Introducing ERC-8126: The Verification Layer for AI Agents.

Specification Address: https://eips.ethereum.org/EIPS/eip-8126

Authored by Leigh Cronian and Chris Johnson, with contributions from Cybercentry and Virtuals Protocol.

AI Agents are rapidly becoming active participants in the digital economy. They deploy code, execute transactions, manage wallets, interact with users, and increasingly collaborate with other Agents. Yet one persistent issue remains unresolved: while we have mature systems to verify individuals, enterprises, websites, and software, there has never been a standardized framework to verify AI Agents.

ERC-8126 builds upon the Agent registration mechanism defined in ERC-8004, introducing a standardized verification framework. AI Agents can prove their trustworthiness through independent verification service providers, while leveraging zero-knowledge proofs (ZKPs) to preserve privacy.

The Problem: Why Should You Trust an Agent?

Users have long had limited means to assess the trustworthiness of an AI Agent. Simple questions often lack clear answers:

Existing solutions are fragmented, inconsistent, and largely reliant on reputation. As Agents begin managing larger capital pools, autonomously executing more transactions, and integrating with critical systems, reputation alone is no longer sufficient. The ecosystem requires a shared, standardized verification framework.

What Is ERC-8126?

ERC-8126 defines a standardized verification interface for AI Agents registered via ERC-8004. It does not establish a single centralized authority but instead enables a market of specialized verification service providers. Each provider may use its own methodology for assessment, yet the resulting attestations are interoperable—consumable directly by applications, markets, wallets, and various Agent ecosystems. This creates a portable verification layer for AI Agents.

Verification service providers directly parse Agent metadata from the ERC-8004 identity registry, then perform a series of specialized verifications. Results can be transformed into privacy-preserving attestations, published to the ERC-8004 verification registry, and become discoverable, verifiable signals across the ecosystem.

Five Layers of Verification

When Agent metadata includes a contract address, ETV (External Token Verification) validates the legitimacy and security of the smart contract. Providers confirm the contract’s presence on-chain via eth_getCode, ensure non-empty bytecode, and check against known vulnerability patterns. Agents may be linked to tokens, contracts, staking mechanisms, or other on-chain systems; if the contract is missing, misrepresented, or contains obvious flaws, users and other Agents must know before interacting. ETV helps confirm whether an Agent has a legitimate on-chain footprint, enabling users to understand the economic foundation supporting the Agent.

MCV (Media Consistency Verification) validates the authenticity, provenance, and integrity of media associated with the Agent. As Agents appear more frequently in public view, media becomes part of their identity: avatars, generated content, brand assets, publicly published materials—all influence user trust. MCV checks for tampering traces, synthetic media, deepfakes, embedded metadata, digital watermarks, steganographic payloads, and digital signatures, and can integrate mature frameworks like C2PA for content authenticity. As AI-generated content grows increasingly realistic, verifying authenticity becomes crucial.

When parsed metadata includes Solidity source code, SCV (Smart Contract Verification) validates the code’s legitimacy and security. Providers verify that the code matches the deployed bytecode on-chain and check for common vulnerabilities such as reentrancy attacks, unsafe external calls, and flash loan attack patterns. An Agent may operate its own smart contracts or interact with them during service delivery; if tied to vulnerable code, risks directly propagate to users, assets, and other Agents. SCV provides a standardized method at the Agent level to assess smart contract security signals.

WAV (Web Endpoint Verification) checks the accessibility and security of an Agent’s web endpoints. Agents typically expose web interfaces, APIs, dashboards, or various endpoints—each representing an attack surface. A compromised URL can phish users, distribute malicious content, or manipulate Agent behavior. WAV verifies HTTPS endpoint responses, SSL certificate validity, and identifies common web security vulnerabilities, recommending adherence to established frameworks such as OWASP Web Security Testing Guide. For many users, the first point of contact with an Agent is its website—well before checking wallets or contracts. The website is the gate; WAV determines whether that gate is secure.

WV (Wallet Verification) confirms wallet ownership and assesses the on-chain risk profile of the Agent’s wallet. Providers analyze transaction history and cross-reference it with threat intelligence databases to identify wallets associated with malicious activity, suspicious behavior, scams, or compromised infrastructure. An Agent’s wallet is one of the most critical components of its identity—it may control funds, sign messages, authorize tasks, receive payments, and interact with other Agents. High-risk wallets imply high-risk Agents. WV offers users and systems a standardized evaluation method.

Privacy: Zero-Knowledge Proofs

Verification often requires access to sensitive information: source code, infrastructure details, proprietary data, operational systems, security configurations. Institutions understandably resist disclosing these, and rightly so.

ERC-8126 resolves this tension using Private Data Verification (PDV) combined with zero-knowledge proofs (ZKPs). Verification providers can review sensitive data, complete analysis, and generate cryptographic proofs confirming conclusions—without exposing underlying data. In other words, an Agent can prove it has passed a security audit without revealing any confidential infrastructure or proprietary information. Verification strength increases while privacy remains intact.

Unified Risk Scoring: 0 to 100

Each applicable verification type returns a score from 0 to 100. The overall risk score is the average of all applicable scores. The standard defines clear risk tiers:

This scoring model makes verification results easy to interpret: different Agents can be directly compared, risk classifications remain consistent, trust signals can be used directly for decision-making, and inter-operability across platforms is enabled. Applications can also display individual scores per category, allowing users to pinpoint where specific risks lie.

Quantum-Resistant Cryptography: Optional

ERC-8126 also introduces optional Quantum-Resistant Verification (QCV). As quantum computing advances, traditional cryptographic systems may face new security threats. QCV provides an optional framework enabling service providers to encrypt sensitive verification records using quantum-resistant algorithms, ensuring long-term data security. While currently optional, QCV reflects the forward-looking design philosophy of ERC-8126: the verification infrastructure must evolve alongside emerging technologies.

An Open Verification Market

ERC-8126 deliberately separates verification standards from implementation. There is no central authority—any service provider can implement a compliant verification service.

This design fosters competition among service providers, specialization, geographic flexibility, better pricing, and continuous innovation. Just as multiple Certificate Authorities collectively underpin web security, multiple verification providers can make the Agent ecosystem healthier and more resilient.

The Missing Layer

The industry has spent years building the infrastructure for Agents to “exist.” Now, what’s needed is infrastructure for Agents to be “verifiable.” Having identity is not enough. An Agent may have a name, a wallet, and on-chain identity—but still operate in insecure ways. It can execute transactions, interact with users, even generate revenue, while exposing users to hidden risks. Verification must become a first-class citizen—this is the role ERC-8126 plays.

Standardized verification, portable attestations, privacy-preserving proofs, and transparent risk scoring collectively make “trust” itself interoperable. An Agent verified in one ecosystem can carry its trust signal to another. Markets evaluating an Agent don’t need to repeat the entire verification process. Users don’t need to understand every technical detail to make informed decisions.

Identity, Verification, and Commerce: The Triad

The next generation of the internet will not be driven solely by humans. Increasingly, autonomous software Agents will act on behalf of individuals, organizations, protocols, and other Agents. They will negotiate agreements, manage assets, purchase services, deploy software, and collaborate at scales unattainable by human organizations. Supporting this future requires three foundational layers:

Together, these three standards transform Agents from isolated software programs into participants in a shared economic network. No single company owns these layers—they belong to the entire ecosystem.

Why We Contributed

As developers building Agent infrastructure, contributors repeatedly encountered the same gap: Agents could register identities, transact, and collaborate—but users had no common answer to the fundamental question: Can I verify this Agent?

The answer to this question should not belong to any single company. Verification infrastructure only works when it is neutral, open, and independently verifiable. Thus, ERC-8126 is an open standard, not a proprietary product. Anyone can implement it; any service provider can offer verification services based on it; any application can consume the attestations it produces.

Towards a “Verifiable Agent Economy”

Historically, the most successful digital economies have been built on trust. People trust websites because of HTTPS, trust software because of code signing, and trust enterprises because of reputation systems and verification frameworks. The Agent economy needs its own verification infrastructure—not because Agents are inherently dangerous, but because trust amplifies opportunity: users are more willing to interact with an Agent they can verify; enterprises are more willing to deploy Agents they can assess; Agents can mutually verify each other, enabling entirely new forms of autonomous collaboration.

The goal of ERC-8126 is straightforward: make verification programmable. Not through centralized authorities or single service providers, but through an open standard that catalyzes a vibrant ecosystem of verification services. Before Agents trade with the world, the world must first be able to verify them.

Next Steps

ERC-8126 is an open standard. Developers are encouraged to integrate verification standards into their Agents: parse ERC-8004 metadata and start issuing attestations today.

Verification Service Providers: Implement compliant verification services covering ETV, MCV, SCV, WAV, and WV, and publish ZKP-based PDV attestations via your chosen marketplace.

Protocols, Markets, and Wallets: Integrate ERC-8126 to display verification results and unified risk scores for every Agent.

Read the full specification: ERC-8126

Authors: DonJohnson, co-author of ERC-8126; Translation: DeepTide TechFlow