Show HN: AgentSign – Open-source zero trust engine for AI agents
Posted by AskCarX 6 hours ago
Hi HN. This week Meta acquired Moltbook (agent social network), OpenAI acquired Promptfoo (agent testing), and Mandiant's founder raised $190M for Armadin. Agent infrastructure is clearly where things are heading.
We built AgentSign -- a zero trust engine for AI agents. The problem: agents are operating without any identity infrastructure. Moltbook went viral for fake posts because there was zero verification on who or what was posting.
AgentSign gives every agent a cryptographic identity certificate, signs every action into an execution chain, and runs runtime code attestation before anything executes. There's also an MCP Trust Layer for agent-to-MCP server verification, and a Stripe-powered Trust Gate for agent payments.
5 subsystems: identity certs, execution chain verification, runtime code attestation, output tamper detection, and cryptographic trust scoring.
Free and open source. Built in London.
SDK: https://github.com/razashariff/agentsign-sdk
Happy to answer questions.
Comments
Comment by dhblumenfeld1 3 hours ago
Might be worth checking this out: https://www.8004.org/ it's more crypto specific but trying to tackle the problem of verifying an agent cross platforms.
Comment by socialinteldev 4 hours ago
the mcp trust layer is the interesting piece: are you signing each mcp tool call in the chain, or just the agent at initialization? the attack surface shifts a lot depending on when attestation happens relative to the tool call
also curious about the stripe trust gate vs x402 for payment verification -- stripe adds human account overhead; x402 lets agents pay autonomously with on-chain settlement and no human intermediary to impersonate. seems like a better fit for zero-trust agent interactions