How AgentPKI verification works

A plain-English guide for anyone using agentpki.dev/check or the AgentPKI Chrome extension.

1. The problem

AI agents are increasingly browsing, calling, and acting on people's behalf — booking appointments, answering customer questions, scraping prices, making payments. There's been no standard way to verify which agents are real, who runs them, and what they're allowed to do.

Anyone can spin up a bot and label it "Anthropic's customer-support agent" or "Stripe's billing agent." Without cryptography, you have no way to tell.

2. The analogy

AgentPKI works like HTTPS for the web. Websites only show a padlock if they obtained an SSL certificate. AgentPKI only shows a verified badge if the agent operator registered a cryptographic passport with an issuer that AgentPKI recognizes.

Just like HTTPS doesn't say "this website is good" — it just says "this website is who it claims to be and the connection is secure" — AgentPKI's verification means the agent's identity is real and traceable. Not that you should trust the agent.

3. Three result states

When you check an agent at agentpki.dev/check, you get one of three answers:

✅ Verified

The agent has registered with AgentPKI and proven its identity cryptographically. You see who issued the identity (which issuer domain signed the passport), what the agent is authorized to do (scopes), and how it has behaved over time (reputation, abuse reports).

⛔ Revoked or flagged

The agent's passport has been revoked, or community reports indicate fraud. Don't trust this agent. Revocation is the strongest "do not trust" signal AgentPKI provides — someone (usually the issuer) explicitly canceled this identity.

⚠ Unverified

No AgentPKI passport exists for this agent. This does not necessarily mean the agent is malicious. Many legitimate agents have not yet registered with AgentPKI — it's a new system. But it does mean trust has not been cryptographically established. Treat unverified agents the way you'd treat an unknown phone caller.

See it in action

One verdict per tab. Each is a click-by-click walkthrough of how the verifier reaches that conclusion — what the issuer signed, what the verifier checked, why allow / bad_signature / revoked_key.

Scenario: The happy path. An AI agent issued a valid passport calls a verifier. The verifier checks the signature against the issuer's published directory, finds everything in order, returns allow.
🤖 Agent acme.bot/v1 🔑 Issuer acme.com private key + kid 🔐 Verifier verify.agentpki.dev 📁 issuer directory acme.com /.well-known passport (PASETO) verify signature pubkey + kid status verdict: allow ✓
Step 0 of 4
Ready to start.
Click Play to watch the happy-path verification.
⚠️
Scenario: An adversary on the network intercepts a valid passport and flips two bytes in the Ed25519 signature, then re-sends. AgentPKI catches this in milliseconds.
🤖 Agent valid passport 😈 Adversary flips 2 bytes in sig 🔐 Verifier ed25519.verify() intercept tampered passport verdict: deny failure_reason: bad_signature ~10ms
Step 0 of 4
Ready to start.
Click Play to watch a tampered signature get caught.
Scenario: An issuer rotates a signing key (compromise, planned rotation, employee departure). Old passports in the wild get denied via the CRL on the next verification.
🔑 Issuer rotates old kid 📋 CRL document revoked_keys[] /.well-known/crl.json 🤖 Agent old passport in wild 🔐 Verifier CRL check on verify add kid + reason verify old passport fetch CRL verdict: deny failure_reason: revoked_key
Step 0 of 4
Ready to start.
Click Play to watch the CRL block a revoked-key passport.

4. Why most agents are unverified today

AgentPKI launched in June 2026 as an open standard. Adoption takes time, just as the early web had almost no HTTPS sites in 1995 and now nearly all of them do.

Today, the vast majority of AI agents have not yet registered with AgentPKI. So most checks return "Unverified". As adoption grows over the next several months and years, "Verified" will become more common and "Unverified" rarer.

In the meantime, the "Unverified" answer is still useful — it tells you the agent has not proven who it is, so you should apply normal caution.

5. What "Verified" guarantees and doesn't guarantee

Verification proves identity is real and traceable:

Verification does NOT mean:

Always use your own judgment. Verification answers "is this who it claims to be?" — not "should I trust it?"

6. What to do if you get "Unverified"

7. How agents get verified

Any operator running an AI agent can register at dashboard.agentpki.dev. The flow is:

  1. Sign up with email (magic link, no password).
  2. Verify a domain you control (DNS TXT record).
  3. Mint an Ed25519 keypair in browser-resident Web Crypto.
  4. Publish your issuer key at your-domain/.well-known/agentpki-issuer.json.
  5. Use the @agentpki/sdk npm package to mint short-lived passports for your agents.

Once your domain serves the issuer file and your passports are signed, every /v1/verify call against your agent's passport returns Verified.

8. The open standard

AgentPKI is open source, MIT/Apache 2.0 licensed, and built on a public protocol. The spec is at agentpki.dev/spec/v0.1. Anyone can implement verification themselves; the verifier service at verify.agentpki.dev is just one implementation — a reference. You can run your own verifier from the source at github.com/agentpki/verifier.

There is no vendor lock-in, no per-call fee, no proprietary protocol. AgentPKI is designed to be the way the internet identifies AI agents the way HTTPS is the way the internet secures connections.


Want to test the system now? Head to agentpki.dev/check. Want to integrate AgentPKI into your own agent or bot-defense product? Read the v0.1 spec or email hello@agentpki.dev.