Hi everyone, thanks for coming back to Customer Futures.

Each week I unpack the disruptive shifts around Empowerment Tech. AI Agents, digital wallets, Personal AI in and the future of the digital customer relationship.

If you haven’t yet signed up, why not subscribe:

Customer Futures London Meetup: 22 June

Are you curious about Personal Agents, digital ID and digital wallets? Are you already working on Empowerment Tech?

Join us on Monday 22nd of June for our next Customer Futures Meetup, and a catch-up about all things ET.

Excitingly, we’ll be joined by the team from JLINC, a breakthrough data portability protocol, who are sponsoring the event.

We’ll be diving into all things authentic data + AI agents + verifiable credentials.

When: 6-8pm, Monday 22nd June

Where: Bar Area, The Hoxton, 199-206 High Holborn, London WC1V 7BD

Who: Regular readers of Customer Futures, friends and colleagues... anyone interested in the future of being a digital customer

Hi folks,

It feels odd to say it, but I’m feeling pretty numb right now with today’s endless stream of company updates, reels, newsletters and videos.

A few years ago, even when most of the content was either mediocre or outrageous, it still felt human. Real. Digestible even.

But now it feels like a tsunami of clickbait, hot takes, snippets, shorts and podcasts that all say the same stuff. Or that are designed to shock and divide us. All to be consumed while you wait for the kettle to boil, sit on a train, or ride an exercise bike.

And since Covid, it’s only got worse.

Three-hour must-listen podcasts. Long reads about the future. Endless announcements about pilots, protocols and partnerships.

So over the last few weeks, I’ve taken a step back. Pen and paper. A blank page. Making sense of things for myself.

Away from the infinite scroll. Away from the conference-floor noise. Away from the exhaustion of the “thrilled to announce” posts.

There are some seriously important things happening at the moment. Around digital wallets, verifiable credentials and AI agents. And I’m excited about what’s coming.

But so much gets lots in the tornado of trying to keep up.

So this week, we’re back with a few simple things you might have missed but should be paying attention to. And why they matter.

Because it’s never been more important to understand the future of the digital customer.

So welcome back to the Customer Futures newsletter.

In this week’s edition:

• Anthropic’s ‘Zero Trust’ paper points directly to OBO

• Giving AI Agents access to Instagram, but forgetting to check their ID

• Google Wallet just got an upgrade - and it’s a huge opportunity for business

• Beyond The Prompt: Is your AI talking behind your back?

• … and much more

Grab a cappuccino, a quiet spot in the cafe, and Let’s Go.

Anthropic’s ‘Zero Trust’ paper points directly to OBO

Anthropic’s latest paper on “Zero Trust for AI Agents” is an important read if you care about the future of the digital customer.

I especially love the AI Major’s idea of “least agency”.

Folks in the identity world will be familiar with the term “least privilege”, which is about managing what an identity (a person, device, or system) can access.

But the idea of “least agency” asks what an agent can do, under what conditions, with which tools, and with what level of oversight.

Autonomous AI agents are more than just about ‘access’. We also need to be careful about action too. How they behave, not just where they go.

So the rules around who-can-do-what must now be designed - and enforced. Not just managed at the level of ‘here’s your access badge or token’.

This particular table in Anthropic’s paper stuck out for a few reasons. It’s their view of what we need to ensure we can trust AI agents inside the enterprise:

Specifically, they recommend:

• Persistent agent IDs

• Backed by cryptographic material

• Certificate presentation for all service connections

• Remote attestation to verify agent integrity before granting access

• Confidential computing enclaves

Yes, it’s somewhat technical. But for those who’ve been following Customer Futures for a while, you’ll see that most of those recommendations can be delivered with verifiable credentials, and likely a digital wallet for every AI agent.

Why am I banging that drum again?

Because AI agents are naturally decentralised things.

We wont - and can’t - have one huge central platform that hosts and manages all the AI agents everewhere. And certainly not when those AI agents act outside the company’s firewall. When the AI needs to move between and across different companies.

And of course, when the AI agent is operated on the side of the customer themselves.

Once again, we’re bringing old mental models - of centralisation and industrialisation, of data lakes and CDPs, of enterprise systems and controlled access - to the new world of AI agents.

Once again, we’re applying old logic, old assumptions to the new tech.

Instead, we need to give AI agents their own identities. Their own digital credentials and proofs. Their own portable trust. So that anyone, anywhere can instanly verify who they are, what they are allowed to do, and on whose authority.

It’s why I keep coming back to the ideas of ‘OBO’. A framework for ‘on behalf of’.

Giving each AI agent its own persistent identifier, together with run-time control with permissions, access and actions.

In case you missed it in recent posts, here are the eight things that I believe a framework around ‘Agent OBO’ can describe:

1. The identifier of the ‘principal’ (the person, org or machine) doing the delegating

2. The identifier of the AI agent

3. Proof of the ‘binding’ between the principal and the AI agent (the relationship)

4. The scope of the delegation (what, where, when, who)

5. The intent of the delegated task (why)

6. The operator of the agent (e.g. SaaS provider vs. device owner)

7. The reputation of the agent

8. The terms on which data will be shared about the principal (a pointer to a machine-readable governance framework, and covering compliance with any particular regulations)

Importantly, these ‘OBO 8’ can be wrapped up into a single digital object that can be asked for, inspected and verified instantly. It will be machine-readable, and suitable for high-frequency, real-time transactions, with auditability baked in.

Which is why Anthropic’s ‘Zero Trust’ paper matters, when it’s describing OBO in great detail.

Of course, you can alternatively just feed the whole thing into Claude and get a 10 point summary so you can sound smart in your next meeting.

Isn’t that what everyone does now?

READ

Giving AI Agents access to Instagram, but forgetting to check their ID

Another predictable face palm from META, who has been using AI for ID checks when a user needs to carry out a password reset.

But whoops - bad actors can also use AI to fake the selfie, needed as part of the reset.

AI tricking AI. Who knew!

Apparent last week some bad actors used AI to fake-reset a bunch of high profile Instagram accounts. And it worked.

From Marijn Markus:

“An attacker would start the “Forgot Password” process, claim the account had been compromised, and use a VPN matching the target’s location. Instagram’s AI support flow would then request selfie verification.

“The attacker would take photos from the target’s public profile, generate an AI video showing the face moving, and submit it as proof.

“If accepted, the attacker could change the account email address, receive password reset links, and take control of the account.”

It feels like a simple thing to miss.

That loophole has apparently been fixed, but wow, you’d think META, of all folks, would have more solid ID verification checks in place…

Right? RIGHT?

READ

Google Wallet just got an upgrade - and it’s a huge opportunity for business

This is a big deal, if you follow the breadcrumbs.

Lucyna Janas, Head of Google Wallet Partnerships, has announced that privately-issued credentials, for example from banks and private companies, are coming to Google Wallet.

As Nick Lambert puts it:

“This is a defining moment for verifiable credentials and reusable digital identity.

“The Google Wallet solves the distribution problem of how a company gets verified ID credentials into their users’ hands. Hundreds of millions of devices run Android.”

Nick points out that for banks and businesses, it’s potentially a huge opportunity. If a company has already verified someone, and carried out digital identity checks, then they can issue that data into Google wallet too.

And the customer can then reuse that data elsewhere, with trust.

Things like KYC and ID verification checks - currently a business overhead - can become portable and useful. Perhaps even a new revenue stream for the business, if designed correctly with privacy (for example ensuring that there is no “phone home” moments where the bank can see where the data has been used).

This is all possible with the available technology today.

BUT.

Look further, and this move by Mastercard may be less about digital ID, and more about data portability full stop.

On the 16th June in London at the Ctrl-Shift Smart Data Forum, Google will be demonstrating their latest Data Portability API. Now required by regulation as part of the EU’s Digital Markets Act (DMA) and the UK’s Data (Use and Access) Act (DUAA).

But what if that data sharing wasn’t direct via API between Google and another business, but instead using a verifiable credential… and issued straight to the user’s wallet, as Google Wallet has announced?

And what if that data format was based on open standards, so that the personal data could be issued into any certified wallet, including Apple’s? Perhaps even the EU Digital ID wallet?

Well, customers just got empowered in a new way. To receive copies of their own account records from banks and other company sources. And to be able to share their personal data with others, transparently, auditably, and under their control.

Think customer account records. Think proof of spend. Think enrolments and entitlements. And yes, digital identity. And that’s all before we get to customer status and loyalty information.

If this plays out as I suspect, it’s another brick in the wall(et) for Empowerment Tech.

I’ll share as we find out more about Google Wallet’s plans.

One to watch.

READ

Beyond The Prompt: Is your AI talking behind your back?

I had a real reality check with AI yesterday.

I was asking ChatGPT about how to handle some team travel logistics, and it suggested I get an earlier train given my current location.

Yet I hadn’t given it information about where I was, nor remember doing so.

Hmmm.

I asked it why it knew my location, and it apologised. It then confessed it had pulled my computer’s IP address and area code.

Now, this is pretty standard for digital services, and we should be used to this as part of the usual data scrape. But it shocked me when it casually dropped in my current location to the chat, and suggested new travel plans.

My point here isn’t about some unusual data collection. By now, we should know that if it can be collected, it will be collected.

No, this is actually about transparency and context. Because it would’ve been trivial to get the ChatGPT response to say:

“From your IP address, it looks like you are currently in XYZ, and I assume you want to take the train. So I suggest you head to ABC to get ahead of possible delays.”

It won’t be the first or last time this kind of thing happens. But it raises a bigger question about what personal data our prompts are using.

And critically, what happens to our data Beyond The Prompt.

Helpfully, there’s just been an excellent analysis of exactly that, and researchers have some pretty alarming results.

Sekoul Krastev shared some of the highlights:

“It turns out your favorite chatbot is maybe forwarding your conversation content to third parties. In some cases, the literal plaintext of what you typed and what the model said back.

“17 of 20 chatbots shared data with at least one third party during a single session. Advertising services appeared on 12 of 20. SeaArt alone contacted 13 distinct advertisers in one session, including Facebook, Google, TikTok, and Amazon.

“Claude and Mistral’s support widgets transmitted user name, email, account ID, and user hash on page load... before anyone even typed anything.”

Woof.

If you thought data leakage from browsers, cookies, real-time bidding and adtech was bad, just wait till you take a look at how AI is handling (and storing) your data.

And that’s before we give lots of our personal data - including intent prompts, locations, preferences and identity information - to AI agents. All in the name of ‘getting something done.’

Yes, this is a governance problem, a data protection problem, and an incentives problem. But more importantly, this is a transparency and UX problem.

Big Tech companies will always collect more data than they need, more than they should, and disclose less than they must.

Making it clear what data is being used to produce an AI chat result - and what happens with your data afterwards - must become table stakes.

Whether it’s recommending a product, an employee hire, or a financial transaction.

Or even if you are just getting a train.

READ

OTHER THINGS

There are far too many interesting and important Customer Futures things to include this week.

So here are some more links to chew on:

• Announcement: DIF sets a precedent: AI Agents are banned READ

• News: OpenAI and Plaid are bringing personal finance management directly into ChatGPT READ

• Opinion: Your Chatbot Has a Long Memory. That Isn’t Always a Good Thing READ

• Article: When AI buys on your behalf: understanding the stack and the risks READ

• Post: The future of identity is headless and AI-first READ

• Opinion: We Must Be Honest About AI’s Dishonesty READ

And that’s a wrap. Stay tuned for more Customer Futures soon, both here and over at LinkedIn.

And if you’re not yet signed up, why not subscribe: