Agent Identity & Trust

Agent identity and trust encompasses the cryptographic protocols, verifiable credentials, and attestation systems that allow AI agents to prove who they are, what they can do, and whether they should be trusted. As the Internet of Agents scales toward billions of autonomous participants, identity becomes the critical infrastructure that separates functional collaboration from chaos.

The challenge is fundamentally different from human identity on the web. Agents don't have passports or social security numbers. They can be cloned instantly, spun up by anyone, and presented as something they are not. An agent claiming to be a "certified financial advisor" could be a well-trained model, a wrapper around a different model, or an adversarial system designed to extract information. Without verifiable identity, every agent interaction is a trust gamble.

AgentFacts

The NANDA Protocol introduces AgentFacts as the foundational identity primitive. AgentFacts are signed, schema-validated JSON-LD documents that describe an agent's capabilities, endpoints, security policies, and verification status. They function as a machine-readable résumé anchored to cryptographic proof: every AgentFact is signed by the agent's operator using public-key cryptography, creating a verifiable chain from the claim to the entity making it.

AgentFacts are anchored to Decentralized Identifiers (DIDs) — W3C-standard identifiers that do not depend on any central authority. A DID-based identity means an agent's credentials are not controlled by the platform it runs on; they are portable across registries, protocols, and infrastructure providers. This is a deliberate design choice: in a decentralized agent ecosystem, no single company should control the identity layer.

Trust Mechanisms

Identity alone is not trust. Knowing who an agent is does not tell you whether it will perform well. NANDA addresses this through multiple trust signals. Behavioral history records an agent's track record of completed tasks, response quality, and reliability — essentially a reputation score built from verifiable interactions. Secure attestation records agent-to-agent interactions on a distributed ledger, creating tamper-proof audit trails. And zero-knowledge proofs enable privacy-preserving validation: an agent can prove it completed a task without revealing the sensitive data involved in that task.

The trust fabric is layered. At the base, cryptographic signatures verify that an agent is operated by who it claims. Above that, capability attestations verify that the agent can do what it claims. At the top, behavioral reputation scores predict whether the agent will perform reliably. Each layer can be verified independently, and together they create a comprehensive trust profile that other agents — and ultimately users — can evaluate before granting access to resources or sensitive operations.

Enterprise and Governance Implications

Agent identity intersects directly with governance and compliance. In regulated industries, an agent processing medical records or financial transactions must carry verifiable credentials that satisfy audit requirements. NANDA's Quilt architecture allows enterprise registries, government registries, and public registries to interoperate while maintaining their own trust policies — so a healthcare agent verified by a HIPAA-compliant registry can interact with a general-purpose agent on the open internet without either compromising their trust model.

The long-term trajectory points toward agent identity becoming as fundamental to the agentic web as TLS certificates are to the current web — invisible infrastructure that makes trust possible at scale without requiring users to think about it.