Zero Trust for Agentic AI

Ship agents, not risks

The identity and trust infrastructure for autonomous AI agents. Every agent carries a cryptographic passport. Every action is signed. No verification, no trust.

Get Started Free View on GitHub
0
Runtime Dependencies
6
Signer Backends
5
Patent Claims
<10KB
Package Size
Built for teams running autonomous AI agents
OpenHands
CrewAI
LangChain
AutoGen
Claude MCP
GPT Researcher
Composio
The Problem

AI agents are running unverified

Agents handle money, access databases, deploy code, and make decisions. Nobody can prove who they are or what they did.

🔒

No Agent Identity

API keys prove a human logged in. Nothing proves which agent is making the call or whether it's been tampered with.

Unsolved
💰

No Payment Governance

Agents spending money with no identity check, no spending limits, no audit trail. One rogue agent drains an account.

Unsolved
📈

No Trust Score

Is this agent trustworthy? What's its success rate? No cryptographic, tamper-proof reputation system exists.

Unsolved
⚙️

No SDLC Pipeline

Agents go from dev to prod with no vetting, no testing gates, no approval chain. Software has CI/CD. Agents have nothing.

Workaround
🗒

No Execution Proof

Logs show what happened. They don't prove it. No cryptographic chain linking input to output to agent to timestamp.

Unsolved
🚫

No Kill Switch

Agent goes rogue? Today you scramble to find and revoke API keys across services. No instant, universal revocation exists.

Workaround
Product

Five subsystems. One engine.

Each subsystem is independently valuable. Together they form the first complete zero trust engine for AI agents.

Identity Pipeline

Every agent goes through a cryptographically sealed pipeline from intake to production. Each stage gate is signed and immutable. Tamper with the code at any stage and the hash chain breaks.

  • 6-stage pipeline: INTAKE, VETTING, TESTING, DEV, PROD, ACTIVE
  • Code hash verification at every stage transition
  • Automated security scanning before advancement
  • Full audit trail of every stage gate decision
  • Instant revocation -- drops trust score to 0
Try It Now
JavaScript
const agent = new AgentSign({ serverUrl: 'http://localhost:8888' }) // Register agent -- enters INTAKE await agent.register({ name: 'Security Scanner', category: 'security' }) // Advance through all gates to ACTIVE await agent.advanceToActive() // INTAKE -> VETTING -> TESTING -> DEV -> PROD -> ACTIVE // Get cryptographic passport const passport = await agent.getPassport() // { agent_id, code_hash, trust_score, signature }

Trust Gate

Every action -- payment, tool access, API call -- goes through the Trust Gate. Identity verified, policy enforced, transaction signed and audited. No verification, no access.

  • Identity + policy + trust score check on every action
  • Stripe-integrated payments with spending limits
  • Per-agent wallets with freeze/unfreeze controls
  • Whitelisted merchants and approval thresholds
  • Every transaction cryptographically signed
Try It Now
JavaScript
// Create wallet with spending controls await agent.createWallet({ max_per_tx_pence: 50000, // 500 max per tx max_per_day_pence: 200000, // 2000/day whitelisted_merchants: ['openai', 'anthropic'] }) // Fund wallet via Stripe await agent.fundWallet(100000) // 1000 // Pay through Trust Gate const tx = await agent.pay( 'anthropic-api', 35000, 'Claude inference' ) // { status: 'COMPLETED', stripe: { balance_tx_id } }

Signed Execution Ledger

Every execution is locally signed and hash-chained. Input hash, output hash, execution hash, signature. Tamper-evident. Offline-verifiable. Your auditor's dream.

  • Local signing -- zero network calls, zero latency
  • Deterministic JSON canonicalization (matches Python sort_keys)
  • Output tamper detection (PASS or TAMPERED)
  • 6 signer backends -- from file keys to hardware HSMs
  • Works completely offline
Try It Now
JavaScript
// Sign an execution locally (zero network) const signed = agent.sign( { task: 'approve-invoice', amount: 1500 }, { status: 'approved', txId: 'tx_abc' } ) // { executionId, inputHash, outputHash, // executionHash, signature, verified: true } // Verify the signature agent.verify(signed) // true // Check output hasn't been tampered with agent.verifyOutput( { status: 'approved', txId: 'tx_abc' }, signed ) // 'PASS'

MCP Trust Layer

The identity layer between agents and MCP tool servers. Before any agent calls a database, file system, or API via MCP, the Trust Gate checks identity, pipeline stage, and trust score. Every interaction logged.

  • Agent presents passport to MCP server
  • Trust score threshold per MCP server
  • Pipeline stage requirement enforcement
  • ALLOW/DENY decision on every tool call
  • Full connection audit log
Try It Now
JavaScript
// Verify agent access to MCP tool server const result = await agent.verifyMCP( 'mcp_database', // MCP server ID 'query' // Tool name ) // { decision: 'ALLOW', trust_score: 82 } // MCP server checks before granting access: // 1. Is passport valid? // 2. Trust score >= threshold (e.g. 80)? // 3. Pipeline stage >= ACTIVE? // 4. Not revoked? // All checks pass -> ALLOW // Any check fails -> DENY

Agent Passport

A self-contained, signed JSON document that the agent carries everywhere. Any system can verify it offline -- no server needed. Like SSL certificates, but for AI agents.

  • Self-contained: ID, name, code hash, trust score, signature
  • HMAC-SHA256 signed -- tamper-proof
  • Offline verification -- no server roundtrip needed
  • Pipeline stage embedded -- proves production readiness
  • Revocation flag -- instant kill switch
Try It Now
JSON
{ "agent_id": "a7f3b2e1", "name": "Security Scanner", "code_hash": "sha256:9f86d0...", "pipeline_stage": "ACTIVE", "trust_score": { "overall": 82, "level": "TRUSTED", "code_attested": true, "execution_rate": 0.96 }, "permissions": ["read", "scan"], "revoked": false, "signature": "hmac-sha256:a1b2c3...", "issued_at": "2026-03-10T12:00:00Z" } // Any system can verify this offline. // No server. No API call. Just crypto.
How It Works

Three steps to zero trust

Deploy the engine, onboard your agents, verify everything. That's it.

1

Deploy

Run the AgentSign engine in your cloud. One Docker image. Your keys, your KMS, your data.

  • Docker, Kubernetes, or bare metal
  • AWS KMS, Azure Key Vault, GCP KMS, Vault
  • PKCS#11 for on-prem HSMs
  • SQLite or Postgres for persistence
2

Onboard

Register agents programmatically. Each agent gets a cryptographic identity and goes through the trust pipeline.

  • npm install agentsign (Node.js)
  • pip install agentsign (Python)
  • 6-stage pipeline with security gates
  • Automated code hash verification
3

Verify

Every action goes through the Trust Gate. Identity checked, policy enforced, execution signed. Full audit trail.

  • Trust Gate on every payment and tool call
  • Signed execution ledger (tamper-evident)
  • MCP Trust Layer for tool access
  • Instant revocation and swarm kill switch
Solutions

Built for your role

Whether you're governing agents, building them, or auditing them.

Governance Without Bottlenecks

Let agents run autonomously. AgentSign provides the guardrails so you don't have to manually approve every action.

  • Cryptographic proof of every agent action for compliance and audit
  • Trust scoring across all agents -- see who's trustworthy at a glance
  • Instant revocation -- kill one agent or an entire swarm in milliseconds
  • On-prem deployment -- your cloud, your keys, your data never leaves
  • Patent-pending technology -- 5 subsystems, 10 claims filed
Get Started

Infrastructure That Scales

One Docker image, one Helm chart. Deploy to any cloud with any KMS. Same engine everywhere.

  • 6 signer backends: File, AWS KMS, Azure Key Vault, GCP KMS, HashiCorp Vault, PKCS#11
  • Helm chart with PVC, health probes, ingress, and TLS
  • Signer selection via a single env var -- no code changes
  • RESTful API -- integrate with any CI/CD pipeline
  • SQLite for development, Postgres for production
See Deploy Options

5 Lines of Code

Zero runtime dependencies. npm install and go. TypeScript definitions included.

  • npm install agentsign -- zero deps, Node >= 18
  • Full TypeScript support with .d.ts definitions
  • Local signing works offline -- zero network calls
  • register(), advance(), pay(), sign(), verify() -- simple API
  • Python SDK also available with identical API surface
View SDK Docs
Deploy

Your cloud. Your keys. One image.

Same Docker image everywhere. The only difference is an environment variable.

Quick Start

Try it in 10 seconds. File-based keys, auto-generated. Perfect for development.

docker run -p 8888:8888 \
  ghcr.io/razashariff/agentsign
☁️

Cloud KMS

Keys in your AWS, Azure, or GCP KMS. You own the keys. We never see them.

docker run -p 8888:8888 \
  -e AGENTSIGN_SIGNER=aws-kms \
  -e AWS_KMS_KEY_ID=arn:aws:kms:... \
  ghcr.io/razashariff/agentsign

Kubernetes

Production-ready Helm chart. PVC, health probes, ingress, TLS.

helm install agentsign \
  ./deploy/helm/agentsign \
  --set signer=vault \
  --set vault.addr=https://v:8200

Signing Backends

File (Default)
HMAC-SHA256, auto-generated keys
signer: 'file'
AWS KMS
ECDSA P-256 via customer CMK
signer: 'aws-kms'
Azure Key Vault
ECDSA P-256 via managed key
signer: 'azure-keyvault'
GCP Cloud KMS
ECDSA P-256 via Cloud KMS
signer: 'gcp-kms'
HashiCorp Vault
Transit secrets engine
signer: 'vault'
PKCS#11 HSM
Thales, SafeNet, YubiHSM
signer: 'pkcs11'
Get Started

Up and running in 5 minutes

Zero dependencies. Node >= 18. npm install and write 5 lines of code.

Terminal
$ npm install agentsign
JavaScript
const AgentSign = require('agentsign') // Connect to your AgentSign engine const agent = new AgentSign({ serverUrl: 'http://localhost:8888' }) // Register + advance to production await agent.register({ name: 'My Agent', category: 'finance' }) await agent.advanceToActive() // Pay through Trust Gate (identity + policy + Stripe) await agent.pay('openai', 5000, 'GPT-4 credits') // Sign executions locally (zero network) const signed = agent.sign( { task: 'approve-invoice' }, { status: 'done' } ) agent.verify(signed) // true

SDK Methods: register · advance · advanceToActive · pay · sign · verify · verifyOutput · getPassport · revoke · cosign · verifyMCP · createWallet · fundWallet · freeze · unfreeze · stripeAction

Governance & Compliance

Governance is not an afterthought

The EU AI Act is law. NIST AI RMF is the US baseline. Regulators are coming for unverified AI systems. AgentSign was built for this.

The EU AI Act is here. Are your agents ready?

The EU AI Act (Regulation 2024/1689) came into force in August 2024, with enforcement beginning February 2025. It is the world's first comprehensive legal framework for AI systems -- and it applies to any AI agent operating within the EU or affecting EU citizens.

What the Act Requires

Article 9 mandates risk management systems. Article 12 requires automatic logging of AI operations. Article 13 demands transparency. Article 14 requires human oversight mechanisms. Article 15 requires accuracy, robustness, and cybersecurity. High-risk AI systems face the strictest requirements -- and autonomous agents making financial, hiring, or infrastructure decisions are squarely in scope.

Traditional AI governance tools focus on model evaluation and prompt testing. They don't address the identity, provenance, and execution integrity of autonomous agents. AgentSign does.

Every pipeline stage, every execution, every trust score decision is cryptographically recorded. That's not a dashboard metric -- it's evidence.

EU AI Act

Risk Management & Logging (Art. 9, 12)

AgentSign's identity pipeline is a risk management system. Every stage transition, security scan, and approval decision is signed and immutable. The execution ledger provides the automatic logging Article 12 demands -- not just what happened, but cryptographic proof it happened.

ISO 42001

AI Management System

ISO 42001 requires documented AI lifecycle management. AgentSign's 6-stage pipeline (INTAKE through ACTIVE) maps directly to the AI lifecycle. Trust scores, execution records, and passport history provide the continuous monitoring ISO 42001 expects.

SOC 2 Type II

Security & Availability Controls

Signed execution chains, tamper detection, and hardware-backed signing (PKCS#11, CloudHSM) satisfy SOC 2 trust service criteria. On-prem deployment means your audit boundary is your infrastructure -- not a third-party SaaS.

NIST AI RMF

AI Risk Management Framework

NIST AI 600-1 (AI RMF) calls for governance, mapping, measuring, and managing AI risk. AgentSign's trust scoring (0-100) quantifies agent risk. Pipeline stages map agent maturity. Revocation provides the "manage" control when risk exceeds tolerance.

How AgentSign maps to regulatory requirements

Art. 9 -- Risk Management
Identity Pipeline
6-stage vetting with security gates
Art. 12 -- Automatic Logging
Execution Ledger
Hash-chained, signed, tamper-evident
Art. 13 -- Transparency
Agent Passport
Self-contained, offline-verifiable identity
Art. 14 -- Human Oversight
Trust Gate
Policy enforcement + instant revocation
Art. 15 -- Cybersecurity
HSM Signing
PKCS#11, CloudHSM, FIPS 140-2
NIST AI RMF -- Measure
Trust Scoring
Cryptographic, tamper-proof 0-100 score
Pricing

Start free. Scale when ready.

The engine is free and open source. Enterprise features and support for teams that need them.

Open Source
Free
Forever. Self-hosted.
  • Full AgentSign engine
  • Up to 25 agents
  • Identity pipeline + Trust Gate
  • Signed execution ledger
  • File-based signing (HMAC-SHA256)
  • MCP Trust Layer
  • Community support (GitHub)
Get Started
Enterprise
Custom
Per agent, per month. Volume discounts.
  • Everything in Open Source
  • Unlimited agents
  • Cloud KMS integration (AWS, Azure, GCP)
  • HashiCorp Vault + PKCS#11 HSM
  • Stripe Trust Gate payments
  • EU AI Act compliance reporting
  • Priority support + SLA
  • Dedicated onboarding
Contact Us for Pricing
On-Prem / Air-Gapped
Custom
Annual license. Your infrastructure.
  • Everything in Enterprise
  • Air-gapped deployment support
  • FIPS 140-2 validated signing
  • Custom Helm chart configuration
  • SSO / LDAP integration
  • Compliance audit package
  • White-glove deployment
Contact Sales

All plans include the full AgentSign engine. Your data never leaves your infrastructure. No usage telemetry. No cloud dependency. Patent Pending.

The Gap

600,000+ GitHub stars.
Zero agent identity.

We audited the 12 most popular agent frameworks. None have cryptographic agent identity, execution signing, or trust scoring. 91% of orgs use agents. Less than 10% secure them.

Framework Stars Identity Signing Trust Score MCP Verify Revocation
AutoGPT182K
LangChain / LangGraph100K+
MCP Ecosystem80.7K
OpenHands64K
Microsoft AutoGen50.4K~
CrewAI45.6K
Hugging Face smolagents25.5K
OpenAI Agents SDK19.4K
Google ADK / Vertex15.6K~~
NeMo Guardrails5.7K
Amazon BedrockManaged~~
Devin / Cognition AIClosed
AgentSignOSS
🔒

Guardrails guard content.
AgentSign guards identity.

NeMo Guardrails filters what agents say. AgentSign verifies who agents are, what they did, and provides cryptographic proof.

☁️

Cloud IAM is not agent identity.

AWS Bedrock and Google Vertex have IAM -- but it's cloud-locked. AgentSign is vendor-neutral, on-prem, and portable across any infrastructure.

🔗

MCP has 80K stars.
Zero agent authentication.

A scan of 2,000 MCP servers found all lacking authentication. AgentSign's MCP Trust Layer is the missing verification gate.

= native support    ~ = partial (cloud-locked IAM)    = not available    Source: GitHub, March 2026. Okta/Strata 2025-2026 research.

Stop trusting.
Start verifying.

The passport system for AI agents. Identity, trust, and proof of every action.

npm install agentsign View on GitHub

Patent Pending · CyberSecAI Ltd · Zero runtime dependencies · MIT License