Proposal: Agent Trust Cards (ATC) — SSL certificates for AI agents
Context
Continue is a popular AI coding assistant that supports MCP servers. As users install more MCP servers, being able to verify which servers are security-audited becomes important for safe adoption.
Agents increasingly call external tools and other agents. But there's no standard way to verify:
- Is the agent/tool I'm calling who it claims to be?
- Has it been security-audited?
- Has its key been revoked?
This is the same problem the web had before SSL.
What I built
ATC (Agent Trust Card) — a lightweight trust layer for agents, inspired by SSL certificates:
- Ed25519 signed by a Certificate Authority (MarketNow Sentinel CA)
- Verifiable by anyone with the CA public key (public on GitHub)
- Revocable — compromised agents are flagged in real-time
- Sentinel-scored — each ATC includes a 0-10 security audit score from an 8-layer pipeline (L1.5 metadata → L1.8 YARA-equivalent malware family detection)
API
Issue: POST https://marketnow.site/api/atc {"action":"issue", agent_id, public_key}
Verify: GET https://marketnow.site/api/atc?action=verify&card_id=X
Revoke: POST https://marketnow.site/api/atc {"action":"revoke", card_id}
CA key: GET https://marketnow.site/api/atc?action=ca-key
List: GET https://marketnow.site/api/atc
Links
Not asking for adoption — just sharing in case the trust-layer pattern is useful. Feedback welcome.
— Edison Flores, AliceLabs LLC
Proposal: Agent Trust Cards (ATC) — SSL certificates for AI agents
Context
Continue is a popular AI coding assistant that supports MCP servers. As users install more MCP servers, being able to verify which servers are security-audited becomes important for safe adoption.
Agents increasingly call external tools and other agents. But there's no standard way to verify:
This is the same problem the web had before SSL.
What I built
ATC (Agent Trust Card) — a lightweight trust layer for agents, inspired by SSL certificates:
API
Links
Not asking for adoption — just sharing in case the trust-layer pattern is useful. Feedback welcome.
— Edison Flores, AliceLabs LLC