How AgentPKI verification works

1. The problem

AI agents are increasingly browsing, calling, and acting on people's behalf — booking appointments, answering customer questions, scraping prices, making payments. There's been no standard way to verify which agents are real, who runs them, and what they're allowed to do.

Anyone can spin up a bot and label it "Anthropic's customer-support agent" or "Stripe's billing agent." Without cryptography, you have no way to tell.

2. The analogy

AgentPKI works like HTTPS for the web. Websites only show a padlock if they obtained an SSL certificate. AgentPKI only shows a verified badge if the agent operator registered a cryptographic passport with an issuer that AgentPKI recognizes.

Just like HTTPS doesn't say "this website is good" — it just says "this website is who it claims to be and the connection is secure" — AgentPKI's verification means the agent's identity is real and traceable. Not that you should trust the agent.

3. Three result states

When you check an agent at agentpki.dev/check, you get one of three answers:

4. Why most agents are unverified today

AgentPKI launched in June 2026 as an open standard. Adoption takes time, just as the early web had almost no HTTPS sites in 1995 and now nearly all of them do.

Today, the vast majority of AI agents have not yet registered with AgentPKI. So most checks return "Unverified". As adoption grows over the next several months and years, "Verified" will become more common and "Unverified" rarer.

In the meantime, the "Unverified" answer is still useful — it tells you the agent has not proven who it is, so you should apply normal caution.

5. What "Verified" guarantees and doesn't guarantee

Verification proves identity is real and traceable:

• The agent presented a cryptographic passport.
• An issuer that AgentPKI recognizes signed that passport.
• The passport has not been revoked.
• The signature checks out mathematically.

Verification does NOT mean:

• The agent is endorsed or recommended by AgentPKI.
• The agent is safe for any particular use.
• The agent's operator has good intentions.
• You should share sensitive information with it.

Always use your own judgment. Verification answers "is this who it claims to be?" — not "should I trust it?"

6. What to do if you get "Unverified"

• Don't share sensitive information — passwords, account numbers, social security numbers, payment details.
• Verify through official channels. If the agent claims to be from a company, contact that company directly through its website or known phone number.
• Be skeptical of urgency or payment requests. Common scam tactic: artificial deadlines, "limited time" offers, demands for immediate payment.
• If you believe the agent is a scam, report it from the /check page. Your reports help future users by flagging the identifier in our community database.

7. How agents get verified

Any operator running an AI agent can register at dashboard.agentpki.dev. The flow is:

1. Sign up with email (magic link, no password).
2. Verify a domain you control (DNS TXT record).
3. Mint an Ed25519 keypair in browser-resident Web Crypto.
4. Publish your issuer key at your-domain/.well-known/agentpki-issuer.json.
5. Use the @agentpki/sdk npm package to mint short-lived passports for your agents.

Once your domain serves the issuer file and your passports are signed, every /v1/verify call against your agent's passport returns Verified.

8. The open standard

AgentPKI is open source, MIT/Apache 2.0 licensed, and built on a public protocol. The spec is at agentpki.dev/spec/v0.1. Anyone can implement verification themselves; the verifier service at verify.agentpki.dev is just one implementation — a reference. You can run your own verifier from the source at github.com/agentpki/verifier.

There is no vendor lock-in, no per-call fee, no proprietary protocol. AgentPKI is designed to be the way the internet identifies AI agents the way HTTPS is the way the internet secures connections.