Until now, autonomous AI agents have operated in the digital equivalent of the Wild West: executing tasks without identity or true accountability. This era is coming to an end with the launch of the Kakunin platform, which offers a purpose-built infrastructure for the cryptographic identification of AI agents. The move is a direct response to the strict European Union regulations, MiCA and the AI Act, set to go live in mid-2026.
The platform was founded by MIT Data Science graduates and introduced as the flagship product of Immortal Reality PA LLC. As founder Palash Bagchi stated:
Do you have a question about AI security? You can reach us here:
“AI agents need identity before regulators grant them trading rights. Kakunin is agent KYC for the MiCA era.”
What is Cryptographic Identity for an AI?
Kakunin offers a comprehensive package based on three main pillars: cryptographic identity, behavioral event monitoring, and regulatory reporting. In a corporate context, this means that every deployed autonomous agent receives a digital “ID card” and an immutable “logbook” of its operations.
The features provided by the platform include:
- Cryptographic Identity: Each agent is issued an X.509 certificate via AWS Key Management Service (KMS). The critical element here is that the private key never leaves the protected environment of KMS, significantly enhancing security.
- Behavioral Event Stream: The system provides real-time Server-Sent Events (SSE) subscriptions for over 8 different action types (e.g., trade, approval, error, anomaly). This allows for continuous monitoring and immediate intervention in case of abnormal behavior.
- Compliance Reports: The platform generates audit-ready reports in PDF and JSON formats, which can be submitted directly to regulatory authorities.
- WORM Audit Log: The system maintains a “Write-Once, Read-Many,” immutable event history for every agent’s activities.
The product’s MVP (Minimum Viable Product) was 100% completed in May 2026, and the company has already identified its target customers, including players like Cryptohopper from the Netherlands and 3Commas from Estonia.
The EU AI Act and MiCA as Business Drivers
Kakunin’s timing is no coincidence. Two critically important EU regulations are on the horizon: MiCA (Markets in Crypto-Assets) goes live in July 2026, and the enforcement of the EU AI Act begins in August 2026. These laws, especially for AI systems classified as high-risk, will impose strict requirements for transparency, oversight, and accountability.
From an AIQ standpoint, the emergence of solutions like Kakunin signals the dawn of a new market: “Compliance-as-a-Service for AI.” Companies using autonomous agents—particularly in the financial sector—will have no choice but to implement such systems. A cryptographically verified identity and an immutable audit log will become the foundation for a company to prove to authorities that its systems operate within the legal framework and that it can take responsibility for decisions made by its AI.
How Does This Fit into the OWASP LLM Top 10?
From AIQ’s perspective, the functionality offered by Kakunin is relevant to several vulnerabilities on the OWASP LLM Top 10 list. While not a direct defense against prompt injection, it provides critical compensating controls through accountability and monitoring.
LLM08: Agentic Excess
This vulnerability occurs when an autonomous agent exceeds its intended scope and performs unintentional, potentially harmful actions. Kakunin’s behavioral event stream (monitoring for anomalies, errors, etc.) and its WORM log are crucial for detecting and retrospectively investigating such incidents. If an agent “goes rogue,” abnormal activity patterns can trigger immediate alerts, and the unchangeable log serves as evidence.
LLM07: Insecure Plugin Design
External tools and agents connected to LLMs represent one of the largest attack surfaces. A unique identity backed by an X.509 certificate enables fine-grained access control. The agent can only perform actions for which its cryptographic identity is authorized, thereby reducing the risks associated with insecure plugins.
From a corporate audit perspective, this is the most important takeaway: identity management for AI agents is no longer a nice-to-have IT security feature but a cornerstone of legal compliance and risk management. Companies must be prepared to prove who or what made a specific decision within their systems. Platforms like Kakunin lift this burden of proof, making compliance accessible via a REST API with a one-hour setup time.