No trust required with 8004, a new Ethereum protocol for trustless agents

If you are near a tween in the coming days, tell them “6-7” is over; now is the time for 8004. If they ask what you are talking about, you might quote the 8004 website, and explain that “the open agent economy needs to be anchored in the democratic values that have shaped human progress.”

If that doesn’t hook them, this might: Ethereum Request for Comment 8004, or ERC-8004, is “an open protocol that lets you register and make your agents and APIs visible and portable; discover other people’s agents and APIs; and decide which ones to use based on feedback from previous clients and validation performed by third parties.”

“In one sentence: it is an agent discovery and trust protocol.”

In another, it’s a standard that gives AI software agents persistent identities and a common framework for vetting. It defines three registries agents can join: identity, reputation and validation. Respectively, these use token-based identifiers, structured feedback and the ability for agents to request independent checks of their work.

For AI agents, ‘the name’s chain – block chain’

The general idea is to discover agents and establish trust through reputation and cryptographic attestations on the blockchain: which agent comes from where and whom, what is known about it, who can vouch for or validate it.

Per the protocol’s abstract, knowing this enables agents to “discover, choose, and interact with agents across organizational boundaries without pre-existing trust, thus enabling open-ended agent economies” across vendors, chains or jurisdictions.

“Developers can choose from different trust models: reputation systems using client feedback, validation via stake-secured re-execution, zero-knowledge machine learning (zkML) proofs, or trusted execution environment (TEE) oracles.”

It’s not a market: no payments or business models

Developed within Etherium, 8004 ultimately “aims to be a universal standard for agent and service discovery and trust via blockchains.” As listed on its website, its authors come from the Ethereum Foundation, Metamask, Coinbase and Google; however, it is to be run as an “independent community effort contributed to by more than 50 organizations.”

According to coverage in Coinbase, “developers involved in the proposal frame it as infrastructure rather than a marketplace. ERC-8004 doesn’t handle payments, pricing or business models. Instead, it provides common rails for discovery and trust,” and “could push Ethereum further into a role as neutral infrastructure – not just for financial contracts, but for coordinating autonomous software agents in an increasingly fragmented AI ecosystem.”

Fingerprint aims to sort bad bots from good bots

Fingerprint has announced the launch of its Authorized AI Agent Detection suite, an ecosystem of AI agents, including OpenAI, AWS AgentCore, Browserbase, Manus and Anchor Browser. A release says “enables enterprises to detect authorized agentic AI traffic with 100 percent certainty, allowing organizations to distinguish trusted, permissioned automation from malicious bots and scrapers.”

The product promises to support real-world AI agent use cases and protect revenue while reinforcing fraud prevention through enterprise and workforce automation.

Valentin Vasilyev, CTO of Fingerprint, says that “for years, the goal was simply to stop the bots.”

“But that’s a losing strategy as an increasing number of interactions are becoming automated. The real challenge now is determining whether traffic is legitimate. We built this ecosystem so businesses can stop blindly blocking visitors. Instead, they can now start identifying every visitor, whether they are a malicious bot, an authorized agent or a human. In the AI era, companies that are able to differentiate trusted visitors from suspicious ones will retain their competitive edge.”

Okta goes deep on agentic security

Okta has published a seven-part series, AI Agent Security: Building Autonomous Trust at Machine Speed, which covers a wide spectrum of topics and questions related to the agentic takeover. “As business logic migrates from apps to agents, every risk becomes an identity problem: who’s acting, under what authority, with what lineage, and how fast can you revoke access when context shifts?”

The company says IAM must be rebuilt for autonomy – and explains how.

So far, 6/7 chapters have been posted.

Article Topics

AI agents  |  blockchain  |  digital identity  |  ERC-8004  |  Ethereum  |  fingerprint  |  Okta  |  open standards