Identity and trust

Verifiable agent identity, attestation, and reputation for machine principals.

17 companies
View as JSON or Markdown
CompanyOfferingCredentialDelegationRevocationStatus
Agentic Fabriq
agenticfabriq.com
Agents get a unique managed identity tied to a delegating user, with scope-based permissions, a credential vault the agent never touches directly, and centralized audit logging of every call the agent makes.Managed agent identity with credential vaultAgents act on behalf of a specific user and are constrained to that user's granted permissionsInstant revocation and policy control from a central consoleLive
AgentID
getagentid.dev
Each agent gets a cryptographic certificate (Ed25519, ECDSA, or secp256k1 keys) that others can verify with a single API call, with a four-tier trust level system (L1-L4) that gates permissions and spending authority based on key binding and entity verification.Cryptographic certificate (Ed25519 / ECDSA P-256 / secp256k1 key-bound), anchored on Solananot publishednot publishedLive
AgentRank
agentrank.info
A public index and API that scores and ranks agents using verified on-chain settlement data, weighted by payer credibility, rather than self-reported claims or endorsements.not publishednot publishednot publishedLive
AgentStamp
agentstamp.org
Agents get an Ed25519-signed identity certificate (Bronze, Silver, or Gold tier) plus a 0-100 reputation score, with the option to export the credential as a W3C Verifiable Credential or an A2A-compatible passport.Ed25519-signed stamp, exportable as W3C Verifiable Credential or A2A passportnot publishednot publishedLive
APort
aport.io
Agents get a passport, a W3C DID/VC based identity document declaring the agent's capabilities, that other systems can verify before authorizing an action, plus cryptographically signed (Ed25519) allow or deny decision records for audit.W3C DID/VC based agent passportnot publishednot publishedLive
AstraSync
astrasync.ai
Agents get an ASTRA-ID, a portable agent card, and a dynamic trust score, registered and verified through the Know Your Agent API and SDKs.ASTRA-ID agent card (ERC-8004-based), with support for mapping external DID, Verifiable Credential, SD-JWT, and X.509 credentials to the ASTRA-ID as primary anchorAgent cards declare a PDLSS permission envelope (Purpose, Duration, Limits, Scope, Self-instantiation) set immutably at registrationNo active revocation endpoint documented; lifecycle control is via deactivation, which moves an agent to a deactivated state while preserving audit historyLive
An agent registers to receive a permanent AUID and a T-Score, a 0-1000 behavioral trust rating placing it into one of five tiers (T1 Untrusted to T5 Sovereign), computed from timestamped, immutable behavioral event data rather than self-reported attestations. The score can be queried via API and displayed as a public trust profile in the AXIS agent directory.AUID (Agent Universal Identifier)not publishednot publishedLive
Agents get a W3C verifiable credential that identifies them and encodes a delegated-authority grant from the authorizing user, including scope, spending caps, merchant restrictions, and expiration, which a merchant or platform can verify via API in real time.W3C Verifiable Credential (identity credential plus delegated-authority credential)Time-bound, scoped delegated-authority credentials specifying spending limits, merchant scope, and data access rules issued by the authorizing user to the agent.Instant revocation of credentials across all agents without code changes.Live
KnowThat.ai
knowthat.ai
Operators can look up an AI agent's verification status and trust score, and can report on an agent's behavior to a shared, community-built reputation history.MCP-I identity signalnot publishednot publishedLive
RNWY
rnwy.com
An agent registers via web form, API, or self-registration and receives a soulbound (non-transferable) token minted to its controlling wallet, plus a public profile and an algorithmic trust score derived from on-chain activity, wallet age, and transaction patterns.ERC-5192 soulbound token identity, with attestations recorded via Ethereum Attestation Service on the Base blockchainCredential is minted directly to the wallet an agent or its operator controls; the site describes support for both human-operated and autonomously self-registering agents.The token cannot be transferred or revoked by an external authority; only the holder can burn it, by design, to prevent reputation laundering.Live
Skyfire
skyfire.xyz
Agents get a portable verified identity token for access, login, and agent protocol interactions.KYA tokennot publishednot publishedLive
Sumsub
sumsub.com
Businesses get a Know Your Agent (KYA) product that detects automated and agent-driven activity, risk-scores it, and binds verified AI agent actions to a verified human identity for accountability and revocation.Human-bound verification (liveness verification plus device intelligence, not a standalone agent credential)Human-delegated authentication: an agent's authority derives explicitly from a verified human, creating an accountability chain from agent to verified user to facial identityRevocation is tied to the bound human identity: if the verified person is banned or blocklisted, the linked automation is banned as wellLive
T54 Labs
t54.ai
Agents get a verified identity credential covering developer and business verification, model provenance, human-agent binding, and intent attestation, marketed as Know Your Agent (KYA).Know Your Agent (KYA) verificationBinds an agent's actions to a verified human or business operator and attests to transaction intentnot publishedLive
Vouched
vouched.id
Agents enrolled in Vouched's Know Your Agent suite receive a did:cheqd decentralized identifier and W3C verifiable credentials anchored on the cheqd network, cryptographically linking the agent back to a verified human or organizational owner. Vouched also offers Agent Checkpoint, which detects agentic traffic on a site, applies access policies, and governs delegated permissions, plus KnowThat.ai, a public registry for discovering and checking the reputation of agents before interacting with them.did:cheqd DID with W3C verifiable credentials (DID-Linked Resources on the cheqd network)Each agent DID is cryptographically linked back to the verified human or organization that authorized it, using hierarchical Decentralised Trust Chains from a root authority through accredited organizations to individual agents.Credentials support suspension and revocation with tamper-evident, on-chain history maintained on the cheqd network.Live
Businesses get a Know Your Agent (KYA) framework that issues an Agent Trust Token binding a verified consumer, their device, and an AI agent acting on their behalf, plus an Agent Registry that scores agent behavior and risk over time.Agent Trust TokenHuman-to-agent binding linking a verified consumer, device, and agentnot publishedAnnounced
Trulioo
trulioo.com
Trulioo has published a Know Your Agent (KYA) framework and a proposed Digital Agent Passport (DAP) credential intended to verify the developer, code integrity, user consent, and transaction authorization of an AI agent, and is working with Google to fit this into the AP2 agent payments protocol.Digital Agent Passport (proposed)not publishednot publishedAnnounced
No longer operating (kept as market history)
Chimoney
chimoney.io
Agents got a W3C DID based digital passport (the APort passport) with KYC and KYB built in, attached to a Chimoney agent wallet for identity verification.W3C DID based digital passportPassports were attached to individual agent wallets created via API.not publishedDead
Livein productionBetalimited accessAnnouncednot yet shippedBlank cells mean the company does not publish that detail.