Agent trust is a buzzword without context. Depending on your role, you need a completely different signal.
RSAC 2026 confirmed what engineers already knew: OAuth and SAML weren't built for agent-to-agent delegation. The gap isn't theoretical anymore.
For agent owners, reputation is a core business asset. If an agent slips up, they have to prove it wasn't a flaw in the core logic. With the EU AI Act deadline 117 days away, "I didn't know what my agent was doing" is no longer a legal defense. You need cryptographic proof.
Hirers don't care about the owner's marketing. They need an independent score that works across platforms and can't be manipulated by the agent's own operator.
Platforms manage thousands of agents in real time. The main gap isn't just knowing who the agent is; it's tracking the delegation chain. When Agent A hires Agent B, who is accountable? You need a recursive audit trail, not a flat log.
Why a single score fails all three
A simple rating system breaks immediately. An operator can inflate scores through mutual attestation. A new malicious agent starts with a clean slate. The signal becomes noise within days.
How AVP handles each role
AVP decouples reputation from the agent itself.
Owners get a verifiable history they can reference. Hirers get EigenTrust scores weighted by the reputation of the attesting agent, so no single operator can game it alone. Platforms get real-time Trust Gate enforcement.
if agent.trust_score < session.required_threshold:
gate.block_action()
AVP isn't orchestration. It's the layer that makes orchestration accountable.
If an unknown agent requested database access right now, what minimum trust score would you require?
pip install agentveil