Building Trust Infrastructure for the Agentic Economy: A Response to Stripe's Five Levels

Stripe just published their annual letter describing five levels of agentic commerce — from simple form-filling agents to autonomous agents that anticipate your needs. But there's a critical piece missing from this vision: trust infrastructure.

As someone building trust systems for autonomous agents, I see a fundamental gap between Stripe's payment infrastructure (which answers "can this transaction be processed?") and what the agentic economy actually needs (which answers "should this agent be trusted to initiate it?").

The Trust Escalation Ladder

Stripe's five levels aren't just about increasing autonomy — they're about exponential increases in trust requirements:

• Level 1: Agent fills out a web form. Trust requirement: essentially zero.
• Level 2: Agent searches and reasons about purchases. You're trusting its judgment.
• Level 3: Agent remembers your preferences and history. You're trusting it with persistent knowledge.
• Level 4: Agent gets $400 and instructions to "get back-to-school shopping done." You're trusting financial delegation.
• Level 5: Agent acts on its own anticipation. You're trusting it with your intent before you've articulated it.

Each level demands more trust. But what infrastructure exists to justify that trust?

Why KYC Doesn't Work for Agents

Know Your Customer (KYC) works because humans have persistent, verifiable identities. Agents don't. An agent is code running in a container — potentially ephemeral, potentially modified between sessions, potentially operating under instructions that conflict with what its owner intends.

What we need is KYA — Know Your Agent. Not who built the agent, but what has this agent actually done? How has it behaved over time? Can you prove it?

The Self-Certification Problem

Every agent safety system today operates on the same broken model: the vendor monitors the agent, generates logs, and reports on what happened. This requires trusting the vendor who generated the logs.

Consider financial auditing. No public company self-certifies its financial statements. An independent auditor verifies them. The integrity of the system depends on the independence of the verification.

Trust Score: Credit Ratings for Agents

We built Mnemom around a different principle: cryptographically verified behavioral reputation.

Trust Score is a 0-1000 rating computed over five weighted components:

• Integrity ratio
• Compliance history (with exponential decay)
• Drift stability
• Trace completeness
• Coherence compatibility

But unlike credit scores, Trust Score has no central bureau. The underlying evidence is cryptographically signed and hash-chained. Anyone can verify it independently — no API call, no internet connection, no trust in the scoring vendor required.

The Technical Implementation

Here's the core insight that makes this practical: proving that a full LLM inference was correct is computationally intractable (billions of RISC-V cycles). But proving that an auditor honestly applied its rules to the LLM's output? That's roughly 10,000 RISC-V cycles.

We don't prove the model was correct. We prove the auditor's judgment was honest.

Every integrity checkpoint receives four-layer cryptographic attestation:

1. Ed25519 digital signatures: This gateway produced this checkpoint
2. SHA-256 hash chains: No checkpoint was deleted or reordered
3. Merkle tree accumulator: Any checkpoint is verifiable without downloading full history
4. SP1 STARK zero-knowledge proofs: The verdict was honestly derived from evidence

# Simple integration example
from mnemom import Gateway

# Zero code changes to existing agent
client = Gateway(
    model="claude-3-5-sonnet",
    policy="./governance.yaml"
).anthropic()

# Agent gets cryptographic identity automatically
response = client.messages.create(
    model="claude-3-5-sonnet",
    messages=[{"role": "user", "content": "Help me plan dinner"}]
)

# Behavioral monitoring happens transparently
# Trust Score updates in real-time

What Each Level Actually Needs

Level 1 — Identity: Every agent needs cryptographic identity before its first action. Our gateway assigns one with a single environment variable.

Level 2 — Behavioral monitoring: Agents reason and search. You need to know what they're thinking, not just what they output. Our integrity protocol intercepts internal reasoning before actions execute.

Level 3 — Persistent reputation: The agent remembers your preferences. You need to remember its behavior. Trust Score provides portable reputation that follows agents across sessions.

Level 4 — Governance: Full delegation requires full governance. Not just monitoring — policy enforcement, lifecycle management, trust recovery.

Level 5 — Cryptographic proof: Anticipatory action demands highest assurance. Trust Scores published to Base L2 via ERC-8004 smart contracts — immutable, publicly queryable, independently verifiable.

The SSL Moment

E-commerce didn't scale because browsers could display web pages. It scaled because browsers could display a padlock. That padlock didn't protect the transaction — it told users the connection was verified.

The agentic economy is pre-padlock. Agents can browse, reason, and buy — but there's no padlock. No verification that the agent connecting to an API is trustworthy.

Trust Score is the padlock for the agentic economy.

Getting Started

The infrastructure is open source (Apache 2.0) and shipping today:

npm install @mnemom/gateway  # Node.js
pip install mnemom           # Python

We have live agents with public Trust Score pages, cryptographic certificates, and on-chain reputation records. The future of commerce is agentic — but it needs to be trustworthy first.

The question isn't whether agents will handle most internet transactions. The question is whether we'll have the trust infrastructure to support them when they do.

---

Originally published on mnemom.ai