s biometric unlock can serve as the root of trust for delegation. When a user logs in with face or fingerprint, the Windows device generates a device-bound token that the Copilot runtime can then extend to its agents. This ensures that any delegated action is cryptographically tied to a specific human on a specific trusted device. If an attacker compromises the agent but cannot unlock the device with a biometric, the agent’s token is useless.

Microsoft has also introduced “companion device” scenarios where a Windows PC can serve as a dynamic security key for agent operations. In the near future, a Copilot agent may request user confirmation for sensitive actions via a push notification to the user’s mobile PC, leverage Windows Hello on that secondary device, and then present the combined trust evidence to the bank.

Real-World Hurdles and User Experience Frictions

Despite the promise, KYA faces significant adoption barriers. The biggest is user experience. The whole point of a delegated AI is to reduce manual friction. If every high-value task requires additional human approval, the efficiency gain evaporates. Striking the right balance between safety and seamlessness will demand adaptive risk engines that learn the user’s tolerance. A $50 coffee reimbursement might be auto-approved, but a $50,000 vendor payment might always require a biometric confirmation — at least until the user explicitly raises the agent’s trust level.

Another challenge is liability. If a bank honors a payment initiated by an agent that turned out to be compromised due to a zero-day in the OS, who bears the loss? Regulators will need to refine consumer protection laws to account for agent-mediated transactions. The Electronic Fund Transfer Act’s Regulation E in the U.S., for instance, might need an addendum clarifying the user’s liability when they’ve voluntarily delegated authority to a software entity.

For Windows administrators, the operational overhead of managing agent identities resembles that of user identities, but with faster lifecycle turnover. Agents can be spun up and torn down in minutes; their credentials must be rotated frequently. Automation via Microsoft Graph and PowerShell will be essential, but so will clear auditing dashboards that show exactly which agent did what across the entire fleet.

Beyond Banking: KYA Across the Digital Ecosystem

The concept of KYA is not limited to finance. In healthcare, an AI agent scheduling appointments and accessing medical records must prove it operates on behalf of a licensed physician. In e-commerce, a purchasing bot acting for a buyer needs to demonstrate it has the authority to commit the buyer’s payment method. Even in everyday Windows use, a third-party skilling agent that can read your Outlook inbox and order groceries must be identity-checked to prevent data leaks.

Expect platforms like the Microsoft Store and the Copilot plugin marketplace to introduce agent vetting programs similar to Apple’s App Store review. Developers will submit their agents for security analysis, and upon approval, the agents will be granted a store-signed identity certificate. Windows will then only allow certified agents to use high-privilege APIs, enforcing a walled-garden approach that many enterprise customers will welcome.

What Windows Admins Should Do Now

For IT professionals running Windows environments, the transition to KYA is not a distant prospect. They can start preparing by:

  1. Auditing existing automation: Inventory all scripts, bots, and RPA processes that act on behalf of users. Treat each as an agent-in-waiting.
  2. Piloting workload identities: Use Entra ID workload identities for service accounts and automation tools to get familiar with the lifecycle and policy management.
  3. Experimenting with Conditional Access for applications: Extend Conditional Access policies to cover non-human principals, even if only in a test tenant at first.
  4. Educating stakeholders: Brief compliance and risk teams on the coming KYA wave. Prepare them for the inevitable policy audits around AI delegation.
  5. Watching Microsoft’s roadmap: Features like “Intelligent Policy for Copilot Agents” are rumored for Intune, which would allow granular control over agent behavior based on risk signals.

Conclusion: A Safer, Smarter Delegation Era

The shift from KYC to KYA represents the natural evolution of digital identity in an AI-first world. While it adds complexity, it also unlocks tremendous productivity gains once users trust that their agents are properly governed. Windows, as the most widely used desktop platform, sits at the heart of this transformation, and Microsoft’s deep investments in identity and security position it to lead the charge. By 2026, whether a transaction is initiated by a person at a keyboard or an agent in the cloud, the question will be the same: “Do I know you?” And for both, the answer must be yes.