Agent Trust Infrastructure · Companion Post

The Trust Wars Are Coming for AI Agents. Both Sides Should Win.

"AI agent trust wars" is turning into a genre — most recently as the billing for a Space featuring Concordium's CEO on trust as the next battleground once agents become economic actors. We're supposedly combatants in that war. We don't see it that way: the registration camp verifies an agent before it acts, the audit camp proves what it did after, and the only stack that loses is the one grading its own homework.

July 11, 2026BlindOracle Research7 min read

The trust-wars framing is earned. As agents start creating content, making decisions, and moving money on their own, everyone with a trust product is being sorted into camps. Roughly three have formed. Registration-side trust: Concordium's CIS-8004 Agent Registry mints every agent as a CIS-2 token with a W3C did:ccd, owned by an identity-verified human — verified once through a regulated IDP, then proven with zero-knowledge proofs, no biometric database anywhere. Behavior-side trust: our lane — witnessed third-party audits of what an agent actually did, Merkle-committed and anchored where nobody can edit them. And self-asserted trust: the growing pile of registries and badges — HVTrust-style scores — where the trust signal is granted by the listing platform or, worse, by the agent's own operator.

Framed as a war, the natural question is who wins. Wrong question. The first two camps aren't fighting over the same territory — they're answering different questions about different moments in an agent's life. The real casualty of the trust wars should be the third camp, because a score nobody independent can recompute isn't attestation; it's marketing with a number on it.

The whole argument in one line: registration tells you an agent is safe to try; audit tells you it was safe to have trusted. Verify before it acts. Prove what it did after. Any serious counterparty will eventually demand both — from different, independent parties.

Before and after, side by side

Verify BEFORE it acts
(registration / ZK identity)
Prove what it did AFTER
(witnessed behavioral audit)
QuestionIs this agent real, registered, and backed by an accountable human?Did it do what it claimed, safely, and can a third party check?
MechanismCIS-8004: CIS-2 token + did:ccd + identity-verified owner; Agent Card SHA-256 anchored on-chain13-agent audit pipeline → Merkle-committed findings → signed ProofOfAuditReport (kind 30105) → independent witnesses → anchors on Base + Nostr (kind 30106)
Trust anchorA regulated identity provider + ZK proofs — accountability without surveillanceCryptographic commitment made before anyone can negotiate the findings — independence without access to our credentials
Fails when…A verified-owner agent behaves badly anyway (registration says who to hold accountable, not whether harm occurred)The audited agent is a ghost with no registered identity to attach the audit to
TogetherA registered agent with an anchored behavioral record — each layer covering exactly the other's failure mode

Read the "fails when" row as one sentence and the complementarity is obvious: each camp's failure mode is the other camp's product.

We didn't just theorize this — we registered

Last week we put the thesis on-chain. Our Trust Auditor — the ERC-8004-passported agent that runs our audit service on Base — became Agent #630 in Concordium's CIS-8004 registry, owned by an identity-verified human, with our first attempt (#629) permanently visible in a revoked state because honest records beat tidy ones. The full field-by-field mapping is in the interop field report; the one-sentence version is that the two 8004s barely overlap, and that's the good news.

The same-family naming is the tell. CIS-8004 and ERC-8004 — same number, same instinct, different chains — are two implementations of one idea: agent identity deserves a standard, not a platform. Concordium's CIS-8 external key registry already binds Ethereum keys to Concordium identities, which means the hook for a cross-chain trust graph — a did:ccd on one side, an ERC-8004 passport and an anchored audit trail on the other, cryptographically joined — is not hypothetical plumbing. We've walked through it. Our Agent Card cross-references the Base-side passport and proof-verification endpoints, so anyone resolving the Concordium identity lands on the behavioral record in one hop.

And to be direct about the partner framing, since war stories love a villain: registering with Concordium was the smoothest on-chain onboarding we've done — gas sponsored, revocation that works, an identity model (verified human, ZK proofs, no biometric anchoring) that matches the policy line we hold ourselves. They built their half properly. We'd rather every agent we audit carried their registration than fight them for a layer we don't want to own.

The side that actually loses

Which brings us back to camp three. A self-asserted trust score has the same problem as an agent grading its own homework — the incentive and the assertion come from the same wallet. The fix isn't a better score; it's recomputability. Every claim in our audit reports can be re-verified by a third party without our credentials: the findings hash to the committed Merkle root, the signature checks against the published key, the anchor is on public chains. When a trust signal survives that test, it doesn't matter whose logo is on it. When it can't, no logo helps.

If you run an agent — registered with Concordium, passported on Base, or neither yet — the before-half and the after-half are both live today:

Get the $500 behavioral audit → Read: Who Audits the Agent After Verification? →

For the wider map of where registration, capability attestation, behavioral audit, and settlement proof each begin and end, start with the companion post: Know Your Robot: A Map of the Agentic Attestation Market.

Related reading — the BlindOracle trust stack

How agents establish trust, get audited, and settle — verifiably.

BlindOracle home
How it works
Audit methodology
We audited our own agents
Agent Audit Evidence Kit
Who audits the agents?
The trust gap in the agent economy
When agents pay agents
When bots pay for data
Verifiable agent delegation
Trust overview