live · agentpki.dev — live reference issuer & verifier · v0.1 alpha

Cryptographic identity for
AI agents.

A passport-based identity system for AI agents on the public internet.

Open protocol, edge-verified, sub-50 ms, vendor-neutral, chain-agnostic — built so legitimate agents pass bot-defense and the rest stay blocked.

Apache 2.0 · open spec · interop with MCP, A2A, Kite, SPIFFE, OWASP ANS

The trust flow · live

One signature. Three actors. Verified at the edge in under 50 ms.

ISSUER anthropic.com Ed25519 · T2 KYB PASSPORT v4.public.eyJpc3MiOi JhbnRocm9waWMuY29t read:* tier: 2 Ed25519 · 24h max VERIFIER verify.agentpki.dev < 50ms p99 · edge mint PASETO v4.public verify RFC 9421 Mode B verdict: allow tier: 2 · abuse: 0.02 cached_until: +60s issuer key kid: anthropic-2026-q2 HSM-resident · rotates 90d

How to read this

01 Issuer signs

The agent platform mints a passport.

An agent platform (e.g., anthropic.com) signs a short-lived PASETO v4 passport with its Ed25519 private key. Key lives in an HSM and rotates every 90 days. The passport carries the agent's identity, scope, and trust tier.

02 Agent presents

The SDK attaches it to every request.

Either as a bearer header (Mode A, simple) or via RFC 9421 HTTP Message Signatures bound to the request body (Mode B, integrity). One-line integration for the agent platform.

03 Verifier validates

The edge returns a verdict in under 50 ms.

The verifier fetches the issuer's public key from /.well-known/agentpki-issuer.json (KV-cached), checks the Ed25519 signature, consults the CRL, applies site policy, returns allow / throttle / deny.

No shared secrets. No blockchain. No callout to a vendor's API. The site doesn't trust any single bot-defense vendor — only the issuer's published public key.

Watch it run live
<50 ms

p99 verify · edge global

Ed25519

RFC 8032 signing throughout

24 h max

passport lifetime · short-lived

3 tiers

DNS · KYB · hardware-attested

Designed to compose.

AgentPKI is the cross-vendor edge identity layer. It plugs into the protocols you already care about — and stays out of the way of the ones you don't.

Each adjacent protocol owns a piece. AgentPKI is the piece that lets any system verify "this agent is who it says it is" without trusting any single vendor — the same role TLS plays for service-to-service trust on the rest of the web.

MCP A2A Kite SPIFFE OWASP ANS
MCP Anthropic A2A Google Kite commerce SPIFFE workloads OWASP ANS discovery AgentPKI cross-vendor edge identity PASETO · Ed25519

Who it's for

Agent platforms

Mint passports for your agent fleet. T1 DNS-verified is free. T2 KYB-verified unlocks paid scopes and commerce flows. T3 hardware-attested for high-stakes financial and healthcare use.

Claim your domain →

Websites & APIs

Verify agents at the edge before serving. Set a policy (minimum tier, required scopes, abuse threshold) and let the verifier decide. Allow, throttle, or deny — your call.

Read the policy spec →

Bot-defense vendors

Drop-in trust signal for your decision pipeline. Native modules planned for Cloudflare, DataDome, hCaptcha, Arkose. Stops false positives on real agent traffic without weakening anti-abuse.

See the 30-line drop-in →

Spin up your own issuer in 3 minutes.

Free DNS-tier (T1) signup. Verify your domain, mint Ed25519 keys, deploy a real-issuer Worker — all from a self-serve dashboard.

Bot-defense vendors, enterprise design partners, and agent platforms — personal reply within 48 hours.

Talk to Founder

Personal reply from Founder within 48 hours. Tell us a bit about you — what you're building, what you'd want from AgentPKI, anything you want to push back on.

By submitting, you agree we can email you back. We don't share leads, ever.