Proof launches x401, an open protocol for verifying who's actually behind AI agents

Here’s a question that’s about to define the next era of the internet: when an AI agent books your flight, transfers your money, or signs a contract on your behalf, how does the other side know it’s actually acting for you?

Proof, an identity authorization company that has secured over $640 billion in transactions across more than 9,000 organizations, thinks it has the answer. The company launched x401, an open protocol that extends HTTP to let AI agents present cryptographic proof of verified human identity and scoped authorization.

How x401 actually works

The protocol uses HTTP 401-style challenges, the same type of “unauthorized” response your browser gets when you try to access a protected webpage. But instead of prompting for a username and password, x401 lets agents respond with cryptographically signed Verifiable Credentials that support selective disclosure and zero-knowledge proofs. That means the agent can prove you’re over 18 without revealing your birthday, or prove you’re a US resident without handing over your address.

Proof CEO Pat Kinsel has emphasized the importance of knowing who authorizes AI-generated actions. The protocol isn’t trying to verify the AI itself. It’s verifying the human behind it.