Identity is the new Stripe
Stripe was the API layer that ate payments. Identity is the API layer about to eat AI agents. Same playbook. Bigger market.
What Stripe did
Before Stripe, accepting payments online was a multi-week integration with a merchant bank, a payment gateway, a fraud system, and PCI DSS attestation. Stripe collapsed it to seven lines of code and good defaults. The market followed because the alternative was indefensibly hard.
The pattern: take a layer of infrastructure that every business needs, expose it as a clean API, ship great defaults, capture the workflow, and let the market do the rest.
What identity is doing
Before HATI, integrating verified human identity into an agent stack was a multi-month project across an IDP, an SSI vendor, a delegation primitive (often hand-rolled), an attestation layer (rarer still), and a regulatory artifact (rarer still). It is now collapsing to twelve lines of code and good defaults.
The market is following because the alternative — passing an Article 14 audit, an insurance review, a hiring-fraud forensic, and a customer trust review — is indefensibly hard.
Why this market is bigger
Stripe's market was payments — about $7 trillion annually globally, with payment processing fees in the low percentage points. Identity's market is harder to size because it sits beneath payments, beneath access, beneath every regulated AI deployment, and increasingly beneath every hire. The verification gas alone, projected from agent counts and the 100:1 ratio, is plausibly larger than current payment-processing revenue. We will be wrong by some factor; the magnitude is the same.
The signals
- 78% of enterprise AI teams have MCP-backed agents in production. Each will eventually need identity gas.
- The EU AI Act enforcement date forces compliance spend across every regulated industry.
- Insurance carriers are pricing controls; the controls require identity primitives.
- Hiring fraud — $501M+ — is no longer optional pain.
Each signal points the same direction. The infrastructure layer is forming. The companies that capture the API surface — open standards, clean SDK, great defaults — capture the decade.
Why this thesis is contrarian
Most VCs in the last few years priced AI as model investment. Models commoditize. Infrastructure compounds. The thesis that the next $100B company is the trust layer beneath models has been laughed at twice as long as the thesis that payments needed an API.
Stripe was funded at a Series A valuation that sounds quaint today. Whoever underwrites the identity layer now is in a similar position.
Common objections
The strongest counter-arguments we have heard. The incumbent will catch up — possibly inside their boundary; the cross-platform shape is architecturally hard for them. The category is too narrow — we believe it broadens as agent autonomy compounds; we may be wrong; the data over the next year will tell.
Frequently asked questions
What are the strongest counter-arguments? The two we hear most: (1) the incumbent will eventually ship this, and (2) the category is too narrow to support a category-defining company. We address both head-on; we believe the incumbent's architecture cannot ship this without a rebuild, and we believe the category broadens as agent autonomy compounds.
Are we ignoring legitimate criticism? We try not to. The honest criticisms — slow adoption, immature SDKs in some languages, unclear regulator response — are documented openly. We answer with progress, not with marketing.
What would make us change our mind? Three signals. A major incumbent shipping a comparable cross-platform delegation primitive. A regulator explicitly preempting the category with a different spec. A customer cohort showing they prefer the platform-bound alternative even when the audit trail is broken. None of those have appeared.
Where to start
For the steel-manned counter-position, read trust layer 100b company. For the alternative we agree could win, see agent identity is a category. We do not need to be right for the category to be real.
Where the analogy breaks
Stripe's power came from absorbing the regulatory and operational complexity of payments behind a clean API. The Manav analogy holds for the absorbing-complexity half: regulatory regimes, cryptographic primitives, audit logs, witness federation, all behind one developer-facing interface. The analogy breaks at the unit economics. Stripe earns a fraction of every transaction. Manav cannot earn a fraction of every identity verification, because charging per-verification creates a perverse incentive — verifiers ration usage, attackers exploit the rationing, the whole system degrades. The Manav unit economics have to be subscription-shaped: the relying party pays for capacity, not per-event. The shape is more like Cloudflare than Stripe. The analogy that gets the developer experience right gets the business model wrong, and vice versa. The honest read is that Manav is a new business shape that borrows pieces from both, with no perfect precedent. The companies that try to clone Stripe's model will discover the rationing problem in their first compliance audit.
Stripe ate payments by being easier than the alternative. The same is happening to identity.