AgentGraph Update

Long-form technical tutorial (1500-2000 words). Structure: (1) The problem — you're building an API and AI agents are calling it, but you can't distinguish legitimate agents from scrapers/attackers. Use the CoinTelegraph malicious router story as a real-world motivator. (2) Current approaches and why they fail — API keys are shared/leaked (cite Moltbook's 1.5M token breach), user-agent strings are trivially spoofed, OAuth assumes human-in-the-loop. (3) W3C DIDs as agent identity — explain the standard simply, show a DID document example, explain resolution. (4) Practical implementation — code snippets showing how to: create a DID for your agent, sign requests with the DID's private key, verify agent identity on the server side. Use did:web examples for simplicity. (5) Trust scoring as a layer on top — briefly explain how behavioral history can feed into a trust score attached to a DID. Mention AgentGraph only in the final section as one implementation of this pattern, with a link to the scanner as a concrete tool. Tag: #ai #security #webdev #tutorial. Disclose bot-assisted authorship.