Fastly and Skyfire have announced a partnership to bring identity verification and payment infrastructure for AI agents to the edge. The goal is to address one of the emerging issues in digital commerce: how to distinguish, in real-time, between legitimate autonomous agents that can generate business and malicious automation that only adds risk, fraud, or excessive resource consumption.
The collaboration integrates Skyfire’s identity and payment credentials within Fastly’s programmable edge platform. The aim is for companies to identify, verify, and enable transactions performed by AI agents globally without completely redesigning their current API, authentication, or checkout systems. It’s a step toward agentic commerce, where agents not only consult information but also compare, negotiate, reserve, purchase, or pay on behalf of users and organizations.
From anonymous bot to verifiable agent
Until now, most automated traffic has been treated as a threat. Bots that scrape prices, fill forms excessively, try breached credentials, buy inventory abusively, or simulate real users. With increasingly capable AI agents, this boundary becomes less clear. An agent can behave as automation but operate with the permission of a real customer and payment capacity.
Fastly and Skyfire suggest that companies can’t simply block all non-human traffic. They will need to know who’s behind each request, what authorization they have, what limits they must meet, and whether there’s a valid commercial intent. Making this distinction can transform part of agent traffic into a new revenue channel—if it can be verified quickly and reliably.
Skyfire provides identity and payment credentials for agents. Its platform enables these systems to access, transact, and pay on websites, APIs, and digital services through tokenized identities, programmable payments, stablecoin wallets, and tokenized cards. Fastly contributes its distributed edge cloud layer—where these decisions can be applied close to the user or service, reducing latency and avoiding reliance on the main backend for every validation.
| Current Problem | Fastly and Skyfire’s Response |
|---|---|
| Difficult to classify automated traffic | Verifiable identity for AI agents |
| Malicious bots mixed with useful agents | Policies based on identity and payment ability |
| Slow backend validations | Decisions made at the edge |
| APIs exposed to abuse | Programmable limits and permissions control |
| Checkout designed for humans | Compatibility with existing flows |
| Difficult to monetize agents | Payment credentials linked to the agent |
| Fraud risk | Pre-transaction verification |
Why edge can be key
The technical value of the partnership lies in where the decision is made. If an online store, travel platform, or API provider receives millions of requests from agents, it can’t wait for all of them to reach the backend to determine legitimacy. Doing so later increases costs, latency, and attack surface.
Fastly aims to move that decision to the edge. In practice, identity verification and payment validation can occur within milliseconds across its distributed network. From there, the company can enforce dynamic policies: permit an operation, limit query volume, adjust prices, block an agent, require additional verification, or redirect the request to a specific flow.
This approach is especially suitable for commercial APIs, marketplaces, licensed content, e-commerce, reservations, financial services, SaaS tools, or platforms seeking automated access without losing control. The edge acts as an intelligent boundary between the agent and the service.
Jeff Alpen, Vice President of Global Ecosystem Partners at Fastly, noted that many companies already see autonomous agents in their traffic. According to him, the companies gaining an advantage treat this as an economic signal rather than just security noise.
Identity, payment, and policy in one layer
Skyfire’s key innovation is not only identifying an agent but also verifying its payment capacity. This shifts how a company can handle requests. An anonymous resource-consuming bot doesn’t hold the same value as an agent with verified credentials, defined limits, and an associated payment method.
Amir Sarhangi, CEO of Skyfire, summarizes the shift as: companies should no longer wonder if agents will appear but whether they can identify them and build sustainable business models around them. This indicates a coming change: AI traffic can be a cost if it only consumes APIs, but it can become a monetizable channel if it represents attributable economic activity.
The integration enables policies based on identity. For example, a company could accept certified agents from selected providers, limit queries per minute, charge for premium access, allow purchases up to a certain amount, require extra authorization in sensitive categories, or block agents without a verifiable history.
| Capability | Possible Use |
| Tokenized identity | Knowing which agent makes the request |
| KYC/KYB credentials | Linking the agent to a verified entity |
| Payment validation | Confirming transaction capability |
| Dynamic policies | Adjusting limits, permissions, or prices in real-time |
| Programmable control | Modifying rules without redesigning backend systems |
| Integration with existing APIs | Minimizing changes to current systems |
| Complement to bot management | Differentiating malicious automation from useful traffic |
Agentic commerce: opportunity and risk
Agentic commerce is still in its early stages, but the direction is clear. Users might not always browse websites, read product pages, and click buttons. Instead, they may ask an agent to find the best flight, renegotiate a subscription, buy consumables, compare insurance, reserve a table, manage a return, or contract a service.
For companies, this alters digital experience design. The customer may no longer reach through a human interface but via an API call performed by an agent operating under a specific mandate. That request must be verifiable, traceable, and, if applicable, monetizable.
The challenge is that the same capabilities that make agents useful can also be exploited maliciously. An agent might scrape prices massively, test combinations, automate speculative purchases, or exploit logic flaws. That’s why Fastly combines Skyfire’s integration with its AI Bot Management and application security solutions.
The key is to avoid extremes: blocking all agent traffic can cause missed commercial opportunities, while accepting it without control can lead to fraud and overuse. The solution involves identity, limits, reputation, payment, auditing, and clear rules.
An economic layer for the web of agents
The Fastly-Skyfire alliance reflects a broader debate: the web and APIs are beginning to prepare for non-human users. For years, authentication, payment, and security systems were designed for humans or inter-company integrations. AI agents introduce an intermediate category: autonomous software acting on behalf of others, making operational decisions, and moving funds.
This calls for new trust layers. Knowing a request’s IP address isn’t enough. Detecting automation isn’t enough. You must know who the agent is, whom it represents, its permissions, imposed limits, and whether it can pay. Sometimes, decisions need to be recorded for auditing and compliance.
Skyfire talks about ‘Know Your Agent’ identity, programmable payments, stablecoin wallets, and tokenized cards. Fastly adds edge execution, application security, and bot management. Together, these pieces aim to make agent traffic resemble a verified commercial relationship.
The appeal for companies is that they might not need to rebuild their entire infrastructure. The integration promises compatibility with existing APIs, authentication, and checkout flows, applying verification at the edge. If proven in real deployments, this could accelerate adoption among companies eager to experiment with agents without deep migrations.
Trust will be the currency of automated commerce
The rise of autonomous agents in digital commerce won’t be solely addressed through better AI models. It will also require identity, security, payments, and governance. An agent might find an offer, but a company needs to know if it should proceed. It might initiate a purchase, but the system must confirm authorization. Negotiations may occur, but someone must respond if issues arise.
Fastly and Skyfire are targeting exactly this domain. AI agents won’t be trustworthy parts of digital commerce unless they have credentials, accountability, and payment ability. These decisions should happen near the traffic, not at the end of the chain.
This doesn’t mean that agentic commerce is already mature. Open questions remain on standards, legal responsibility, permission revocation, fraud, privacy, platform interoperability, and consumer acceptance. Still, it shows that infrastructure is beginning to prepare before the volume becomes unmanageable.
The future of e-commerce may no longer depend solely on attracting human users. It will also depend on being visible, accessible, and secure for authorized agents. In this landscape, distinguishing legitimate agents from malicious bots will be a fundamental business function. Fastly and Skyfire aim for this decision to happen at the edge, in real-time.
Frequently Asked Questions
What have Fastly and Skyfire announced?
They announced a partnership to integrate verifiable identity and payment credentials of AI agents into Fastly’s edge cloud platform.
What is agentic commerce?
It is a model where AI agents can autonomously search, negotiate, purchase, or pay on behalf of users or companies within defined limits.
Why is verifying AI agents important?
Because companies need to distinguish legitimate authorized agents from malicious bots, automated fraud, or resource-draining traffic with no commercial value.
What role does the edge play in this solution?
The edge enables near-request validation of identity, payment, and policies, reducing latency and avoiding extensive backend redesigns.