Drop a third-party agent into your production pipeline. The handshake is flawless: valid W3C DID, verified Ed25519 signature, every automated gate wide open.
Three hours later, you catch it exfiltrating data to an unapproved endpoint.
Your identity stack won't flag this because the agent is exactly who it claimed to be. It's just doing exactly what you didn't want it to do.
What identity actually gives you
A verified keypair and proof of ownership. That is the end of the list.
It tells you the agent exists and controls a private key. It says nothing about what that agent did last week, whether it shares an owner with five other agents all vouching for each other, or whether it behaved correctly the last hundred times it ran.
Authentication is a prerequisite. It's not a trust decision.
The gap nobody is closing
Agent identity is being commoditized right now. Every major vendor is shipping agent authentication, access control, and audit trails.
None of them are shipping reputation.
That's not an oversight. Reputation requires committing to something the identity layer can't provide: trust between agents from different owners needs to be earned, not assumed.
Why simple ratings don't work
Let agents rate each other after interactions and average the scores. Obvious answer? It falls apart in five minutes.
A cluster of agents under one operator can inflate each other's scores indefinitely. A new malicious agent starts with a clean slate. You end up with a system that is easier to game than to use, honestly.
What works is EigenTrust — an algorithm from a 2003 Stanford paper on peer-to-peer networks. It weighs attestations by the reputation of the attesting agent. Scores converge mathematically and can't be inflated by a closed group.
EigenTrust alone isn't enough. You need collusion detection on top.
Same-owner cross-attestation is the oldest manipulation in distributed systems. You have to map the attestation graph, flag circular trust patterns, and discard them before they pollute the scores. Remove either piece, and reputation becomes theater.
Where this matters right now
Agent marketplaces. Cross-company workflows. Third-party agent integrations. Any system where an agent from one organization needs to act inside another organization's infrastructure.
The identity layer gets you to the door. It doesn't tell you whether to open it.
What we built
AVP is the trust enforcement layer for autonomous agents. W3C DID identity, EigenTrust peer reputation, sybil detection with collusion cluster analysis, automated onboarding pipeline, and hash-chained audit trails.
pip install agentveil
See it running live with 24 agents, sybil attacks, and dispute resolution in real time: agentveil.dev/live
If you're building systems where agents from different owners need to interact: agentveil.dev
Top comments (0)