Identity and trust
Verifiable agent identity, attestation, and reputation for machine principals.
| Company | Offering | Credential | Delegation | Revocation | Status |
|---|---|---|---|---|---|
Agentic Fabriq agenticfabriq.com | Agents get a unique managed identity tied to a delegating user, with scope-based permissions, a credential vault the agent never touches directly, and centralized audit logging of every call the agent makes. | Managed agent identity with credential vault | Agents act on behalf of a specific user and are constrained to that user's granted permissions | Instant revocation and policy control from a central console | Live |
AgentID getagentid.dev | Each agent gets a cryptographic certificate (Ed25519, ECDSA, or secp256k1 keys) that others can verify with a single API call, with a four-tier trust level system (L1-L4) that gates permissions and spending authority based on key binding and entity verification. | Cryptographic certificate (Ed25519 / ECDSA P-256 / secp256k1 key-bound), anchored on Solana | not published | not published | Live |
AgentRank agentrank.info | A public index and API that scores and ranks agents using verified on-chain settlement data, weighted by payer credibility, rather than self-reported claims or endorsements. | not published | not published | not published | Live |
AgentStamp agentstamp.org | Agents get an Ed25519-signed identity certificate (Bronze, Silver, or Gold tier) plus a 0-100 reputation score, with the option to export the credential as a W3C Verifiable Credential or an A2A-compatible passport. | Ed25519-signed stamp, exportable as W3C Verifiable Credential or A2A passport | not published | not published | Live |
APort aport.io | Agents get a passport, a W3C DID/VC based identity document declaring the agent's capabilities, that other systems can verify before authorizing an action, plus cryptographically signed (Ed25519) allow or deny decision records for audit. | W3C DID/VC based agent passport | not published | not published | Live |
AstraSync astrasync.ai | Agents get an ASTRA-ID, a portable agent card, and a dynamic trust score, registered and verified through the Know Your Agent API and SDKs. | ASTRA-ID agent card (ERC-8004-based), with support for mapping external DID, Verifiable Credential, SD-JWT, and X.509 credentials to the ASTRA-ID as primary anchor | Agent cards declare a PDLSS permission envelope (Purpose, Duration, Limits, Scope, Self-instantiation) set immutably at registration | No active revocation endpoint documented; lifecycle control is via deactivation, which moves an agent to a deactivated state while preserving audit history | Live |
AXIS Trust (AXIS T-Score) axistrust.io | An agent registers to receive a permanent AUID and a T-Score, a 0-1000 behavioral trust rating placing it into one of five tiers (T1 Untrusted to T5 Sovereign), computed from timestamped, immutable behavioral event data rather than self-reported attestations. The score can be queried via API and displayed as a public trust profile in the AXIS agent directory. | AUID (Agent Universal Identifier) | not published | not published | Live |
Dock Labs (Truvera) dock.io | Agents get a W3C verifiable credential that identifies them and encodes a delegated-authority grant from the authorizing user, including scope, spending caps, merchant restrictions, and expiration, which a merchant or platform can verify via API in real time. | W3C Verifiable Credential (identity credential plus delegated-authority credential) | Time-bound, scoped delegated-authority credentials specifying spending limits, merchant scope, and data access rules issued by the authorizing user to the agent. | Instant revocation of credentials across all agents without code changes. | Live |
KnowThat.ai knowthat.ai | Operators can look up an AI agent's verification status and trust score, and can report on an agent's behavior to a shared, community-built reputation history. | MCP-I identity signal | not published | not published | Live |
RNWY rnwy.com | An agent registers via web form, API, or self-registration and receives a soulbound (non-transferable) token minted to its controlling wallet, plus a public profile and an algorithmic trust score derived from on-chain activity, wallet age, and transaction patterns. | ERC-5192 soulbound token identity, with attestations recorded via Ethereum Attestation Service on the Base blockchain | Credential is minted directly to the wallet an agent or its operator controls; the site describes support for both human-operated and autonomously self-registering agents. | The token cannot be transferred or revoked by an external authority; only the holder can burn it, by design, to prevent reputation laundering. | Live |
Skyfire skyfire.xyz | Agents get a portable verified identity token for access, login, and agent protocol interactions. | KYA token | not published | not published | Live |
Sumsub sumsub.com | Businesses get a Know Your Agent (KYA) product that detects automated and agent-driven activity, risk-scores it, and binds verified AI agent actions to a verified human identity for accountability and revocation. | Human-bound verification (liveness verification plus device intelligence, not a standalone agent credential) | Human-delegated authentication: an agent's authority derives explicitly from a verified human, creating an accountability chain from agent to verified user to facial identity | Revocation is tied to the bound human identity: if the verified person is banned or blocklisted, the linked automation is banned as well | Live |
T54 Labs t54.ai | Agents get a verified identity credential covering developer and business verification, model provenance, human-agent binding, and intent attestation, marketed as Know Your Agent (KYA). | Know Your Agent (KYA) verification | Binds an agent's actions to a verified human or business operator and attests to transaction intent | not published | Live |
Vouched vouched.id | Agents enrolled in Vouched's Know Your Agent suite receive a did:cheqd decentralized identifier and W3C verifiable credentials anchored on the cheqd network, cryptographically linking the agent back to a verified human or organizational owner. Vouched also offers Agent Checkpoint, which detects agentic traffic on a site, applies access policies, and governs delegated permissions, plus KnowThat.ai, a public registry for discovering and checking the reputation of agents before interacting with them. | did:cheqd DID with W3C verifiable credentials (DID-Linked Resources on the cheqd network) | Each agent DID is cryptographically linked back to the verified human or organization that authorized it, using hierarchical Decentralised Trust Chains from a root authority through accredited organizations to individual agents. | Credentials support suspension and revocation with tamper-evident, on-chain history maintained on the cheqd network. | Live |
Experian Agent Trust experian.com | Businesses get a Know Your Agent (KYA) framework that issues an Agent Trust Token binding a verified consumer, their device, and an AI agent acting on their behalf, plus an Agent Registry that scores agent behavior and risk over time. | Agent Trust Token | Human-to-agent binding linking a verified consumer, device, and agent | not published | Announced |
Trulioo trulioo.com | Trulioo has published a Know Your Agent (KYA) framework and a proposed Digital Agent Passport (DAP) credential intended to verify the developer, code integrity, user consent, and transaction authorization of an AI agent, and is working with Google to fit this into the AP2 agent payments protocol. | Digital Agent Passport (proposed) | not published | not published | Announced |
| No longer operating (kept as market history) | |||||
Chimoney chimoney.io | Agents got a W3C DID based digital passport (the APort passport) with KYC and KYB built in, attached to a Chimoney agent wallet for identity verification. | W3C DID based digital passport | Passports were attached to individual agent wallets created via API. | not published | Dead |
Livein productionBetalimited accessAnnouncednot yet shippedBlank cells mean the company does not publish that detail.