ERC-8126: A New Ethereum Standard for Issuing "Security Health Reports" to AI Agents
- Core Thesis: ERC-8126 proposes a standardized AI Agent verification framework. By utilizing five layers of verification and zero-knowledge proofs for privacy protection, it outputs a unified 0-100 risk score, aiming to establish an interoperable trust layer for the autonomous agent economy.
- Key Elements:
- ERC-8126 builds upon the ERC-8004 identity registry, defining an open, decentralized marketplace for verification service providers, rather than a single authority.
- The verification framework comprises five layers: Token Verification (ETV), Media Content Verification (MCV), Smart Contract Code Verification (SCV), Web Endpoint Verification (WAV), and Wallet Verification (WV).
- It employs zero-knowledge proofs (PDV) for private data verification, allowing an Agent to prove its security without exposing sensitive information such as source code or infrastructure.
- Outputs a unified risk score from 0 to 100 with corresponding grades (Low Risk 0-20, Critical 81-100), facilitating cross-platform comparison and decision-making.
- The standard aims to fill the missing "verifiability" link after an Agent's "existence" is established, forming the infrastructure for the Agent economy alongside ERC-8004 (Identity) and ERC-8183 (Commerce).
Original Author: DonJohnson, Co-author of ERC-8126
Original Translation: TechFlow
Introduction: AI Agents are already managing wallets, sending transactions, and deploying code, but users have no standardized way to verify whether an Agent is secure. ERC-8126 aims to fill this gap. Built upon ERC-8004 identity registration, it defines five layers of verification (Tokens, Media Content, Code, Web Endpoints, Wallets), uses zero-knowledge proofs to protect privacy, and ultimately outputs a unified risk score from 0 to 100. Author DonJohnson is a co-author of this standard, from the Virtuals Protocol ecosystem.
Introducing ERC-8126: The Verification Layer for AI Agents.
Specification Address: https://eips.ethereum.org/EIPS/eip-8126
Authors are Leigh Cronian and Chris Johnson, with contributions from Cybercentry and the Virtuals Protocol.
AI Agents are rapidly becoming participants in the digital economy. They deploy code, execute transactions, manage wallets, interact with users, and increasingly collaborate with other Agents. But one problem remains unsolved: we have mature systems for verifying people, companies, websites, and software, yet we have never had a universal framework for verifying an AI Agent.
ERC-8126 builds upon the Agent registration mechanism of ERC-8004, introducing a standardized verification framework. AI Agents can prove their trustworthiness through independent verification service providers, while protecting privacy using zero-knowledge proofs.
The Problem: Why Should You Trust an Agent?
Users have always had very limited means to judge whether an AI Agent is trustworthy. Some seemingly simple questions often lack clear answers:
- Is this Agent running on secure infrastructure?
- Has its code been audited?
- Does it actually control the wallet it claims to control?
- Are the tokens associated with it legitimate?
- Is the content it publishes authentic?
- Has it been compromised?
Existing solutions are fragmented, inconsistent, and mostly rely solely on reputation. When Agents begin managing larger amounts of capital, autonomously executing more transactions, and connecting to critical systems, relying on reputation alone becomes insufficient. The entire ecosystem needs a shared verification framework.
What is ERC-8126?
ERC-8126 defines a standardized verification interface for AI Agents registered via ERC-8004. It does not establish a single verification authority but instead allows for a marketplace of specialized verification service providers. Each provider can use their own methods for evaluation, but the resulting attestations are interoperable and can be directly consumed by applications, marketplaces, wallets, and various Agent ecosystems. The end result is a portable AI Agent verification layer.
Verification service providers parse Agent metadata directly from the ERC-8004 Identity Registry and then execute a series of specialized verifications. The results can be transformed into privacy-preserving attestations, published to the ERC-8004 Attestation Registry, creating discoverable and verifiable signals across the ecosystem.
Five Layers of Verification
Ethereum Token Verification (ETV)
When an Agent's metadata contains a contract address, ETV verifies the legitimacy and security of that smart contract. The service provider confirms the contract is deployed on the corresponding chain using eth_getCode, verifies the returned bytecode is non-empty, and checks against known vulnerability patterns. An Agent may be associated with tokens, contracts, staking mechanisms, or other on-chain systems. If a contract doesn't exist, is misrepresented, or has obvious vulnerabilities, users and other Agents need to know this before interacting. ETV helps confirm whether an Agent has a legitimate on-chain footprint, allowing users to understand the economic foundation supporting the Agent.
Media Content Verification (MCV)
MCV verifies the authenticity, provenance, and integrity of media associated with an Agent. As Agents increasingly appear in public, media becomes part of their identity: avatars, generated content, branding materials, and publicly released content all influence user trust. MCV checks for tampering, synthetic media, deepfakes, embedded metadata, digital watermarks, steganographic payloads, and digital signatures. It can also integrate with established content authenticity frameworks like C2PA. As AI-generated content becomes more realistic, verifying authenticity becomes more critical.
Solidity Code Verification (SCV)
When parsed metadata contains Solidity code, SCV verifies the legality and security of the code. The service provider confirms the code corresponds to the bytecode deployed on-chain and checks for common vulnerabilities like reentrancy attacks, unsafe external calls, and flash loan attack patterns. Agents may operate their own smart contracts or interact with contracts during their operations. When bound to vulnerable code, risks directly impact users, assets, and other Agents. SCV provides the ecosystem with a standardized method for assessing smart contract security signals at the Agent level.
Web Application Verification (WAV)
WAV checks whether an Agent's web endpoints are accessible and secure. Agents typically expose web interfaces, APIs, dashboards, or various endpoints, all of which represent attack surfaces. A compromised URL can phish users, distribute malicious content, or manipulate Agent behavior. WAV verifies HTTPS endpoint responses, SSL certificate validity, and checks for common web security vulnerabilities, recommending adherence to established frameworks like the OWASP Web Security Testing Guide. For many users, an Agent's website is the first point of contact, long before checking wallets or contracts. The website is the front door; WAV assesses whether that door is secure.
Wallet Verification (WV)
WV confirms wallet ownership and assesses the on-chain risk profile of an Agent's wallet. The service provider checks the wallet's transaction history, evaluates it against threat intelligence databases, and identifies wallets associated with malicious behavior, suspicious activities, scams, or compromised infrastructure. An Agent's wallet is among the most critical parts of its identity. It may control funds, sign messages, authorize tasks, collect payments, and interact with other Agents. A high-risk wallet means a high-risk Agent. WV provides users and systems with a standardized evaluation method.
Privacy: Zero-Knowledge Proofs
Verification often requires access to sensitive information: source code, infrastructure details, proprietary data, operational systems, and security configurations. Organizations are understandably reluctant to make these public.
ERC-8126 resolves this tension using Private Data Verification (PDV) combined with zero-knowledge proofs. Verification service providers can review sensitive information, complete their analysis, and then generate cryptographic proofs confirming the conclusions without exposing the underlying data. This means an Agent can prove it has passed a security review without revealing any confidential infrastructure or proprietary information. Verification strength increases without compromising privacy.
Unified Risk Score: 0 to 100
Each applicable verification type returns a score from 0 to 100, with the overall risk score being the average of the individual scores. The standard defines clear risk levels:
- Low Risk: 0-20
- Medium: 21-40
- Elevated: 41-60
- High Risk: 61-80
- Critical: 81-100
This scoring model makes verification results easy to interpret: different Agents can be directly compared, risk classifications are consistent, trust signals are immediately actionable for decision-making, and they are interoperable across platforms. Applications can also display individual sub-scores, allowing users to see where specific risks lie.
Quantum-Resistant Cryptography: Optional
ERC-8126 also introduces optional Quantum Cryptography Verification (QCV). As quantum computing advances, traditional cryptographic systems may face new security challenges in the future. QCV provides an optional framework allowing service providers to encrypt sensitive verification records using quantum-resistant algorithms, ensuring the long-term security of verification data. Today it's optional, but it represents ERC-8126's design philosophy: verification infrastructure must be able to evolve alongside technology.
An Open Verification Marketplace
ERC-8126 deliberately separates the verification standard from its implementation. There is no centralized authority; any service provider can implement verification services that comply with the standard.
This design fosters competition among providers, specialization, geographic flexibility, better pricing, and continuous innovation. Just as multiple Certificate Authorities collectively underpin web security, multiple verification service providers can make the Agent ecosystem healthier and more resilient.
The Missing Layer
The industry spent years building the infrastructure for Agents to "exist." Now it needs the infrastructure for Agents to be "verifiable." Identity alone is not enough. An Agent can have a name, a wallet, and an on-chain identity, but still operate insecurely. It can execute transactions, interact with users, and even generate revenue while exposing users to hidden risks. Verification must become a first-class citizen, and that is the role of ERC-8126.
Standardized verification, portable attestations, privacy-preserving proofs, and transparent risk scores collectively make "trust" itself interoperable. An Agent verified in one ecosystem can carry that trust signal to another. Markets can assess an Agent without redoing the entire verification process. Users don't need to understand every technical detail to make informed decisions.
Identity, Verification, Commerce: The Triad
The next generation of the internet will not be driven solely by humans. Increasingly, autonomous software Agents will act on behalf of individuals, organizations, protocols, and other Agents. They will negotiate agreements, manage assets, purchase services, and deploy software, collaborating at scales unattainable by human organizations. Supporting this future requires three layers of infrastructure:
- Identity: ERC-8004 provides portable on-chain Agent registration
- Verification: ERC-8126 provides the trust layer, allowing participants to assess risk, verify authenticity, and interact confidently
- Commerce: ERC-8183 establishes standards for economic activity between Agents
Together, these three standards transform Agents from isolated software programs into participants in a shared economic network. No single company owns these layers; they belong to the entire ecosystem.
Why We Are Involved
As developers building Agent infrastructure, the contributors to this standard repeatedly encountered the same gap: Agents can register identities, trade, and collaborate, but the most fundamental user question lacks a common answer: Can I verify this Agent?
The answer to this question should not be owned by any single company. Verification infrastructure is only effective when it is neutral, open, and independently verifiable. That is why ERC-8126 is an open standard, not a proprietary product. Anyone can implement it, any service provider can offer verification services based on it, and any application can consume the attestations it produces.
Towards a "Verifiable Agent Economy"
The most successful digital economies in history have been built on trust. People trust websites because of HTTPS, software because of code signing, and businesses because of reputation systems and verification frameworks. The Agent economy needs its own verification infrastructure. Not because Agents are inherently dangerous, but because trust amplifies opportunity: users who can verify an Agent are more willing to interact with it; enterprises that can assess risk are more willing to deploy it; and Agents that can verify each other make entirely new forms of autonomous collaboration possible.
ERC-8126's goal is straightforward: make verification programmable. Not through a centralized authority, nor a single verification service provider, but by using an open standard to foster an ecosystem of verification services. Before Agents can transact with the world, the world needs to be able to verify these Agents.
Next Steps
ERC-8126 is an open standard. Developers are welcome to integrate the verification standard into their Agents: parse ERC-8004 metadata and start publishing attestations today.
Verification Service Providers: Implement compliant verification services covering ETV, MCV, SCV, WAV, and WV. Publish zero-knowledge proof-based PDV attestations through the marketplace of your choice.
Protocols, Marketplaces & Wallets: Integrate ERC-8126 to display verification results and unified risk scores for each Agent.
Read the full specification: ERC-8126
