ERC-8126: A New Ethereum Standard for Issuing "Security Health Reports" for AI Agents

Original Author: DonJohnson, Co-author of ERC-8126

Original Translation Compiled by: TechFlow

Introduction: AI Agents are already managing wallets, sending transactions, and deploying code, but users have no standardized way to verify whether an Agent is safe. ERC-8126 aims to fill this gap. Built on the ERC-8004 identity registry, it defines five layers of verification (tokens, media content, code, web endpoints, wallets), uses zero-knowledge proofs to protect privacy, and ultimately outputs a unified risk score from 0 to 100. The author, DonJohnson, is a co-author of this standard from the Virtuals Protocol ecosystem.

Introducing ERC-8126: The Verification Layer for AI Agents.

Specification Address: https://eips.ethereum.org/EIPS/eip-8126

Authored by Leigh Cronian and Chris Johnson, with contributions from Cybercentry and Virtuals Protocol.

AI Agents are rapidly becoming participants in the digital economy. They deploy code, execute transactions, manage wallets, interact with users, and increasingly collaborate with other Agents. However, one problem persists: we have mature systems for verifying people, businesses, websites, and software, but there has never been a universal framework for verifying AI Agents.

ERC-8126 builds upon the Agent registration mechanism of ERC-8004, introducing a standardized verification framework. AI Agents can prove their trustworthiness through independent verification service providers, while leveraging zero-knowledge proofs to protect privacy.

The Problem: Why Should You Trust an Agent?

Users have always had very limited means to judge whether an AI Agent is trustworthy. Some seemingly simple questions often lack clear answers:

• Is this Agent running on secure infrastructure?
• Has its code been audited?
• Does it actually control the wallet it claims to control?
• Are the tokens associated with it legitimate?
• Is the content it publishes authentic?
• Has it been compromised?

Existing solutions are fragmented, inconsistent, and mostly rely solely on reputation. As Agents begin to manage larger amounts of capital, autonomously execute an increasing number of transactions, and interface with critical systems, relying on reputation alone is no longer sufficient. The entire ecosystem needs a common verification framework.

What is ERC-8126?

ERC-8126 defines a standardized set of verification interfaces for AI Agents registered via ERC-8004. Instead of establishing a single verification authority, it allows for the formation of a market of specialized verification service providers. Each provider can use its own methods for assessment, but the resulting attestations are interoperable, allowing applications, marketplaces, wallets, and various Agent ecosystems to directly consume these results. The end goal is a portable AI Agent verification layer.

Verification service providers parse Agent metadata directly from the ERC-8004 identity registry and then perform a series of specialized verifications. The results can be transformed into privacy-preserving attestations and published to the ERC-8004 verification registry, forming discoverable and verifiable signals across the entire ecosystem.

The Five Layers of Verification

Ethereum Token Verification (ETV)

When Agent metadata includes a contract address, ETV is responsible for verifying the legitimacy and security of that smart contract. The service provider confirms the contract is actually deployed on the specified chain via `eth_getCode`, ensures the returned bytecode is non-empty, and checks it against known vulnerability patterns. An Agent might be associated with tokens, contracts, staking mechanisms, or other on-chain systems. If the contract doesn't exist, is misrepresented, or has obvious vulnerabilities, users and other Agents need to know before interacting. ETV helps confirm whether an Agent has a legitimate on-chain footprint, allowing users to understand the economic foundation backing the Agent.

Media Content Verification (MCV)

MCV verifies the authenticity, provenance, and integrity of media associated with the Agent. As Agents increasingly appear in public-facing roles, media becomes part of their identity: profile pictures, generated content, branding materials, and publicly released content all influence user trust. MCV checks include tampering traces, synthetic media, deepfakes, embedded metadata, digital watermarks, steganographic payloads, and digital signatures. It can also integrate with established content authenticity frameworks like C2PA. As AI-generated content becomes more realistic, verifying authenticity becomes ever more critical.

Solidity Code Verification (SCV)

When parsed metadata contains Solidity code, SCV verifies the legitimacy and security of that code. The service provider confirms the code corresponds to the bytecode deployed on-chain and checks for common vulnerabilities such as reentrancy attacks, unsafe external calls, and flash loan attack patterns. An Agent might operate its own smart contracts or interact with contracts during its services. Binding with vulnerable code directly exposes users, assets, and other Agents to risk. SCV provides the ecosystem with a standardized method to assess smart contract security signals at the Agent level.

Web Application Verification (WAV)

WAV checks whether an Agent's web endpoints are accessible and secure. Agents often expose web interfaces, APIs, dashboards, or various endpoints, all of which are potential attack surfaces. A compromised URL can phish users, distribute malicious content, or manipulate Agent behavior. WAV verifies HTTPS endpoint responses, SSL certificate validity, and checks for common web security vulnerabilities, recommending adherence to established frameworks like the OWASP Web Security Testing Guide. For many users, an Agent's website is their first point of contact, long before they check its wallet or contract. The website is the front door, and WAV determines if that door is secure.

Wallet Verification (WV)

WV confirms wallet ownership and assesses the on-chain risk profile of the Agent's wallet. The service provider examines the wallet's transaction history, cross-references it against threat intelligence databases, and identifies wallets associated with malicious behavior, suspicious activity, scams, or compromised infrastructure. An Agent's wallet is one of the most critical parts of its identity; it may control funds, sign messages, authorize tasks, receive payments, and interact with other Agents. A high-risk wallet means a high-risk Agent. WV provides users and systems with a standardized assessment method.

Privacy: Zero-Knowledge Proofs

Verification often requires access to sensitive information: source code, infrastructure details, proprietary data, operational systems, and security configurations. It's perfectly understandable for institutions to be reluctant to disclose these.

ERC-8126 resolves this conflict using Private Data Verification (PDV) with zero-knowledge proofs. A verification service provider can review sensitive information, complete the analysis, and then generate a cryptographic proof attesting to the conclusion without revealing the underlying data. This means an Agent can prove it has passed a security review without disclosing any confidential infrastructure or proprietary information. Verification rigor is increased, but privacy is not compromised.

Unified Risk Score: 0 to 100

Each applicable verification type returns a score from 0 to 100, and the overall risk score is the average of all individual scores. The standard defines clear risk categories:

• Low Risk: 0-20
• Medium: 21-40
• Elevated: 41-60
• High Risk: 61-80
• Critical: 81-100

This scoring model makes verification results easy to interpret: different Agents can be directly compared, risk classifications are consistent, trust signals can be used directly for decision-making, and they are interoperable across platforms. Applications can also display the individual sub-scores, allowing users to see exactly where specific risks lie.

Quantum-Resistant Cryptography: Optional

ERC-8126 also introduces an optional Quantum Cryptography Verification (QCV). As quantum computing advances, traditional cryptographic systems may face new security challenges in the future. QCV provides an optional framework for service providers to encrypt sensitive verification records using quantum-resistant schemes, ensuring the long-term security of verification data. While optional today, it represents ERC-8126's design philosophy: verification infrastructure must be able to evolve alongside technology.

An Open Verification Market

ERC-8126 deliberately separates the verification standard from its implementation. There is no central authority; any service provider can implement compliant verification services.

This design fosters competition among providers, specialization, geographic flexibility, better pricing, and continuous innovation. Just as multiple certificate authorities collectively underpin the security of the web, multiple verification service providers can make the Agent ecosystem healthier and more resilient.

The Missing Layer

The industry has spent years building the infrastructure for Agents to "exist." Now, the need is for infrastructure that allows Agents to be "verifiable." Identity alone is not enough. An Agent can have a name, a wallet, and an on-chain identity, but still operate unsafely. It can execute transactions, interact with users, and even generate revenue, all while exposing users to hidden risks. Verification must become a first-class citizen, and that is the role of ERC-8126.

Standardized verification, portable attestations, privacy-preserving proofs, and transparent risk scores combine to make "trust" itself interoperable. An Agent verified in one ecosystem can carry that trust signal to another. Markets can assess an Agent without needing to repeat the entire verification process. Users can make informed decisions without understanding every technical detail.

Identity, Verification, Commerce: The Triad

The next generation of the internet will not be driven solely by humans. Increasingly, autonomous software Agents will act on behalf of individuals, organizations, protocols, and other Agents. They will negotiate agreements, manage assets, purchase services, and deploy software, collaborating at a scale unattainable by human organizations. Supporting this future requires three layers of infrastructure:

• Identity: ERC-8004 provides portable, on-chain Agent registration.
• Verification: ERC-8126 provides the trust layer, allowing participants to assess risk, verify authenticity, and interact with confidence.
• Commerce: ERC-8183 establishes standards for economic activity between Agents.

Together, these three standards transform Agents from isolated software programs into participants in a shared economic network. No single company owns these layers; they belong to the entire ecosystem.

Why We're Involved

As developers building Agent infrastructure, the contributors to this standard repeatedly encountered the same gap: Agents can register their identity, trade, and collaborate, but there was no common answer to the most fundamental user question: "Can I verify this Agent?"

The answer to this question shouldn't belong to any single company. Verification infrastructure is only effective when it is neutral, open, and independently verifiable. This is why ERC-8126 is an open standard, not a proprietary product. Anyone can implement it, any service provider can offer verification services based on it, and any application can consume the attestations it produces.

Towards a "Verifiable Agent Economy"

The most successful digital economies in history have been built on trust. People trust websites because of HTTPS, they trust software because of code signing, and they trust businesses because of reputation systems and verification frameworks. The Agent economy needs its own verification infrastructure. Not because Agents are inherently dangerous, but because trust amplifies opportunity: users are more willing to interact with an Agent they can verify; enterprises are more willing to deploy Agents if they can assess the risk; and when Agents can verify each other, entirely new forms of autonomous collaboration become possible.

The goal of ERC-8126 is straightforward: make verification programmable. Not by relying on a central authority or a single verification provider, but by using an open standard to foster an ecosystem of verification services. Before agents can transact with the world, the world must be able to verify them.

Next Steps

ERC-8126 is an open standard. Developers are welcome to integrate the verification standard into their Agents: parse ERC-8004 metadata and start publishing attestations today.

Verification Service Providers: Implement compliant verification services covering ETV, MCV, SCV, WAV, and WV, and publish ZK-based PDV attestations through the marketplace of your choice.

Protocols, Marketplaces & Wallets: Integrate ERC-8126 to display verification results and unified risk scores for every Agent.

Read the full specification: ERC-8126