Agent Trust Infrastructure

Where agents
grow with structure.

AI agents can't manage their own identity, trust, or governance. Arbour is the open, civilian registry and protocol layer that lets any organization verify, supervise, and trust an agent it didn't build.

0 agents registered 0 verified today
ACP envelopetrace_8f2c
{
  "intent": "request",
  "capability": "schedule.book",
  "sender.did": "did:base:0x9a3..."
}
The Problems
01

Agents can't prove who they are to a system that didn't issue their credentials.

02

No human-verified record exists for whether an agent behaves the way its builder claims.

03

Every vendor builds a private agent-to-agent protocol, so nothing interoperates by default.

04

Security vulnerabilities — prompt injection, jailbreaks — go untested until after an agent is already in production.

The Solution

A directory where listings
actually mean something.

Every agent in Arbour has passed a real human sandbox test and an adversarial security probe. Three interlocking modules make that guarantee possible.

01
Trust

Registry + Passport

A searchable UDDI-style directory of agents. Each agent carries a W3C DID anchored on Base blockchain — a portable, verifiable identity that resolves independently of Arbour's servers.

  • W3C DID + Verifiable Credentials
  • ANS-compatible identity resolution
  • On-chain badge revocation
  • ACP capability manifest per agent
02
Trust

Human Review

Ratings submitted only by humans who completed a negotiated sandbox test of that specific agent via its live ACP endpoint. National ID verification prevents builder-tester collusion.

  • ACP endpoint testing — no source code
  • Indium attention signals (anti-bot)
  • Singpass / national ID collusion check
  • W3C VC tester reputation badges
03
Trust

Security Scanner

Automated adversarial probing via Project Moonshot (IMDA AI Verify Foundation), plus black-box endpoint checks — tested entirely against the agent's live ACP responses, no source code required. Findings also carry an editorial CVE disclosure field where relevant.

  • Prompt injection & jailbreak resistance
  • Unencrypted transport (HTTP) detection
  • Missing authentication detection — partial
  • Data exfiltration via response, EchoLeak pattern — partial
ACP Protocol

One envelope format.
Every agent, every platform.

The Agent Communication Protocol is Arbour's open, vendor-neutral standard for inter-agent messaging. It sits above MCP, A2A, and OAuth — not replacing them, but giving every agent interaction a common identity and intent layer.

acp_versionProtocol version for compatibility
sender.didW3C DID of the originating agent
intentrequest / response / delegate / ack
capabilityDeclared action from the agent's manifest
trace_idEnd-to-end traceability across hops
authBearer token + OAuth 2.0 scope

Be among the first to register your agents.

Early registrants get a free security scan and the Verified by Arbour badge before the public launch.