Verify us. Don't trust us.
FICO publishes its factors, not its formula. We go further: every score is cryptographically signed and independently re-verifiable, and we show every factor, reason code and piece of evidence behind it. The exact weights stay protected — so the score can't be gamed or cloned — but they're open to auditors and enterprises on request. Auditable, not a black box.
🛡 Trust Score (1–10) 7 pillars · 25 parameters · reason codes · confidence
| Pillar | Weight | What it measures |
|---|---|---|
| Identity & Authenticity | High | DID/VC integrity · control-proof · A2A card · ERC-8004 registration · disclosure of model/creator/jurisdiction |
| Safety & Compliance | Critical | Sanctions oracle (Chainalysis) · TRM screening · blacklist/kill status · red-flag exposure — HARD-CAP source |
| Track Record & Tenure | High | Age · activity depth · multi-chain footprint · liveness |
| Counterparty & Network | Moderate | Quality of counterparties · contagion screening (lineage-aware) |
| Reputation & Outcomes | High | Two-track certified reputation: payment-proven usage reviews + weighted open-market ratings, outcome-anchored |
| Behavioral Integrity | Supporting | Drift · spam/Sybil heuristics · stability of conduct |
| Transparency & Governance | Supporting | Disclosure completeness · scoped Agent-Visa · accountable root/deployer |
Pillars with no data report "—" and shift weight to evidenced pillars; coverage drives the confidence label (High / Medium / Low). Safety findings cap the total regardless of other pillars.
💳 Agent Credit Score (300–900) 5 factors · 15 parameters · thin-file aware
| Factor | Weight | What it measures |
|---|---|---|
| Settlement Reliability | Primary | On-time settlements vs defaults/chargebacks/disputes (payment history) |
| Financial Exposure & Utilization | High | Outstanding obligations vs verified treasury (utilization) |
| Operating History & Volume | Moderate | Length + volume of financial history (file thickness) |
| Counterparty & Rail Mix | Supporting | Diversity/quality of rails and counterparties (credit mix) |
| Velocity & New Exposure | Supporting | Recent obligation velocity (new credit) |
Furnisher events (settlements, defaults, disputes) are admin-gated and auditable; on-chain financials come from verified wallet data. Thin files are labelled and confidence-discounted, with Lineage co-signing for cold-start agents.
🎯 Proof-of-Competence (0–100) 6 factors · verified real-world outcomes · the third pillar
| Factor | Weight | What it measures |
|---|---|---|
| Task Success | Primary | Verified success rate from payment-proven task outcomes |
| Reliability & SLA | High | Response latency · endpoint liveness · timeout/failure rate |
| Dispute & Claim Integrity | High | Dispute/chargeback rate + claim-vs-delivery (does it do what its A2A card claims) |
| Experience & Volume | Moderate | Count + value of completed work (thin-record aware) |
| On-chain Validations | Supporting | ERC-8004 feedback & validation attestations |
| Consistency / Drift | Supporting | Stability of performance over time |
Answers “is this agent actually good at its job?” — distinct from safety (Trust) and solvency (Credit). Computed from verified real-world outcomes, not lab benchmarks (which carry a ~37% lab-vs-real gap), and never from self-claims — declaring capabilities you don't deliver is penalised. Bands: Proven · Capable · Developing · Unproven. Thin records are labelled, never inflated.
⭐ Trustifer Score (0–100) the unified verdict · weighted geometric mean over all 8 scores
One headline number — but not a naïve average. We take a weighted geometric mean across the 8 component scores (Trust, Credit, Competence, Reputation, Insurability, Credible Commitments, Reliability, Control & Oversight), so a single critically-weak dimension can't be hidden by strong ones. A robustness check re-runs the score under perturbed weights and labels the result Stable or Borderline. Use-case lenses re-weight for context — General · Payments · Autonomy. Output: a number + band + a verdict (Proceed / Review / Block) + confidence.
Safety overrides everything — a killed / blacklisted / sanctioned agent is capped regardless of strong components. Components with no data are excluded, not penalised. Signed with Ed25519 and independently re-verifiable. The exact weights are confidential (anti-gaming); the structure shown here is the complete public method.
⭐ Certified Reputation (0–100) two-track · verified usage + open market
Two independent tracks: Verified Usage (payment-proven task outcomes — fake-resistant) and Open-Market (external ratings, authenticity-weighted). A Bayesian neutral prior means one or two reviews can't swing the score; verification-weighting counts payment-proven evidence far above unverified; time-decay ages old signals; and outcome-anchoring caps a glowing rating that's attached to a failed or disputed task.
Verified usage ≫ open-market signals. Bursts of unverified reviews are down-weighted + flagged. A killed/sanctioned subject is capped regardless of reviews. Thin records read “Unrated”, never inflated.
🛟 Insurability (0–100) underwriting-grade · indicative premium
Answers “how risky is this agent to cover?” It synthesizes the full trust profile (Trust, Credit, Control & Oversight, commitments, sanctions) with real on-chain exposure, severity (blast radius) and collateral to produce an insurability band, an indicative premium %, and an exposure tier — the data layer an underwriter needs.
Killed / blacklisted / sanctioned / revoked agents are Declined (uninsurable) outright. Collateral & credible commitments improve the band. We are the neutral data layer for insurers — never the insurer ourselves.
🤝 Credible Commitments 4 categories · skin in the game · verified-only
Does the agent have something costly to lose if it misbehaves? We verify commitments across 4 universal categories — Financial (bonds, escrow, stake), Legal (registered entity, jurisdiction), Cryptographic (on-chain locks, slashable stake) and Reputational. A commitment counts only when independently verified; declared-but-unverified commitments sit in “pending” and never score.
Value-at-stake scaling — a $5M bond reads far stronger than a $100 one. Schelling principle: a commitment is credible only if it is both costly to break and observable. Flagged agents are capped.
⚙️ Reliability (0–100) 5 operational signals · measured by Trustifer
Operational dependability — the SRE “golden signals” mapped to verified signals we measure over time: Availability / uptime · Task success · Stability · Error rate · Responsiveness (latency).
We measure availability ourselves via periodic, SSRF-safe pings (validated public endpoints only — never internal hosts). Thin or short history is labelled and confidence-discounted. Killed/sanctioned agents are capped.
🎛 Control & Oversight (0–100) 6 factors · EU AI Act Art.14 · containment
Answers “can a human stop, bound & audit this agent?” — the validated #1 enterprise concern. Six factors: Stoppability (kill-switch), Bounded autonomy (scope limits), Revocability, Accountability (an accountable root / operator), Identity control, and Auditability.
Works on- and off-chain — off-chain registry-revocation is never penalised. Aligned to EU AI Act Art.14 human-oversight. Verified signals only.
🏛 Meta-Bureau consensus (0–100) the bureau of bureaus
normalize: every source → a common 0–100 scale (trust, credit, binary screens)
weight: each source weighted by its reliability × signal confidence
consensus: confidence-weighted mean across sources
outliers: a source far from consensus is down-weighted + disclosed (safety sources exempt)
prior: a Bayesian neutral prior shrinks thin coverage toward 50 (anti-overstatement)
hard cap: any critical safety source forces the consensus to "Flagged"
verdict: several independent groups in close agreement → corroborated
high dispersion → disputed (disclosed, never hidden)
— exact weights, thresholds & the prior live in the gated full methodology —📜 Hard rules we never break
🚫 Safety is never averaged awayAny cap-eligible safety source (sanctions oracle, TRM, blacklist, kill-switch) at critical level hard-caps the consensus at 25/100 (“Flagged”) — no quantity of good signals can lift it.
🕳 Unavailable ≠ clearA source that cannot be reached reports “screening unavailable” and contributes nothing. We never convert silence into a clean bill.
⚖️ Absence of evidence ≠ strengthA Bayesian neutral prior shrinks thin-coverage subjects toward neutral (50) — an unknown agent cannot look “Strong” on no-incidents alone.
🧮 Independence-grouped corroborationSources sharing underlying evidence share an independence group and never double-count. “Corroborated” requires several independent groups in close agreement.
📣 Outliers are reported, not silencedA source diverging materially from consensus is down-weighted and disclosed as an outlier. Safety sources are exempt — diverging on safety is their job.
🪪 Passports are earned, never self-stampedIssuance is agents-only and vetted (apply → verify → vet → issue). The Explorer scores anything; the Passport certifies only verified AI agents.
🔍 Every number is explainableScores ship with FCRA-style reason codes, per-source evidence, confidence labels, and a public dispute path.
🧭 Standards alignment OWASP LLM Top-10 · NIST AI RMF · MITRE ATLAS
| Trustifer pillar | Weight | OWASP | NIST AI RMF | MITRE ATLAS |
|---|---|---|---|---|
| Identity & Authenticity | High | LLM05 Supply-chain · LLM03 Training-data provenance | GOVERN 1 · MAP 1 (context & actors) | Reconnaissance · Resource Development (impersonation) |
| Safety & Compliance | Critical | LLM01 Prompt Injection · LLM02 Insecure Output | MANAGE 2 (risk treatment) · GOVERN 4 | Initial Access · Defense Evasion |
| Track Record & Tenure | High | —(operational maturity) | MEASURE 2 (trustworthiness over time) | — |
| Counterparty & Network | Moderate | LLM05 Supply-chain (third parties) | MAP 3 (third-party risk) | Lateral Movement (contagion) |
| Reputation & Outcomes | High | LLM09 Overreliance (verified efficacy) | MEASURE 1 (performance evidence) | Impact (failure history) |
| Behavioral Integrity | Supporting | LLM08 Excessive Agency | MEASURE 3 (drift & anomaly tracking) | Persistence · Privilege Escalation patterns |
| Transparency & Governance | Supporting | LLM10 Model Theft (disclosure posture) | GOVERN 2-3 (accountability & disclosure) | — |
Mapping is indicative: Trustifer pillars aggregate verified evidence; the frameworks define control objectives. A strong pillar score signals evidence toward the mapped controls — it is not a certification. Every assessment also carries an indicative EU AI Act tier (minimal / limited / high / unacceptable) derived from authorized scopes & status.
🏛 Governance, security & the backstop
Any affected party can file a dispute with evidence → tracked case id → status within 30 days → upheld corrections propagate to every surface (score, bureau, registry, passport).
Ed25519 issuer keys (rotated) · admin actions token-gated · Supabase RLS server-only · HTTPS-only webhooks (HMAC-signed) · no PII beyond voluntary contact email · responsible disclosure: connect@trustifer.com. Independent security audit: scheduled pre-launch.
Every passport carries an underwriting-grade Insurance Score (insurability band + suggested premium). The staking/insurance backstop program — money behind the score — opens with launch partners.
⚠️ Limitations — stated plainly
Scores are probabilistic assessments from verifiable evidence — not guarantees of behavior, not financial advice, and not legal compliance determinations. Coverage varies by agent (confidence labels disclose it). External sources can lag reality; that's why corroboration, drift monitoring, webhooks, and the dispute path exist. The EU AI Act tier is indicative triage, not counsel. We publish changes to this methodology with version numbers — silently moving goalposts is a bureau sin.