AI agent verification in Greater China: what IAM teams should watch

TL;DR: AI agent adoption in Greater China is running ahead of understanding, with fewer than half of consumers able to identify an AI agent and 44% already reporting a negative outcome linked to use, according to SumSub. The governance problem is not capability alone, but whether users can verify delegated action and retain accountability.

NHIMG editorial — based on content published by SumSub: Building Trust as AI Agents Take Hold, Greater China Survey Results

By the numbers:

• The Sumsub Greater China AI Agents Consumer Trust Survey was conducted among 1,050 respondents.
• 44% of consumers reported at least one negative outcome associated with AI agent use.
• 82% of consumers in Mainland China say a verified AI agent label would make them more comfortable using one.

Questions worth separating out

Q: How should security teams verify AI agents before allowing delegated actions?

A: Use a registration model that binds the agent to a responsible person or organisation, records its purpose, and issues a stable identity signal that can be checked at runtime.

Q: Why do AI agents complicate fraud and identity controls?

A: Because they can act across multiple systems without a human click for each step, which makes it harder to distinguish authorised delegation from abuse.

Q: What breaks when consumers cannot tell an AI agent from ordinary automation?

A: Delegation becomes unsafe because users may grant real authority to software they do not understand, and attackers can hide inside that confusion.

Practitioner guidance

• Implement verified agent registration Bind each approved AI agent to a responsible user or organisation, record its purpose, and require a stable identity signal before allowing it to act in customer journeys or internal workflows.
• Enforce approval gates for high-risk actions Require user review before purchases, account changes, data sharing, or external service calls, and keep those checkpoints consistent across web, mobile, and messaging channels.
• Trace delegated actions end to end Log who initiated the request, which agent executed it, what permissions were used, and whether the action stayed within the approved scope so fraud teams can challenge abuse quickly.

What's in the full article

SumSub's full article covers the survey context and consumer trust findings this post intentionally leaves at the strategic level:

• Detailed survey breakdowns for Mainland China and Hong Kong on recognition, adoption, and approval preferences
• Discussion of Chinese and Hong Kong regulatory signals shaping agentic AI oversight
• Examples of how KYA framing is being used to distinguish legitimate agents from suspicious automation
• The fraud and account compromise outcomes consumers reported after using AI agents

👉 Read SumSub's survey on AI agent trust in Greater China →

AI agent verification in Greater China: what IAM teams should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →