AI agents can't manage their own identity, trust, or governance. Arbour is the open, civilian registry and protocol layer that lets any organization verify, supervise, and trust an agent it didn't build.
{
"intent": "request",
"capability": "schedule.book",
"sender.did": "did:base:0x9a3..."
}
Agents can't prove who they are to a system that didn't issue their credentials.
No human-verified record exists for whether an agent behaves the way its builder claims.
Every vendor builds a private agent-to-agent protocol, so nothing interoperates by default.
Security vulnerabilities — prompt injection, jailbreaks — go untested until after an agent is already in production.
Every agent in Arbour has passed a real human sandbox test and an adversarial security probe. Three interlocking modules make that guarantee possible.
A searchable UDDI-style directory of agents. Each agent carries a W3C DID anchored on Base blockchain — a portable, verifiable identity that resolves independently of Arbour's servers.
Ratings submitted only by humans who completed a negotiated sandbox test of that specific agent via its live ACP endpoint. National ID verification prevents builder-tester collusion.
Automated adversarial probing via Project Moonshot (IMDA AI Verify Foundation), plus black-box endpoint checks — tested entirely against the agent's live ACP responses, no source code required. Findings also carry an editorial CVE disclosure field where relevant.
The Agent Communication Protocol is Arbour's open, vendor-neutral standard for inter-agent messaging. It sits above MCP, A2A, and OAuth — not replacing them, but giving every agent interaction a common identity and intent layer.
Early registrants get a free security scan and the Verified by Arbour badge before the public launch.