AgentSign – Zero trust cryptographic identity and signing for AI agents

Summary: AgentSign is an open-source zero trust engine that assigns cryptographic passports to AI agents, enabling offline identity verification and trust scoring before granting access to MCP tools. It enforces identity, trust, and pipeline stage checks to allow or deny agent actions, providing a native identity layer for autonomous agents.

What it does

AgentSign issues self-contained signed JSON passports to agents, which they present before accessing tools. It verifies identity, trust score (0-100), and pipeline stage, returning ALLOW or DENY. The system supports identity pipelines, execution chains with tamper-proof input/output signing, swarm revocation, and hardware security module integration.

Who it's for

It is designed for developers and organizations building autonomous AI agents that require secure, verifiable identity and trust management within multi-agent or MCP ecosystems.

Why it matters

AgentSign addresses the lack of a standard identity layer for AI agents, enabling verification of agent actions and revocation capabilities to improve security and trust in autonomous workflows.