In early 2024, a finance worker at engineering firm Arup joined what looked like a routine video call with his CFO and several colleagues. Every person on that call, except him, was an AI-generated deepfake. He transferred $25.6 million before realising anything was wrong. Nobody hacked Arupβs systems or stole a password. The attackers exploited one assumption: that the person on screen is real.
Deepfake fraud losses in North America exceeded $200 million in Q1 2025 alone. Meanwhile, AI agents are signing contracts, approving deployments, and executing workflows without any mechanism to prove a human said yes. Enterprise security was built to verify credentials. It was never built to verify humanity.
That gap is what World ID 4.0 targets. Unveiled at Sam Altmanβs Lift Off event in San Francisco last week, it arrives with four enterprise partners: Docusign, Okta, Vercel, and Zoom. Crucially, each is solving a different version of the problem.
βWe are heading to a world where thereβs going to be more stuff generated by AI than by humans,β Altman told attendees. βWorld ID is designed to solve that at the root.β
Docusign and World ID: Proving a Human Actually Signed That Contract
When an AI agent completes a contract on someoneβs behalf, who is accountable? Most businesses currently have no clean answer, and the legal risk is growing fast.
Docusign already works with identity verification partners Onfido and Socure to confirm who a signer is. But World ID answers a different question: not who signed, but whether the signer was human at all. As AI agents become capable of navigating agreement workflows from start to finish, that distinction is becoming a serious liability gap. The two verification layers sit alongside each other in the signing flow, so together they create a chain of accountability that neither provides alone.
Vercel and Okta: Building Human Accountability Into AI Agent Workflows
For developers shipping agentic applications, Vercel is embedding a human-in-the-loop checkpoint into its open-source Workflow SDK. A single npm package lets developers require cryptographic proof of human authorisation before any workflow step proceeds. Every check is then logged in the execution record. The result is a verifiable audit trail for the moments that matter most: a production deployment, a large transaction, a sensitive data access request. In short, any action where βthe agent did itβ is not an acceptable answer after the fact.
Oktaβs approach addresses the same problem at the infrastructure level. The identity company is building Human Principal, a product that lets API builders verify the specific person behind any agent action and enforce policies against them. Rather than re-verifying at every touchpoint, users receive device-bound cryptographic proof that carries across products. World ID is set to be one of its first integration partners. Together, the two would enable rate limits per verified human, abuse-protected free tiers, and cleaner onboarding for agent traffic.
What World ID 4.0 Means for Enterprise Adoption
Beyond the partnerships, World has also rebuilt the protocol itself. Version 4.0 introduces key rotation, multi-device sessions, single-use anonymity tokens, and a new lower-friction Selfie Check tier for less sensitive use cases. According to the company, more than 18 million people across 160 countries have now verified via Orb, up from 12 million a year ago, with credentials used over 150 million times.
Still, the Orb remains the biggest barrier to mainstream enterprise rollout. Asking employees and business counterparties to scan their irises with third-party hardware is a hard sell, particularly as regulators watch closely. Spainβs data protection authority issued a formal GDPR warning against World in February 2026, and scrutiny continues across multiple jurisdictions.
βThis is a re-engineering of the stack around a very simple idea,β said Daniel Shorr, chief of staff to the CEO at Tools for Humanity. βHumans should have a right to exceptional privacy and security.β
Even so, the partner list is a signal in itself. Agreements, developer tooling, identity infrastructure, video conferencing: four platforms at the core of enterprise work all moved on human verification in the same week. Whether World ID becomes the standard they coalesce around is still an open question. That they needed one, however, is not.
