69,000 bots. 165 million transactions. No shared trust layer between any of them.
That's the production reality documented in our arXiv paper (2605.06738). The Agentic Trust Framework (ATF) maps what needs to exist to fix this. MolTrust is now listed as an ecosystem adopter — Issue #14.
The technical mapping across ATF's elements:
Identity (Element 1): did:moltrust: — W3C DID, Ed25519, Base L2 anchored. Submitted to W3C DID Method Registry (PR #696) and DIF Universal Resolver (PR #540).
Behavior (Element 2): Agent Authorization Envelope (AAE) — MANDATE / CONSTRAINTS / VALIDITY, machine-evaluable, on-chain anchored. Enforced at kernel level via Falco eBPF — below the agent process, not just at the API.
Segmentation (Element 4): AAE CONSTRAINTS block — value caps, domain allowlists, rate limits, time-bounded validity. Relying parties evaluate before processing.
The distinction vs. hash-chain approaches: MolTrust trust scores are queryable by any third party at runtime. The audit trail is independently verifiable without access to MolTrust infrastructure.
One timing note worth mentioning: IMDA published MGF v1.5 yesterday (ATxSummit, 20 May). §2.1.2 independently prescribes cryptographically verifiable agent identity and scoped, time-bound, least-privilege authorization — the same structure as AAE. Convergence from two directions simultaneously.
Next: IETF Internet-Draft for the AAE spec (draft-kroehl-agentic-trust-aae-03). If you're building in this space — agent authorization, identity, behavioral trust — the ATF repo is worth watching.
Live registry: api.moltrust.ch | Paper: arxiv.org/abs/2605.06738
Top comments (0)