Author: Don Johnson, co-author of ERC-8126

Translation: Deep Tide TechFlow

Deep Tide Guide: AI Agents are already managing wallets, sending transactions, and deploying code, but users have no standardized way to verify whether an Agent is safe or not. ERC-8126 aims to fill this gap. It builds on the ERC-8004 identity registration, defining five layers of verification (tokens, media content, code, web endpoints, wallets), using zero-knowledge proofs to protect privacy, and ultimately outputs a unified risk score from 0 to 100. The author Don Johnson is a co-author of this standard, from the Virtuals Protocol ecosystem.

Introduction to ERC-8126: The verification layer for AI Agents.

Specification address: https://eips.ethereum.org/EIPS/eip-8126

The authors are Leigh Cronian and Chris Johnson, with participation from Cybercentry and Virtuals Protocol.

AI Agents are rapidly becoming participants in the digital economy. They deploy code, execute transactions, manage wallets, interact with users, and are increasingly collaborating with other Agents. But there is one unresolved issue: we have mature systems to verify people, businesses, websites, and software, but we have never had a common framework to verify AI Agents.

ERC-8126 is built on the Agent registration mechanism of ERC-8004, introducing a standardized verification framework. AI Agents can prove their trustworthiness through independent verification service providers, while also using zero-knowledge proofs to protect privacy.

Question: Why do you trust an Agent?

User methods to judge whether an AI Agent is trustworthy have always been very limited. Some seemingly simple questions often have no clear answers:

• Is this Agent running on secure infrastructure?
• Has its code been audited?
• Does it really control the wallet it claims to control?
• Are the tokens it is associated with legitimate?
• Is the content it publishes authentic?
• Has it been breached?

Existing solutions are scattered, inconsistent, and mostly rely on reputation. When Agents start managing larger amounts of funds, autonomously executing more transactions, and integrating with critical systems, reputation alone cannot sustain it. The entire ecosystem needs a common verification framework.

What is ERC-8126?

ERC-8126 defines a standardized verification interface for AI Agents registered through ERC-8004. It does not establish a single verification authority, but allows for the formation of a market comprised of specialized verification service providers. Each service provider can perform assessments in their own way, but the resulting attestations are interoperable, and applications, markets, wallets, and various Agent ecosystems can directly consume these results. The result is a portable verification layer for AI Agents.

Verification service providers directly parse Agent metadata from the ERC-8004 identity registry, then perform a series of specialized verifications. The results can be transformed into privacy-protected attestations, published in the validation registry of ERC-8004, forming discoverable and verifiable signals across the ecosystem.

Five Layers of Verification

Ethereum Token Verification (ETV)

When the Agent metadata includes a contract address, ETV is responsible for verifying the legality and security of this smart contract. The service provider confirms through calling eth_getCode that the contract is indeed deployed on the corresponding chain, the returned bytecode is non-empty, and checks against known vulnerability patterns. The Agent may be associated with tokens, contracts, staking mechanisms, or other on-chain systems; if the contract does not exist, is fraudulently misrepresented, or has obvious vulnerabilities, users and other Agents need to be aware of these before interaction. ETV helps confirm whether the Agent has a legitimate on-chain footprint, allowing users to understand the economic basis supporting this Agent.

Media Content Verification (MCV)

MCV verifies the authenticity, source, and integrity of the media associated with the Agent. As Agents increasingly appear in public, media becomes part of their identity: avatars, generated content, branded materials, and publicly released content all affect user trust. MCV checks for signs of tampering, synthetic media, deepfakes, embedded metadata, digital watermarks, steganographic payloads, and digital signatures, and can also integrate with mature content authenticity frameworks like C2PA. The realism of AI-generated content makes authenticity verification more crucial.

Solidity Code Verification (SCV)

When the parsed metadata includes Solidity code, SCV verifies the legality and security of the code. The service provider will confirm that the code corresponds to the bytecode deployed on-chain and check for common vulnerabilities such as reentrancy attacks, unsafe external calls, and flash loan attack patterns. The Agent may operate smart contracts itself or interact with contracts during service; once bound to vulnerable code, the risk can directly affect users, assets, and other Agents. SCV provides a standard approach to assessing smart contract security at the Agent level for the ecosystem.

Web Application Verification (WAV)

WAV checks whether the Agent's web endpoints are accessible and secure. Agents typically expose web interfaces, APIs, dashboards, or various endpoints, all of which are attack surfaces. A compromised URL can phishing users, distribute malicious content, and manipulate Agent behaviors. WAV verifies HTTPS endpoint responses, SSL certificate validity, and checks for common web security vulnerabilities, recommending adherence to established frameworks like the OWASP Web Security Testing Guidelines. Many users' first encounter with an Agent is through its website, well before checking wallets or contracts. The website is the gateway, and WAV assesses whether that gate is secure.

Wallet Verification (WV)

WV confirms wallet ownership and evaluates the on-chain risk profile of the Agent's wallet. The service provider reviews the wallet's transaction history, assesses it against threat intelligence databases, and identifies wallets associated with malicious behavior, suspicious activities, scams, or compromised infrastructures. The Agent's wallet is one of the most critical parts of the Agent's identity; it may control funds, sign messages, authorize tasks, receive payments, and interact with other Agents. If a wallet is high risk, the Agent is high risk. WV provides users and systems with a standardized assessment method.

Privacy: Zero-Knowledge Proofs

Verification often requires access to sensitive information: source code, infrastructure details, proprietary data, operational systems, security configurations. Institutions are understandably reluctant to disclose such data.

ERC-8126 resolves this contradiction using Private Data Verification (PDV) combined with zero-knowledge proofs. Verification service providers can review sensitive information, complete analyses, and then generate cryptographic proofs to confirm conclusions without exposing the underlying data. This means an Agent can prove it has passed a security audit without revealing any confidential infrastructure or proprietary information. Verification strength increases while privacy remains intact.

Unified Risk Score: 0 to 100

Each applicable verification type returns a score from 0 to 100, and the overall risk score is the average of these scores. The standard defines clear risk gradations:

• Low Risk: 0-20
• Moderate: 21-40
• Somewhat High: 41-60
• High Risk: 61-80
• Critical: 81-100

This scoring model makes the verification results easy to interpret: different Agents can be directly compared, risk classifications are consistent, trusted signals can be used directly for decision-making, and interoperability across platforms is enabled. Applications can also display individual scores for each category, allowing users to see exactly where the risks lie.

Quantum-Resistant Encryption: Optional

ERC-8126 also introduces optional Quantum-Resistant Verification (QCV). With advancements in quantum computing, traditional encryption systems may face new security challenges in the future. QCV provides an optional framework for service providers to encrypt sensitive verification records with quantum-resistant solutions, ensuring the long-term security of verification data. Today it is optional, but it represents the design intention of ERC-8126: the verification infrastructure must evolve with technology.

Open Verification Market

ERC-8126 deliberately separates verification standards from specific implementations. There is no centralized authority; any service provider can implement verification services that comply with the standards.

This design fosters competition among service providers, specialization, geographic flexibility, better pricing, and ongoing innovation. Just as multiple certificate authorities collectively support the security of the web, multiple verification service providers can ensure a healthier and more resilient Agent ecosystem.

The Missing Layer

The industry has spent several years building the infrastructure that allows Agents to "exist"; what is now needed is infrastructure that makes Agents "verifiable." Having identity is not enough. An Agent can have a name, a wallet, an on-chain identity, but still operate in an unsafe manner. It can execute transactions, interact with users, and even generate income, while exposing users to hidden risks. Verification must become a first-class citizen; this is the role of ERC-8126.

Standardized verification, portable attestations, privacy-protected proofs, transparent risk scores—all these elements together make "trust" itself interoperable. An Agent that has completed verification in one ecosystem can carry that trust signal into another ecosystem. The market can assess an Agent without needing to redo the entire verification process. Users do not need to understand every technical detail in order to make informed decisions.

Identity, Verification, Business: The Three Components

The next generation of the internet will not only be driven by humans; more and more autonomous software Agents will act on behalf of individuals, organizations, protocols, and other Agents. They will negotiate agreements, manage assets, purchase services, deploy software, and collaborate at scales unattainable by human organizations. Supporting this future requires three layers of infrastructure:

• Identity: ERC-8004 provides portable on-chain Agent registration
• Verification: ERC-8126 provides a trust layer, allowing participants to assess risks, verify authenticity, and interact confidently
• Business: ERC-8183 establishes standards for economic activities between Agents

These three standards together transform Agents from isolated software programs into participants in a shared economic network. No single company owns these layers; they belong to the entire ecosystem.

Why We Participate

As developers of Agent infrastructure, the contributors to this standard have repeatedly encountered the same gap: Agents can register identities, can transact, can collaborate, but the most basic question users ask has no common answer: Can I verify this Agent?

The answer to this question should not belong to any single company. Verification infrastructure is only effective when it is neutral, open, and independently verifiable. Thus, ERC-8126 is an open standard, not a proprietary product. Anyone can implement it; any service provider can offer verification services based on it, and any application can consume the attestations it produces.

Towards a "Verifiable Agent Economy"

The most successful digital economies in history have been built on trust. People trust websites because of HTTPS, trust software because of code signatures, and trust businesses because of reputation systems and verification frameworks. The Agent economy needs its own verification infrastructure. The reason is not that Agents are inherently dangerous, but that trust can amplify opportunities: users are more willing to interact with Agents they can verify; businesses are more willing to deploy when they can assess risks; Agents can mutually verify each other, enabling a whole new form of autonomous collaboration.

The goal of ERC-8126 is straightforward: to make verification programmable. Without relying on centralized authorities or a single verification service provider, but instead fostering an ecosystem of verification services using an open standard. Before Agents can transact with the world, the world needs to be able to verify these Agents.

Next Steps

ERC-8126 is an open standard, and developers are welcome to integrate the verification standard into their own Agents: parse ERC-8004 metadata, and start publishing attestations today.

Verification Service Providers: Implement compliance verification services covering ETV, MCV, SCV, WAV, WV, and publish zero-knowledge proof-based PDV attestations through your chosen market.

Protocols, markets, and wallets: Integrate ERC-8126 to display verification results and unified risk scores for each Agent.

Read the full specification: ERC-8126