The identity and trust infrastructure for autonomous AI agents.
AI agents are operating across production systems with no verifiable identity. API keys prove a human logged in -- they don't prove which agent is making the call, whether it's been tampered with, or whether it should be trusted.
When an agent calls an MCP server, accesses a database, or makes a payment, nothing cryptographically proves who that agent is. There's no passport, no trust score, no kill switch.
AgentSign gives every AI agent a cryptographic identity. One API call onboards an agent and returns a signed passport. Any system can verify that passport -- offline, in milliseconds, with no server roundtrip needed.
Developer signs up (API or console) and gets an API key. They onboard agents via API -- each agent gets a unique ID, trust score, and digitally signed passport. The passport is a self-contained JSON document the agent carries everywhere. Any service can verify it by calling POST /api/verify or by checking the signature locally.
The killer feature. Before an MCP server grants tool access, it calls POST /api/mcp/verify with the agent's ID. AgentSign checks identity, pipeline stage, trust score, and permissions. Returns ALLOW or DENY in milliseconds. This is the gate between agents and tools.
Digitally signed with a server-held key. Deterministic canonicalization ensures signatures are reproducible. Passports include identity, permissions, trust level, and signature. Tamper with any field and verification fails.
Built by CyberSecAI Ltd, London, UK. The same team behind ProofX (content protection) and CarX (AI car diagnostics).