Verified AI agents are becoming a consumer trust requirement

At a glance

What this is: The survey shows AI agent adoption is rising faster than consumer understanding, and that identity verification, human approval, and accountability are now central to trust.

Why it matters: IAM teams must treat AI agents as governed actors in consumer journeys, because the same identity and approval gaps that create fraud risk for users will surface as control failures across NHI and autonomous programmes.

By the numbers:

• 74% of Hong Kong consumers agree that verifying AI agents would boost confidence by confirming the agent’s identity, permissions, and actions.
• 44% of consumers have experienced at least one negative outcome linked to AI agent use, ranging from unintended actions to account compromise.
• 77% of consumers across Greater China say they would feel more secure if human approval were required before AI agents proceed.

👉 Read Sumsub's survey on verified AI agents and consumer trust

Context

AI agent governance is the control problem that appears when software can act for a person, not just assist them. In consumer apps, that means the agent may compare options, initiate actions, and sometimes complete purchases or payments, which pushes identity decisions beyond ordinary authentication and into delegated authority.

The primary gap is not model capability alone, but the lack of clear boundaries on what an agent may do, who is accountable when it acts, and how a platform proves the agent is authorised. That matters for consumer IAM, for NHI oversight, and for the growing number of programmes that will eventually need to govern agentic behaviour alongside human and machine identities.

For teams building AI governance models, the useful reference point is the OWASP Agentic AI Top 10, which frames identity, tool use, and control boundaries as security problems rather than product features.

Key questions

Q: What breaks when consumer AI agents can act without human approval?

A: The main failure is delegated authority without a reliable review boundary. When an agent can complete purchases, move data, or trigger account actions without explicit approval, the organisation loses a clear point to stop misuse, correct errors, or prove consent. That creates fraud, privacy, and accountability risk in the same session.

Q: Why do AI agents create trust problems for consumer IAM programmes?

A: They blur the line between assistance and execution. A human may intend to get recommendations, but the platform may allow the agent to act, which makes authorisation harder to define and audit. IAM programmes then need to govern consent, scope, and traceability instead of only authentication and login assurance.

Q: How do organisations know if AI agent verification is actually working?

A: They should be able to show that each agent action is tied to a verified principal, a scoped permission set, and a complete audit trail. If the platform cannot answer who authorised the action, what was allowed, and what was executed, verification is not operationally meaningful.

Q: Who is accountable when an AI agent causes a harmful consumer transaction?

A: Accountability usually spans the platform, the provider of the agent, and the user, but the programme must still assign a primary control owner. Without that, blame becomes fragmented and incident response slows down. Governance should make approval, disclosure, and logging responsibilities explicit before the agent is enabled.

Technical breakdown

Delegated action changes the identity model

A consumer AI agent is not just another automated workflow. Once it can act on behalf of a user, the system needs to distinguish between the human principal, the platform operator, and the agent’s delegated permissions. That is where identity governance gets harder, because the question is no longer only whether the user authenticated, but whether the agent’s action set, scope, and timing are still within the trust boundary that the platform intended. In practice, this creates a hybrid identity problem spanning human consent and non-human execution.

Practical implication: Practitioners need policy controls that define what delegated actions an agent may take, not just how the user signs in.

Verification is an authorisation problem, not just a fraud control

The survey’s trust signal is really about proving who or what the agent is, what permissions it carries, and whether its actions are traceable. That maps to identity proofing, credential assurance, and action attribution, all of which are familiar IAM concerns even when the actor is synthetic. If the platform cannot bind an agent to a verified principal and preserve an audit trail of delegated actions, then the organisation cannot reliably separate legitimate automation from abuse, misuse, or account takeover.

Practical implication: Teams should require traceable agent identity, permission scoping, and tamper-resistant logs before allowing actions that change state.

Human approval remains the last reliable control boundary

The article shows that consumers are comfortable with low-risk assistive use, but confidence drops when the agent can move money, expose sensitive data, or make irreversible decisions. That is a classic escalation pattern in IAM: the more consequential the action, the more the programme needs step-up approval, clear accountability, and break-glass intervention. For consumer journeys, this is the equivalent of privileged access governance, because the risk is not the interface, but the authority to complete a high-impact transaction without review.

Practical implication: High-impact agent actions should require explicit human approval before execution, especially for payments and data disclosure.

Threat narrative

Attacker objective: The objective is to exploit delegated trust so that an agent can perform harmful or unauthorized actions while appearing to operate within the user’s normal session.

1. Entry occurs when a consumer delegates routine tasks to an AI agent inside familiar apps such as ecommerce, banking, travel, or messaging services.
2. Credential access and abuse begin when the agent is allowed to use the user’s trust context to complete actions such as purchases, payments, or information retrieval without sufficient review.
3. Impact follows when unintended actions, unauthorized purchases, data leakage, fraud, or account compromise occur because delegated authority exceeded the user’s real intent.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Verified agent identity is becoming the baseline for consumer trust, not an optional enhancement. When 74% of Hong Kong consumers say confidence would rise if they could verify an AI agent’s identity, permissions, and actions, the market is describing an identity assurance problem, not a UX preference. The governance question is whether platforms can bind delegated behaviour to a provable principal and keep the audit trail intact. Practitioner conclusion: identity proofing for agents is now part of customer trust architecture.

Consumer AI agents expose a hybrid governance gap between human consent and non-human execution. The article shows users are delegating actions in apps where the same identity can answer questions, compare options, and then trigger a purchase or payment. That is a cross-actor problem spanning human authorisation and machine execution, which makes NHI controls relevant even in consumer settings. Practitioner conclusion: programmes need policy boundaries for delegated action, not just login assurance.

Platform rules are only effective when users can see and understand them. Nearly 80% of Hong Kong respondents were either uncertain or unaware that platforms may have rules governing AI agent use, which means governance fails before enforcement even starts. This is a disclosure and consent gap, not merely a moderation problem. Practitioner conclusion: controls that are invisible to users will not hold up as agent autonomy expands.

Human approval is the governance backstop that prevents delegated action from becoming delegated liability. The survey shows consumers are most comfortable when human approval is required before higher-risk actions proceed, especially for payments and sensitive data. That aligns with the broader identity principle that authority must narrow as impact rises. Practitioner conclusion: organisations should treat human approval as the final control boundary for irreversible agent actions.

Agent verification is the named control concept this market is converging on. Verification connects identity, permissions, and action attribution into one governance model, which is exactly what consumer AI journeys now require. The concept matters because it shifts the conversation away from whether an agent is useful and toward whether the platform can prove it is authorised to act. Practitioner conclusion: verification should be treated as a core requirement for delegated AI, not a specialist add-on.

From our research:

• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
• That same survey found that systems with least-privileged AI access had a 17% incident rate versus 76% for over-privileged systems.
• For a broader model of where agentic risk sits in the control stack, see OWASP Agentic AI Top 10.

What this signals

Agent verification will become a standard governance requirement as AI agents move from advice into action. Consumer trust is now tied to whether a platform can prove the agent’s identity, permission scope, and action history. That is the same structural problem IAM teams face with non-human identities: if the actor can change state, the organisation needs a stronger proof model than ordinary login assurance. The practical signal is to design for explicit delegation, not implicit trust.

With 70% of organisations already granting AI systems more access than human employees, per The 2026 Infrastructure Identity Survey, the governance gap is already measurable. That figure should push teams to treat agentic access as a privilege-management issue, not a future policy debate. In consumer environments, the same lesson applies: if the platform cannot bound authority before execution, the trust model will be bypassed by convenience.

Verified delegation will matter more than model sophistication. The organisations that win this transition will be the ones that can show which agent acted, under what permission, and with what review path. That is why identity governance, not just AI policy, is becoming the real control plane for consumer and enterprise agent use alike.

For practitioners

• Define delegated action scopes for consumer AI agents Document which actions an agent may suggest, stage, or execute, and separate low-risk assistance from state-changing actions such as purchases, payments, and account changes. Use explicit policy tiers so the platform can block escalation when the request moves beyond the intended trust boundary.
• Bind agent activity to a verifiable principal Require traceable identity binding for the agent, the human principal, and the session context so every action can be attributed after the fact. Preserve immutable logs for permission checks, action approval, and downstream effects to support fraud review and accountability.
• Require human approval for high-impact steps Insert approval gates before irreversible or financially material actions, especially payments, data disclosure, and account recovery flows. Keep the approval step separate from the suggestion step so a user can review the final effect rather than rubber-stamp the agent’s recommendation.
• Publish platform rules in user-visible language Explain what AI agents can and cannot do inside the product experience, including any limits, review requirements, or blocked actions. If users cannot tell where the boundary is, they will work around it or trust the agent too far.

Key takeaways

• AI agents in consumer journeys are creating an identity problem as much as a fraud problem, because delegated action now matters more than simple authentication.
• The survey’s 74% verification signal and 44% negative-outcome rate show that trust is already conditional, measurable, and tied to control design.
• Practitioners should treat human approval, scoped delegation, and traceable agent identity as the minimum governance set for high-impact actions.

Key terms

• Agent Verification: Agent verification is the practice of proving that a software agent is allowed to act, what it may do, and how its actions can be attributed after the fact. In AI journeys, this is the bridge between identity assurance and delegated execution.
• Delegated Authority: Delegated authority is permission a human or system grants to another actor to perform actions on its behalf. For AI agents, the important question is not only who started the session, but whether the delegated scope still matches the intended risk boundary.
• Human Approval Gate: A human approval gate is a control point where a person must confirm an action before it proceeds. For AI agents, it is the clearest boundary between assistance and execution, especially when the action can move money, expose data, or trigger irreversible change.
• Identity Binding: Identity binding links an actor’s actions to a verified principal and a defined permission set. In agentic environments, it creates the auditability needed to distinguish legitimate automation from misuse, even when the interaction looks seamless to the end user.

Deepen your knowledge

AI agent verification and delegated authority are key topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building governance for consumer-facing agents or internal automation, it is worth exploring.

This post draws on content published by Sumsub: 74% of Hong Kong consumers call for verified AI agents, as regulators warn of escalating fraud, data leaks and misuse. Read the original.