DEV Community

AgentGraph
AgentGraph

Posted on

We scanned 26,302 x402 endpoints. 0.41% implement the protocol correctly.

#ai #agents #security #webdev

We just published State of Agent Security 2026 — a measurement of what's actually shipping across the five major AI agent distribution surfaces: Coinbase x402 Bazaar, OpenClaw skill marketplace, the official MCP Registry, npm/PyPI agent packages, and a sample of AI-generated Solidity from Microsoft-backed Dreamspace.

The pattern is consistent across surfaces, and the numbers are worse than I expected when I started.

What we found

Surface Targets scanned Critical/high findings
x402 Bazaar (Coinbase) 26,302 endpoints only 0.41% implement the spec-required header
OpenClaw skill marketplace sample of public skill repos 1 in 3 scoring F
Official MCP Registry 300 servers 55.3%
npm agent packages sample of crew-ai-*, langchain-*, etc. 82.6%
PyPI agent packages sample 31%

That x402 number is the one I keep coming back to. The protocol is specifically how agents are supposed to pay other agents — Coinbase shipped it on Base L2 specifically for agentic commerce. Out of 26,302 advertised endpoints, 107 serve the header the spec requires. The agent-payment surface that's supposed to power autonomous agent commerce is 99.59% empty.

What good looks like

Half the report is the data above. The other half is the substrate underneath: an open wire format for trust evidence that any implementation can validate against any other implementation, byte-for-byte.

CTEF (Composable Trust Evidence Format) v0.3.1, frozen April 24 2026. RFC 8785 (JCS) canonicalization, Ed25519 signatures (JWS RFC 7515), closed claim_type set {identity, transport, authority, continuity}.

Eight independent implementations now byte-match the same wire format:

  • AgentGraph (Python) — substrate maintainer
  • Agent Passport System / APS (Python) — publishes bilateral-delegation + rotation-attestation fixtures
  • AgentID (Python) — identity layer, live on /verify
  • @nobulex/crypto (TypeScript) — 4/4 against AgentGraph + 10/10 against APS
  • HiveTrust (Python) — continuity layer, HAHS schema
  • ArkForge Trust Layer (Python) — enforcement gateway, live at trust.arkforge.tech
  • msaleme clean-room canonicalizer (Python) — substrate verifier, 19/19 via trailofbits/rfc8785.py
  • Foxbook (TypeScript) — identity layer, did:foxbook:{ULID} DID method

Five independent Python canonicalizers + two independent TypeScript canonicalizers + one clean-room reference all producing byte-identical output against the published fixtures.

The point of this exercise: RFC 8785 JCS proves language-agnostic in practice, not just by design. Any one-sided drift fires against seven witnesses.

Why this matters now

Three things collided on the same April 2026 news cycle:

  1. Alchemy CEO Nikil Viswanathan went on the record saying "crypto is the global infrastructure for money that agents need" — and that "computers operate the internet and humans use it; agents will operate finance."
  2. Coinbase's x402 protocol for agent-to-agent payment went live on Base L2.
  3. Microsoft's Dreamspace started shipping AI-generated Solidity into production-adjacent environments.

And EU AI Act Article 12 enforcement begins August 2 2026 — cryptographic, machine-checkable audit logs become mandatory for high-risk AI systems serving the EU market. 82 days.

The agent infrastructure is being built faster than the trust gate.

Read it / reproduce it

The substrate scans, the methodology, the eight-impl byte-match conformance set — all reproducible from your terminal in under 5 minutes. There is no AgentGraph-private side channel.

Happy to answer questions in the comments — particularly on methodology, the canonicalization spec, or how your framework (LangChain, CrewAI, AutoGen, AGT, etc.) could plug into the trust layer through the published bridge packages.

Top comments (0)