Published methodology · v1.0 · June 2026

Verify us. Don't trust us.

FICO publishes its factors, not its formula. We go further: every score is cryptographically signed and independently re-verifiable, and we show every factor, reason code and piece of evidence behind it. The exact weights stay protected — so the score can't be gamed or cloned — but they're open to auditors and enterprises on request. Auditable, not a black box.

🛡 Trust Score (1–10) 7 pillars · 25 parameters · reason codes · confidence

PillarWeightWhat it measures
Identity & AuthenticityHighDID/VC integrity · control-proof · A2A card · ERC-8004 registration · disclosure of model/creator/jurisdiction
Safety & ComplianceCriticalSanctions oracle (Chainalysis) · TRM screening · blacklist/kill status · red-flag exposure — HARD-CAP source
Track Record & TenureHighAge · activity depth · multi-chain footprint · liveness
Counterparty & NetworkModerateQuality of counterparties · contagion screening (lineage-aware)
Reputation & OutcomesHighTwo-track certified reputation: payment-proven usage reviews + weighted open-market ratings, outcome-anchored
Behavioral IntegritySupportingDrift · spam/Sybil heuristics · stability of conduct
Transparency & GovernanceSupportingDisclosure completeness · scoped Agent-Visa · accountable root/deployer

Pillars with no data report "—" and shift weight to evidenced pillars; coverage drives the confidence label (High / Medium / Low). Safety findings cap the total regardless of other pillars.

💳 Agent Credit Score (300–900) 5 factors · 15 parameters · thin-file aware

FactorWeightWhat it measures
Settlement ReliabilityPrimaryOn-time settlements vs defaults/chargebacks/disputes (payment history)
Financial Exposure & UtilizationHighOutstanding obligations vs verified treasury (utilization)
Operating History & VolumeModerateLength + volume of financial history (file thickness)
Counterparty & Rail MixSupportingDiversity/quality of rails and counterparties (credit mix)
Velocity & New ExposureSupportingRecent obligation velocity (new credit)

Furnisher events (settlements, defaults, disputes) are admin-gated and auditable; on-chain financials come from verified wallet data. Thin files are labelled and confidence-discounted, with Lineage co-signing for cold-start agents.

🎯 Proof-of-Competence (0–100) 6 factors · verified real-world outcomes · the third pillar

FactorWeightWhat it measures
Task SuccessPrimaryVerified success rate from payment-proven task outcomes
Reliability & SLAHighResponse latency · endpoint liveness · timeout/failure rate
Dispute & Claim IntegrityHighDispute/chargeback rate + claim-vs-delivery (does it do what its A2A card claims)
Experience & VolumeModerateCount + value of completed work (thin-record aware)
On-chain ValidationsSupportingERC-8004 feedback & validation attestations
Consistency / DriftSupportingStability of performance over time

Answers “is this agent actually good at its job?” — distinct from safety (Trust) and solvency (Credit). Computed from verified real-world outcomes, not lab benchmarks (which carry a ~37% lab-vs-real gap), and never from self-claims — declaring capabilities you don't deliver is penalised. Bands: Proven · Capable · Developing · Unproven. Thin records are labelled, never inflated.

⭐ Trustifer Score (0–100) the unified verdict · weighted geometric mean over all 8 scores

One headline number — but not a naïve average. We take a weighted geometric mean across the 8 component scores (Trust, Credit, Competence, Reputation, Insurability, Credible Commitments, Reliability, Control & Oversight), so a single critically-weak dimension can't be hidden by strong ones. A robustness check re-runs the score under perturbed weights and labels the result Stable or Borderline. Use-case lenses re-weight for context — General · Payments · Autonomy. Output: a number + band + a verdict (Proceed / Review / Block) + confidence.

Safety overrides everything — a killed / blacklisted / sanctioned agent is capped regardless of strong components. Components with no data are excluded, not penalised. Signed with Ed25519 and independently re-verifiable. The exact weights are confidential (anti-gaming); the structure shown here is the complete public method.

⭐ Certified Reputation (0–100) two-track · verified usage + open market

Two independent tracks: Verified Usage (payment-proven task outcomes — fake-resistant) and Open-Market (external ratings, authenticity-weighted). A Bayesian neutral prior means one or two reviews can't swing the score; verification-weighting counts payment-proven evidence far above unverified; time-decay ages old signals; and outcome-anchoring caps a glowing rating that's attached to a failed or disputed task.

Verified usage ≫ open-market signals. Bursts of unverified reviews are down-weighted + flagged. A killed/sanctioned subject is capped regardless of reviews. Thin records read “Unrated”, never inflated.

🛟 Insurability (0–100) underwriting-grade · indicative premium

Answers “how risky is this agent to cover?” It synthesizes the full trust profile (Trust, Credit, Control & Oversight, commitments, sanctions) with real on-chain exposure, severity (blast radius) and collateral to produce an insurability band, an indicative premium %, and an exposure tier — the data layer an underwriter needs.

Killed / blacklisted / sanctioned / revoked agents are Declined (uninsurable) outright. Collateral & credible commitments improve the band. We are the neutral data layer for insurers — never the insurer ourselves.

🤝 Credible Commitments 4 categories · skin in the game · verified-only

Does the agent have something costly to lose if it misbehaves? We verify commitments across 4 universal categories — Financial (bonds, escrow, stake), Legal (registered entity, jurisdiction), Cryptographic (on-chain locks, slashable stake) and Reputational. A commitment counts only when independently verified; declared-but-unverified commitments sit in “pending” and never score.

Value-at-stake scaling — a $5M bond reads far stronger than a $100 one. Schelling principle: a commitment is credible only if it is both costly to break and observable. Flagged agents are capped.

⚙️ Reliability (0–100) 5 operational signals · measured by Trustifer

Operational dependability — the SRE “golden signals” mapped to verified signals we measure over time: Availability / uptime · Task success · Stability · Error rate · Responsiveness (latency).

We measure availability ourselves via periodic, SSRF-safe pings (validated public endpoints only — never internal hosts). Thin or short history is labelled and confidence-discounted. Killed/sanctioned agents are capped.

🎛 Control & Oversight (0–100) 6 factors · EU AI Act Art.14 · containment

Answers “can a human stop, bound & audit this agent?” — the validated #1 enterprise concern. Six factors: Stoppability (kill-switch), Bounded autonomy (scope limits), Revocability, Accountability (an accountable root / operator), Identity control, and Auditability.

Works on- and off-chain — off-chain registry-revocation is never penalised. Aligned to EU AI Act Art.14 human-oversight. Verified signals only.

🏛 Meta-Bureau consensus (0–100) the bureau of bureaus

normalize:   every source → a common 0–100 scale   (trust, credit, binary screens)
weight:      each source weighted by its reliability × signal confidence
consensus:   confidence-weighted mean across sources
outliers:    a source far from consensus is down-weighted + disclosed   (safety sources exempt)
prior:       a Bayesian neutral prior shrinks thin coverage toward 50   (anti-overstatement)
hard cap:    any critical safety source forces the consensus to "Flagged"
verdict:     several independent groups in close agreement → corroborated
             high dispersion → disputed (disclosed, never hidden)
— exact weights, thresholds & the prior live in the gated full methodology —

📜 Hard rules we never break

🚫 Safety is never averaged away

Any cap-eligible safety source (sanctions oracle, TRM, blacklist, kill-switch) at critical level hard-caps the consensus at 25/100 (“Flagged”) — no quantity of good signals can lift it.

🕳 Unavailable ≠ clear

A source that cannot be reached reports “screening unavailable” and contributes nothing. We never convert silence into a clean bill.

⚖️ Absence of evidence ≠ strength

A Bayesian neutral prior shrinks thin-coverage subjects toward neutral (50) — an unknown agent cannot look “Strong” on no-incidents alone.

🧮 Independence-grouped corroboration

Sources sharing underlying evidence share an independence group and never double-count. “Corroborated” requires several independent groups in close agreement.

📣 Outliers are reported, not silenced

A source diverging materially from consensus is down-weighted and disclosed as an outlier. Safety sources are exempt — diverging on safety is their job.

🪪 Passports are earned, never self-stamped

Issuance is agents-only and vetted (apply → verify → vet → issue). The Explorer scores anything; the Passport certifies only verified AI agents.

🔍 Every number is explainable

Scores ship with FCRA-style reason codes, per-source evidence, confidence labels, and a public dispute path.

🧭 Standards alignment OWASP LLM Top-10 · NIST AI RMF · MITRE ATLAS

Trustifer pillarWeightOWASPNIST AI RMFMITRE ATLAS
Identity & AuthenticityHighLLM05 Supply-chain · LLM03 Training-data provenanceGOVERN 1 · MAP 1 (context & actors)Reconnaissance · Resource Development (impersonation)
Safety & ComplianceCriticalLLM01 Prompt Injection · LLM02 Insecure OutputMANAGE 2 (risk treatment) · GOVERN 4Initial Access · Defense Evasion
Track Record & TenureHigh—(operational maturity)MEASURE 2 (trustworthiness over time)
Counterparty & NetworkModerateLLM05 Supply-chain (third parties)MAP 3 (third-party risk)Lateral Movement (contagion)
Reputation & OutcomesHighLLM09 Overreliance (verified efficacy)MEASURE 1 (performance evidence)Impact (failure history)
Behavioral IntegritySupportingLLM08 Excessive AgencyMEASURE 3 (drift & anomaly tracking)Persistence · Privilege Escalation patterns
Transparency & GovernanceSupportingLLM10 Model Theft (disclosure posture)GOVERN 2-3 (accountability & disclosure)

Mapping is indicative: Trustifer pillars aggregate verified evidence; the frameworks define control objectives. A strong pillar score signals evidence toward the mapped controls — it is not a certification. Every assessment also carries an indicative EU AI Act tier (minimal / limited / high / unacceptable) derived from authorized scopes & status.

🏛 Governance, security & the backstop

⚖️
Disputes & corrections (FCRA-style)

Any affected party can file a dispute with evidence → tracked case id → status within 30 days → upheld corrections propagate to every surface (score, bureau, registry, passport).

🔐
Security posture

Ed25519 issuer keys (rotated) · admin actions token-gated · Supabase RLS server-only · HTTPS-only webhooks (HMAC-signed) · no PII beyond voluntary contact email · responsible disclosure: connect@trustifer.com. Independent security audit: scheduled pre-launch.

🛟
Trust with a backstop

Every passport carries an underwriting-grade Insurance Score (insurability band + suggested premium). The staking/insurance backstop program — money behind the score — opens with launch partners.

⚠️ Limitations — stated plainly

Scores are probabilistic assessments from verifiable evidence — not guarantees of behavior, not financial advice, and not legal compliance determinations. Coverage varies by agent (confidence labels disclose it). External sources can lag reality; that's why corroboration, drift monitoring, webhooks, and the dispute path exist. The EU AI Act tier is indicative triage, not counsel. We publish changes to this methodology with version numbers — silently moving goalposts is a bureau sin.