An open protocol and edge-verified PKI for the agentic web. Stateless, sub-50 ms, vendor-neutral, chain-agnostic — built so legitimate agents pass bot-defense and the rest stay blocked.
Apache 2.0 · open spec · interop with MCP, A2A, Kite, SPIFFE, OWASP ANS
Issuer signs a passport. Agent presents it. Verifier validates it. All in under 50 milliseconds — globally, at the edge.
p99 verify · edge global
RFC 8032 signing throughout
passport lifetime · short-lived
DNS · KYB · hardware-attested
Cloudflare, DataDome, hCaptcha, Arkose either overblock (frustrate humans whose agents are working on their behalf) or underblock (bleed data and revenue to actual abuse). They need a third bucket.
MCP, A2A, AP2 — each solves identity inside its own walls. Nobody is building the neutral cross-vendor layer the rest of the web needs to verify an agent that doesn't live in their stack.
1–12 second finality + gas fees + an audit story that doesn't pass SOC 2 or the EU AI Act. Fine for settlement; unusable for the 90% of agent traffic that's research, scheduling, reading, automation.
The classical-PKI answer is missing. That's what AgentPKI is — open spec, edge-verified, vendor-neutral, chain-agnostic.
AgentPKI is the cross-vendor edge identity layer. It plugs into the protocols you already care about — and stays out of the way of the ones you don't.
Each adjacent protocol owns a piece. AgentPKI is the piece that lets any system verify "this agent is who it says it is" without trusting any single vendor — the same role TLS plays for service-to-service trust on the rest of the web.
Three participants, one verification path.
The agent platform signs a short-lived passport with Ed25519 — PASETO v4 envelope, 24h max lifetime, agent identity plus capability scope plus trust tier. Keys live in a managed HSM or hardware-attested enclave.
The SDK attaches the passport to every outbound request — either as a bearer header for simple flows, or via RFC 9421 HTTP Message Signatures bound to the request body. Two lines of integration.
A Cloudflare Workers edge resolves the issuer public key, verifies the signature, checks the revocation Bloom filter, applies site policy, and returns a verdict — all in under 50 milliseconds, globally.
No proprietary crypto. No bespoke tokens. Just the well-vetted primitives the rest of the internet runs on.
Platform-Agnostic Security Tokens. Modern alternative to JWT — no algorithm-confusion footgun.
EdDSA curve. Fast, deterministic, side-channel resistant. The crypto every modern stack agrees on.
Mode B binds the passport to method, URL, and body — kills replay attacks within the signature window.
Standard X.509 public-key envelope. Drop into existing PKI tooling without translation.
Spec under Apache 2.0 (patent grant). SDKs and reference verifier under MIT. Forkable, embeddable, no rug-pull.
Credential-envelope abstraction in the spec lets a Verifiable-Credential mode slot in backward-compatibly.
Agents sign with the SDK. Sites verify with one POST. Bot-defense vendors slot in 30 lines of middleware.
import { AgentPKI } from '@agentpki/sdk';
const agent = new AgentPKI({
issuer: 'anthropic.com',
agentId: 'agent:anthropic.com/research-bot-v3',
scope: ['read:articles', 'read:public-data'],
});
// Auto-signs every outbound request
// (RFC 9421 Mode B by default)
const res = await agent.fetch(
'https://reuters.com/api/article/123'
);POST https://verify.agentpki.dev/v1/verify
Content-Type: application/json
{
"token": "v4.public.eyJpc3M...",
"mode": "B",
"request": {
"method": "GET",
"url": "https://reuters.com/..."
}
}
→ HTTP 200 (21ms warm · 50ms cold)
{
"verdict": "allow",
"passport": {
"issuer": "anthropic.com",
"tier": 2,
"scopes": ["read:articles"]
},
"abuse_score": 0.02,
"crl_fresh": true,
"replay_checked": true
}// Slot into Cloudflare / DataDome /
// hCaptcha / Arkose decision pipelines.
// SIGNAL-only — never overrides yours.
const apkiSignal = async (req) => {
const token = req.headers
.get('AgentPKI-Token');
if (!token) return null;
const r = await fetch(
'https://verify.agentpki.dev/v1/verify',
{ method: 'POST',
body: JSON.stringify({ token }) }
);
const v = await r.json();
return { verdict: v.verdict,
tier: v.passport?.tier };
};
// → feeds your existing score
score -= (await apkiSignal(req))
?.verdict === 'allow' ? 30 : 0;live on production infrastructure
Run the mint → verify pipeline against the deployed Workers right now. No signup, no install — one click in your browser.
demo.agentpki.dev/mint → verify.agentpki.dev/v1/verify Runs entirely in your browser. CORS-enabled on both Workers — the page itself has no backend. The demo issuer uses a hardcoded keypair clearly labeled DEMO-ONLY in source; production issuers use HSM-resident keys per spec §5.3.
Mint passports for your agent fleet. T1 DNS-verified is free. T2 KYB-verified unlocks paid scopes and commerce flows. T3 hardware-attested for high-stakes financial and healthcare use.
Claim your domain →Verify agents at the edge before serving. Set a policy (minimum tier, required scopes, abuse threshold) and let the verifier decide. Allow, throttle, or deny — your call.
Read the policy spec →Drop-in trust signal for your decision pipeline. Native modules planned for Cloudflare, DataDome, hCaptcha, Arkose. Stops false positives on real agent traffic without weakening anti-abuse.
See the 30-line drop-in →The protocol, SDKs, reference verifier, and bot-defense middleware are Apache 2.0 / MIT open source. We sell the hosted operational layer on top — pick the lane that matches your scale.
For individual developers, OSS projects, and small teams self-serving.
No credit card · 2-minute setup
For SaaS teams shipping agents — hosted issuer, no Worker to run yourself.
No card during trial · cancel anytime
For banks, regulated industries, bot-defense vendors, and large agent fleets.
48h response · NDAs available
| Customer type | Typical scale | Best-fit tier | Outcome they get |
|---|---|---|---|
| Solo dev / OSS project | < 10k mints/mo | Free | Real cryptographic identity for their agent without running infrastructure |
| SaaS shipping AI agents | 10k–1M mints/mo | Hosted $99/mo | Issue + rotate keys + audit, no Worker to operate. Customers' bot-defense vendors stop blocking their agent traffic. |
| Website / API operator | any | Free verifier | Distinguish legit AI agents from scrapers at the edge, set a per-route policy |
| Bot-defense vendor | 100M+ verifies/mo | Enterprise · rev share | Native AgentPKI signal in their decision pipeline, false-positive reduction, co-marketing as "AgentPKI inside" |
| Bank / regulated enterprise | 10–500 issuers | Enterprise · T2/T3 | KYB-verified issuance, SOC 2 / EU AI Act paper trail, hardware-attested keys, residency control |
| Agent marketplace / federation | multi-tenant | Enterprise · federation | Cross-org passport scoping (vendor A's agents allowed at vendor B's API under negotiated terms) |
Mints/verifies/issuers numbers are guidance, not hard caps. Need something different? Email us — we tailor.
Free DNS-tier (T1) signup. Verify your domain, mint Ed25519 keys, deploy a real-issuer Worker — all from a self-serve dashboard.
Bot-defense vendors, enterprise design partners, and agent platforms — reach out directly at [email protected]. Personal reply within 48 hours.