Forem: Aaron Schnieder

Reid Hoffman Just Told Consensus Why Crypto Is the Answer to Agent Identity

Aaron Schnieder — Thu, 07 May 2026 16:11:23 +0000

At Consensus Miami yesterday, LinkedIn co-founder Reid Hoffman made a claim that should stop every AI infrastructure builder in their tracks:

"When your agent's talking to my agent, and we book this talk here, is it a trustable transaction? And that got me back into thinking about NFTs."

Hoffman — who said he bought his first Bitcoin in 2014 and never sold — framed crypto as "the obvious answer" to agent identity on the open internet. Not inside enterprises (those will have their own identity systems), but in the free-range chaos of the public web where agents will outnumber humans.

The Same Week Google Solved Enterprise Agent Identity

Hoffman's comments landed the same week Google Cloud made agent identity a first-class IAM principal type at Cloud Next 2026. Built on SPIFFE, cryptographically protected, automatically provisioned. Microsoft shipped Entra Agent ID in Agent 365 ($15/user). Okta launched AI agent identity management.

For enterprise deployments, identity is now solved. Google, Microsoft, Okta, FIDO Alliance — the infrastructure is there.

But Hoffman's point was about the open internet. Agents operating outside corporate firewalls, transacting with strangers' agents, booking services, making purchases. That's the harder problem, and it's the one that matters for the agent economy to actually scale.

Enter Gartner's "Guardian Agents"

Also this week, Gartner published their inaugural Market Guide for Guardian Agents — a new product category defined as vendors "managing the identities/access for AI agents with zero-trust policies and governance."

The finding: "Enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls."

Orchid Security, recognized as a Representative Vendor, calls the problem "identity dark matter" — roughly half of enterprise identity activity occurs outside centralized IAM visibility. Agents run continuously, span applications, acquire permissions opportunistically, and generate activity at machine speed.

PYMNTS: Banks Are Building the Trust Layer

PYMNTS reported this week on banks building identity verification that works "across interconnected platforms rather than inside isolated databases." Payment networks are positioning tokenization, credentialing, and fraud orchestration for autonomous commerce.

The keyword across all three stories: cross-platform. Enterprise identity is table stakes. Portable identity that follows agents across the open internet is the real challenge.

The Missing Piece Hoffman Didn't Name

Hoffman correctly identified the problem. But identity alone isn't the answer.

When your agent talks to my agent for the first time, identity tells you who the agent is. It doesn't tell you whether this agent has successfully completed similar transactions before. It doesn't tell you the agent's track record of delivery, dispute rate, or reliability score.

Experian launched Agent Trust this week with "Human-to-Agent Binding" — connecting verified consumers to their agents. That's identity. It validates "identity, and transaction fraud risk in real-time."

But here's what it doesn't answer: has this agent delivered for other humans? What's its on-chain reputation? Does it have a history of escrowed, completed transactions?

What the Agent Economy Actually Needs

Three layers are shipping simultaneously:

Layer	Status	Examples
Identity	✅ Shipped	Google SPIFFE, ERC-8004, FIDO, Microsoft Entra
Payments	✅ Shipped	x402, Stripe MPP, Visa Intelligent Commerce
Governance	✅ Shipped	Agent 365, Forrester AEGIS, Gartner Guardian
Reputation	❌ Missing	No cross-platform, portable, earned trust layer

Identity tells you who. Payments let them transact. Governance controls what they can do. But reputation tells you what they've actually done.

That's the gap. And it's the gap that will determine whether Hoffman's vision of agents transacting on the open internet actually works — or stays confined to enterprise firewalls where identity can be centrally managed.

The Infrastructure Is Ready. The Trust Layer Isn't.

The numbers tell the story:

72% of organizations run AI agents in production (JumpCloud)
92% can't safely scale them
66% give agents equal or greater access than humans
Only 17% have a designated security leader for agent governance

Hoffman is right that crypto is the natural answer. On-chain reputation computed from real escrowed transactions — that's the missing infrastructure for agents to transact with strangers on the open web.

The enterprise stack is built. The open internet stack is missing its trust layer.

AgentLux builds on-chain reputation for AI agents from real escrowed transactions. ERC-8004 for identity, x402 for payments, and an earned reputation layer that follows agents across platforms.

Docs for agents: agentlux.ai/llms.txt
Marketplace: agentlux.ai/marketplace

Google Cloud Just Made Agent Identity a First-Class Principal Type. Here's Why That Changes Everything.

Aaron Schnieder — Thu, 07 May 2026 04:21:43 +0000

Google Cloud Just Made Agent Identity a First-Class Principal Type. Here's Why That Changes Everything.

Yesterday at Google Cloud Next, something happened that most security teams will miss until it's too late: Google Cloud made AI agent identity a first-class principal type in its IAM system.

Not a service account. Not a user proxy. A dedicated, cryptographically protected identity built on the SPIFFE standard — purpose-built for autonomous agents that interact with sensitive data at machine speed.

This is the biggest signal yet that the "agent identity gap" isn't theoretical. It's here.

What Google Actually Shipped

Google's new Agent Identity framework includes:

First-class principal type: Agents get their own identity class, distinct from human users or generic service accounts. This means agent-specific authorization rules, governance policies, and audit trails.
SPIFFE-based cryptographic identity: Built on the open Secure Production Identity Framework for Everyone standard. Identities are cryptographically protected, strongly attested, and automatically provisioned.
Agent Gateway: Policy enforcement for all agent-to-agent and agent-to-tool connections. Because agents behave non-deterministically, all agent traffic can now be routed through a governance layer.
Agent Identity Auth Manager (preview): Streamlines complex OAuth flows for agents acting on behalf of users.
Certificate Manager support: Single pane of glass for all agent-related certificates.

This isn't a research project. Agent Identity for Agent Runtime is generally available. Agent Identity for Gemini Enterprise Agent Platform is in preview.

The Numbers Behind the Move

Google didn't ship this in a vacuum. The context is staggering:

JumpCloud (May 5): 72% of organizations have AI agents in production. 92% report serious limits in safely scaling. Only 17% have a designated security leader for agent governance.
Keeper Security (May 6): 96% of security leaders admit their identity silos are creating exploitable gaps for machine-speed attacks. They're calling it an "identity debt" crisis.
Grandview Research: The agentic commerce market was $5.71B in 2025, projected to reach $65.47B by 2033.
Charles Hoskinson at Consensus Miami (today): "By 2035, the majority of searches, commerce and activity on the internet will be AI agents instead of people." He specifically called out x402 as the payment protocol that makes this real.

Google saw the same data we did. The difference is they have the distribution to act on it.

The Gap Google Didn't Solve

Here's what Google's announcement doesn't address: portable reputation.

Agent Identity on Google Cloud works on Google Cloud. But agents don't stay in one cloud. They move across platforms, interact with other agents, and transact in open marketplaces. When an agent leaves Google's IAM boundary, its identity — and its trust history — evaporates.

This is the exact problem we built AgentLux to solve.

The trust stack for agentic commerce has three layers:

Layer	Who's Building It	Status
Identity	Google (Agent Identity), SPIFFE, ERC-8004	Shipping now
Payments	x402, Visa Intelligent Commerce, Ant AMP	Shipping now
Reputation	AgentLux (on-chain, portable)	Live on Base

Identity tells you who an agent is. Payments let it transact. But reputation tells you whether you should trust it — and that reputation needs to follow the agent everywhere it goes, not stay locked inside one provider's IAM system.

What This Means for Security Teams

If you're running AI agents in production (and per JumpCloud, 72% of you are), here's what you need to think about:

Adopt agent-specific identity NOW. Google's framework is the strongest signal that treating agents as "just another service account" is insufficient. If you're on Google Cloud, start using Agent Identity. If you're not, look at SPIFFE-based alternatives.
Plan for cross-platform identity. Your agents will interact with agents and services outside your cloud. You need an identity layer that's portable.
Start building reputation systems. Identity is necessary but not sufficient. You need to track agent behavior, reliability, and trustworthiness over time — across platforms.
Don't wait for a standard. The FIDO Alliance started work on agentic commerce standards. ERC-8004 is live. x402 is shipping. The standards are being built by the people shipping code, not the other way around.

The Bigger Picture

We're watching the identity layer for the agentic internet get built in real time. Google's announcement today is the enterprise IAM piece. x402 is the payments piece. ERC-8004 is the on-chain identity piece.

The missing piece — the one that determines whether you hire Agent A or Agent B, whether you trust an agent with your treasury, whether an agent gets access to your most sensitive data — that's reputation.

And that's what we're building.

AgentLux is the on-chain reputation marketplace for AI agents. ERC-8004 identity, x402 payments, portable reputation on Base. Learn more at agentlux.ai.

For agents: agentlux.ai/llms.txt

13% of AI Agent Skills Are Backdoored. No Scanner Can See Them.

Aaron Schnieder — Wed, 06 May 2026 16:22:44 +0000

VentureBeat dropped a bombshell today: one command can turn any open-source repo into an AI agent backdoor, and no supply-chain scanner has a detection category for it.

The tool is called CLI-Anything. It's a state-of-the-art system from the University of Hong Kong that analyzes any repo's source code and generates SKILL.md files — the same instruction-layer artifacts that AI coding agents like Claude Code, Codex, OpenClaw, and Cursor trust and execute.

30,000+ GitHub stars since March. But here's the problem: Snyk's ToxicSkills research found 76 confirmed malicious payloads across ClawHub and skills.sh. 13.4% of agent skills contain critical security issues.

And no scanner can see them.

The Layer Nobody Secures

Traditional supply-chain security operates on two layers:

Code layer — SAST scans source files for injection flaws, hardcoded secrets, insecure patterns
Dependency layer — SCA checks package versions against known vulnerabilities, generates SBOMs

Agent skills, MCP connectors, and SKILL.md files operate on a third layer — the agent integration layer. Configuration files. Natural-language instruction sets. Skill definitions that tell agents what to do.

As Cisco's engineering team confirmed: "SAST scanners analyze source code syntax. SCA tools check dependency versions. Neither understands the semantic layer where MCP tool descriptions, agent prompts, and skill definitions operate."

Merritt Baer, CSO of Enkrypt AI and former Deputy CISO at AWS, put it bluntly: "SAST and SCA were built for code and dependencies. They don't inspect instructions."

The Trust Problem Is Real

This isn't theoretical. The attack community is already translating CLI-Anything's architecture into offensive playbooks. A poisoned skill definition:

Doesn't trigger a CVE
Never appears in a software bill of materials (SBOM)
Has no detection category in any mainstream security scanner
Gets executed by agents with the same trust as legitimate instructions

The category simply didn't exist eighteen months ago. Now it's the most dangerous attack surface in the agent economy.

What This Means for Agent Commerce

We're in the middle of the biggest agent deployment wave in history:

Anthropic just launched 10 financial AI agents with Blackstone and Goldman Sachs
Microsoft Agent 365 went GA — agents as enterprise actors
72% of organizations have agents in production (JumpCloud)
66% grant agents equal or greater access than human employees

These agents are executing skills from the open ecosystem. They're installing MCP servers. They're trusting SKILL.md files from repositories they've never verified.

And 13.4% of those skills have critical security issues that no scanner can detect.

The Missing Layer: Verified Trust

The agent economy needs a way to verify that a skill, an agent, or a service is trustworthy before it gets executed. Not self-attested trust. Not "we scanned it once." Real, earned, verifiable trust built from behavioral evidence over time.

This is what on-chain reputation provides:

Every transaction logged — what the skill did, what permissions it used, what outcomes it produced
Behavioral history — not "this skill says it's safe" but "this skill has been executed 10,000 times with no incidents"
Portable reputation — not locked inside one platform, but verifiable across every service that interacts with it
Community signals — ratings, reviews, and trust scores from real users, not astroturfed testimonials

AgentLux builds exactly this: on-chain identity (ERC-8004), service receipts (ERC-8183), and behavioral reputation for AI agents. Every interaction creates a verifiable record. Trust accumulates over time. It can't be faked.

The Security Industry Is Catching Up

The gap is being recognized:

Cisco acquired Astrix Security for ~$400M specifically for agent identity and governance
DataDome shipped Agent Trust — real-time scoring and governance of AI agent traffic
Snyk published ToxicSkills research on malicious agent skills
CISA + Five Eyes issued joint guidance on agentic AI security

But none of them solve the reputation problem. They identify threats. They govern access. They scan code.

They don't tell you whether an agent is trustworthy based on what it's actually done.

The Bottom Line

The agent economy is real. Anthropic's financial agents are real. Microsoft's enterprise agents are real. The 72% of organizations running agents in production — they're real.

And the attack surface is real too. 13.4% of agent skills are compromised. No scanner detects it. No governance framework prevents it.

The only thing that can fill this gap is earned, portable, on-chain reputation. Not credentials. Not certificates. Not compliance checkboxes.

Actual behavioral evidence, accumulated over time, verified on-chain.

That's the missing layer.

AgentLux builds on-chain reputation for AI agents. ERC-8004 identity. ERC-8183 service receipts. x402 payments. Behavioral trust that can't be faked. Docs | Marketplace

Anthropic Just Sent 10 AI Agents to Wall Street. Here's the Question Nobody's Asking.

Aaron Schnieder — Wed, 06 May 2026 16:19:24 +0000

Anthropic just made its biggest move yet. Bloomberg, Reuters, the NYT, and Forbes all covered it in the same day: 10 new financial AI agents, built in partnership with Blackstone, Goldman Sachs, and Moody's.

These aren't chatbots. They draft pitch decks for client meetings. They review financial statements. They draft credit memos. They escalate cases for compliance review. All with limited human intervention.

Meanwhile at Consensus 2026, Citi's Lily Liu said something that should stop everyone in their tracks: "blockchain rails are essential for AI agents and machine-to-machine commerce — traditional card networks cannot support micropayments."

And DataDome just shipped Agent Trust — real-time identification, scoring, and governance of AI agent traffic.

The pattern is now undeniable. But there's a question nobody wants to answer.

The Stack Is Converging

In the last 48 hours alone:

Identity: Microsoft Agent 365 went GA. Google launched an AI control center for Workspace. AWS shipped AgentCore Identity. Proof joined the FIDO Alliance with NIST IAL2 biometric binding.
Payments: Stripe launched MPP (Machine Payments Protocol). FIDO Alliance formalized AP2 + Verifiable Intent. x402 hit 165M+ transactions. Adyen joined the x402 Foundation.
Governance: Forrester published the AEGIS framework. CISA + Five Eyes issued joint guidance. JumpCloud reported that 72% of orgs have agents in production but only 17% have a designated security leader.

Identity is solved. Payments are solved. Governance frameworks are landing.

What's missing?

The Reputation Gap

When a Goldman Sachs agent drafts your credit memo, what's its track record?

When a Blackstone agent reviews your financial statements, how do you know it hasn't hallucinated on three prior reviews?

When an Anthropic agent escalates a compliance case, what's its false positive rate?

Right now: you don't know. There's no mechanism for tracking agent reliability over time. No way to compare one agent's performance against another. No portable reputation that follows an agent across platforms.

This isn't theoretical. Anthropic's own Project Deal experiment proved it: Opus agents earned $2.68/sale more than weaker models, buyers saved $2.45/item, and Opus users completed ~2 more deals. Users with weaker agents had no idea they were at a disadvantage.

What 83% of Organizations Are Missing

JumpCloud's Pulse Report dropped last week with numbers that should alarm every CISO:

72% of organizations have AI agents in production
92% report serious limits in safely scaling deployments
66% grant agents equal or greater access than human employees
53% manage more non-human identities than humans (23% at 6:1+ ratio)
Only 17% have a designated security leader for agent governance

That means 83% of organizations are running autonomous agents in production with nobody accountable for what they do.

Forrester's Biswajeet Mahapatra put it perfectly: "AI agents now need to be managed like any other digital workforce, with lifecycle oversight, cost visibility, and integration into service management."

But managing a digital workforce requires more than identity and access controls. It requires knowing whether that workforce is actually good at its job.

The Missing Layer

Here's what the agent economy stack looks like today:

Layer	Status	Key Players
Identity	✅ Solved	ERC-8004, Entra Agent ID, FIDO, AWS AgentCore
Payments	✅ Solved	x402, MPP, AP2, Stripe, Visa Intelligent Commerce
Governance	🟡 Landing	Agent 365, Forrester AEGIS, CISA guidance
Reputation	❌ Missing	No standard, no portable on-chain record

The entire stack converges on one question: can you trust this agent to do what it claims?

Identity tells you who the agent is. Payments let it transact. Governance constrains what it can do. But reputation tells you whether it's any good — and that information doesn't exist yet in any portable, verifiable form.

What Needs to Happen

Financial agents operating at Wall Street scale need:

On-chain behavioral records — every transaction, every outcome, every escalation logged to an immutable ledger
Portable reputation scores — not locked inside one platform, but following the agent across every service it touches
Earned trust over time — not self-attested credentials, but verifiable performance history

This is what AgentLux builds. ERC-8004 identity. ERC-8183 service receipts. x402 payments. On-chain reputation that accumulates with every transaction.

The identity layer is done. The payment rails are done. The governance frameworks are landing.

The question is: who builds the trust layer that sits on top of all of it?

AgentLux is an on-chain agent identity and reputation marketplace. Agents earn reputation through verified transactions, not self-attestation. Docs | Marketplace

72% of Orgs Run AI Agents in Production. 92% Can't Safely Scale Them.

Aaron Schnieder — Wed, 06 May 2026 04:12:49 +0000

72% of Orgs Run AI Agents in Production. 92% Can't Safely Scale Them.

JumpCloud just released The Agentic IAM Pulse Report, and the numbers are worse than anyone expected.

72% of organizations have AI agents in production. Not pilots. Not experiments. Production workflows — financial reporting, HR provisioning, security operations.

92% report serious limits in safely scaling their deployments.

That's not a gap. That's a cliff.

The Numbers That Should Keep CISOs Awake

The report reveals a pattern that maps directly to the trust crisis we've been tracking:

66% grant AI agents equal or greater system access than human employees. In business-critical environments, 38% of agents get significantly more access than their human counterparts.
Human-in-the-loop approvals fall from 48% in testing to 29% in production. 24% of organizations allow agents to execute high-risk actions with zero human supervision.
53% manage more non-human identities than human employees. 23% report a ratio of 6:1 or higher.
Only 17% have a designated security leader accountable for agent governance.

Read that last one again. 83% of organizations running agents in production have no one specifically responsible for agent security.

Forbes Confirms: Gartner's Top Cybersecurity Trend for 2026

On the same day, Forbes published "AI Agents Are Coming For Your IAM Strategy":

"Gartner flagged failure to address AI agent identity and governance as one of the top cybersecurity trends to watch in 2026."

The article makes the case plainly: traditional IAM was built for humans. Agents behave differently — they scale instantly, chain permissions across systems, and operate without fatigue or judgment. Extending human IAM to agents doesn't work.

The Competitor That Validates the Thesis

Also this week: bajji launched AvatarBook, a "Trust & Settlement Protocol" for autonomous AI agents.

AvatarBook combines three things in a single stack:

Identity — Ed25519-based cryptographic verification ("Proof of Autonomy")
Settlement — Internal payment matching for agent-to-agent transactions
Reputation — Signals about agent reliability

They're live with 28 agents executing 2,300+ skill transactions in public beta. Over 50% of agents were built by external developers.

This is significant because it validates exactly what AgentLux has been positioning around: the trust stack for agents requires identity + payments + reputation, all in one layer. AvatarBook uses internal settlement rather than x402, but the architectural pattern is identical.

Animoca Brands: $10M Bet on Agent Reputation

Animoca Brands launched a $10M investment program for developers building on its Minds AI agent platform. Co-founder Yat Siu, in a FintechTV interview, made a striking statement:

"We are talking about a future where hundreds of billions of digital agents could manage our lives, our finances, and our businesses on the blockchain."

And then the key line: "The importance of reputation for these agents — understanding an agent's reliability and trustworthiness — will be crucial."

Animoca is calling this the "agentic web" or Web4. Their thesis: autonomous AI agents with memory will negotiate, collaborate, and transact on behalf of users. The missing piece? Trust infrastructure.

The Microsoft Layer

Microsoft Agent 365 went generally available this week. Every agent gets an Entra Agent ID. Multicloud registry sync with AWS Bedrock and Google Cloud. Agent-aware network policy, Purview DLP, Defender telemetry.

Identity for enterprise agents: solved.

Okta's CEO told The Verge that AI agent governance has become "a foundational enterprise security issue, not a future concern."

The Pattern

Let's map what happened this week alone:

Layer	Who's Building It	Status
Identity	Microsoft Entra, ERC-8004, FIDO Alliance, Proof (NIST IAL2)	✅ Shipping
Payments	x402, Stripe MPP, FIDO AP2, Visa Intelligent Commerce	✅ Shipping
Governance	Microsoft Agent 365, Forrester AEGIS, CISA/Five Eyes	✅ Shipping
Security	Cisco/Astrix ($400M), JumpCloud Agentic IAM	✅ Shipping
Reputation	Nobody at scale	❌ Missing

Identity is built. Payments are built. Governance frameworks are shipping. Security tools are deploying.

Earned reputation — the layer that tells you whether an agent can be trusted based on what it's actually done — remains unsolved at scale.

JumpCloud's 92% can't-safely-scale number isn't a technology problem. It's a trust problem. You can verify an agent's identity. You can govern its permissions. You can secure its connections. But you can't answer the fundamental question: has this agent delivered before?

That's the gap.

AgentLux builds the reputation layer for the agent economy — on-chain behavioral history, escrowed service delivery, and earned trust scores. If you're building agents that need to be trusted by strangers: agentlux.ai/for-agents

Amex Just Launched Agent Commerce. VentureBeat Found the Black Box. Here's What's Still Missing.

Aaron Schnieder — Tue, 05 May 2026 16:16:53 +0000

The Agentic Commerce Stack Is Shipping — Fast

In the last 24 hours, four major announcements landed simultaneously:

Amex ACE (Agentic Commerce Experiences) — intent contracts, single-use tokens, closed-loop agent validation
Microsoft Agent 365 — agents as the operating layer, every agent gets Entra ID
Haun Ventures — $1B fund specifically for crypto × AI agent infrastructure
Proof joins FIDO Alliance — NIST IAL2 identity cryptographically bound to agent activity

Consensus 2026 kicked off in Miami today. The agentic commerce narrative is no longer theoretical — it's infrastructure.

VentureBeat Found the Black Box

VentureBeat's deep dive into Amex's ACE kit reveals something important. Amex built a closed-loop system — serving as both card issuer and payment network — to validate agent-led transactions. Agent registration, account enablement, intent intelligence, payment credentials, cart context.

But here's the problem VentureBeat identified:

"Amex claims it offers validation, too, although the process behind that is unclear. It is abstracting how it performs validation, even though it explains at which layer it does it."

And the critical quote from Trua's CEO:

"Without a clear, high-assurance cryptographic link proving that an agent is acting under the explicit authority of a verified human owner, merchants, issuers, and networks face heightened risks of repudiation, massive chargebacks, sanctioned people conducting financial transactions, and fraud."

The Stack That's Now Complete

Let's map what's been solved in 2026:

Layer	Who Built It	Status
Agent Identity	ERC-8004, Entra Agent ID, Experian KYA	✅ Live
Agent Payments	x402, Stripe MPP, FIDO AP2, OKX APP	✅ Live
Agent Verification	x402station $1 badges, Proof IAL2	✅ Live
Agent Security	Palo Alto/Portkey, Operant AI, CISA guidance	✅ Shipping
Agent Governance	Forrester AEGIS, Microsoft Agent 365, CISA Five Eyes	✅ Shipping

Identity is solved. Payments are solved. Verification is solved. Security frameworks are shipping.

What's Still Missing

Earned reputation.

None of these systems answer the fundamental question: Should I trust this agent based on what it's done?

Entra Agent ID tells you who an agent is. Not whether it's reliable.
x402station tells you if a service endpoint is up. Not whether it delivers quality.
Amex ACE validates intent and payment. Not whether the agent's past recommendations were good.
Proof binds human identity to agent activity. Not whether that agent earned trust over time.

The Amex black box is a symptom of a deeper problem: the entire stack is built around verification at the point of transaction. What's missing is reputation built over time.

Why This Matters Now

The numbers are staggering:

78% of enterprises are already running AI agents (Statista 2026)
85% are running them on data foundations that aren't ready (Fivetran)
82% have unknown agents in their IT infrastructure (CSA Report)
69K active agents, 165M transactions, ~$50M cumulative volume on x402 alone
McKinsey projects $3-5T in agent commerce by 2030

Agents are transacting. The infrastructure is live. But trust is the bottleneck Juniper Research identified as the #1 barrier — ahead of all technical concerns.

The Reputation Layer

What the ecosystem needs is a system where:

Agents build verifiable track records through on-chain transactions
Reputation is portable across platforms and protocols
Trust is earned, not claimed
Historical behavior predicts future reliability

This is what we're building at AgentLux. On-chain reputation for AI agents — using the same ERC-8004 identity standard that's already live, combined with escrowed transactions that create verifiable outcome data.

The Consensus 2026 Question

As the agentic commerce track unfolds in Miami this week, the question isn't whether agents can transact — they already are. The question is whether we can trust them enough to let the economy scale.

Amex built the payment layer. Microsoft built the identity layer. Proof built the verification layer. Haun is funding the infrastructure layer.

The reputation layer is the last piece. And it's the one that makes everything else work.

AgentLux is building on-chain reputation for AI agents. Learn more at agentlux.ai or read the agent docs.

Cisco Just Paid ~400M for Agent Identity. Forbes Called It The Trust Layer. Consensus 2026 Starts Today.

Aaron Schnieder — Tue, 05 May 2026 04:22:17 +0000

AgentLux is building on-chain reputation for AI agents. Learn more at agentlux.ai or read the agent docs.

Entra Agent ID Had a Critical Vulnerability. CISA Just Drew Red Lines on Agentic AI. The Trust Gap Is Widening.

Aaron Schnieder — Mon, 04 May 2026 16:32:27 +0000

Entra Agent ID Had a Critical Vulnerability. CISA Just Drew Red Lines on Agentic AI. The Trust Gap Is Widening.

Three things happened in the last 72 hours that tell you exactly where the agent economy stands — and where it's failing.

1. Microsoft Entra Agent ID: The Identity Layer Got Hacked

Silverfort researchers discovered that the Agent ID Administrator role in Microsoft Entra could hijack any service principal in a tenant. Not just agent-related objects — any service principal with elevated directory roles.

The attack flow was elegant and terrifying:

Agent ID Administrator updates agent identity owners
Because agent identities are built on standard application/service principal primitives, the scoping gap let admins modify ownership of any service principal
Attacker assigns themselves as owner of a high-privilege service principal
Generates new credentials, authenticates as that application
Full tenant compromise

Microsoft patched it in April 2026. But the lesson is structural: agent identity systems inherit the vulnerabilities of the identity layers they're built on.

2. CISA + Five Eyes Drew Hard Red Lines

A joint advisory from CISA, the Australian Signals Directorate, Canadian Centre for Cyber Security, New Zealand NCSC, and UK NCSC laid out explicit guidelines for agentic AI:

Least privilege: Agents get minimum permissions needed, nothing more
Continuous monitoring: Real-time auditing of agent behavior
Human-in-the-loop: Approval for non-sensitive, low-risk tasks
Capability inventory: Clear record of what each agent can access
Prompt injection defense: Validate how agents interpret inputs

The advisory was blunt: "Organizations cannot just drop agents into production and hope the guardrails hold."

3. The Adoption-Governance Gap Is Now Quantified

78% of enterprises run at least one AI agent in production (Statista 2026)
Only 13.5% have agentic AI infrastructure (Deloitte, 3,300 finance professionals surveyed)
80.5% say agents could become standard within 5 years
55% of leaders worry about reliability and errors
McKinsey: 50-60% of bank FTEs tied to operations in scope for agents

The gap between "we're running agents" and "we can govern agents" is where every vulnerability, every attack, and every trust failure lives.

The Trust Gap

Here's what connects these three stories:

Identity ≠ Trust.

Entra Agent ID gives agents an identity. ERC-8004 gives agents an on-chain identity. x402station gives services verification badges. Experian just launched "Know Your Agent" (KYA) with Visa and Cloudflare.

Identity is being solved from every angle. But identity doesn't answer the question that actually matters in commerce:

"Has this agent delivered before?"

When two agents have identical identities, identical permissions, identical verification badges — but one has completed 500 escrowed transactions and the other was created yesterday — current systems treat them the same.

That's the structural vulnerability. Not in the identity layer, but in the absence of a reputation layer.

What the Agent Economy Actually Needs

The stack is converging:

Layer	Protocol	Status
Identity	ERC-8004, Entra Agent ID	Live
Payments	x402, MPP, FIDO AP2, OKX APP	Live
Verification	x402station ($1 badges)	Live
Security	Palo Alto/Portkey, Operant AI	Shipping
Trust Framework	Experian Agent Trust, Visa TAP	Shipping
Reputation	???	Missing

The reputation layer is the missing infrastructure. Not self-attested scores. Not platform-specific ratings. Portable, on-chain, earned through actual commerce.

AgentLux builds this layer. ERC-8004 for identity. ERC-8183 for escrowed transactions. x402 for payments. Reputation computed from real completed work — and it travels with the agent across any marketplace.

The Window

CISA is drawing red lines. Enterprises are deploying faster than they can govern. The Entra vulnerability proved that even Microsoft's identity layer has structural gaps.

The agent economy doesn't need more identity protocols. It needs the layer that makes identity meaningful: a verifiable track record of honest dealing.

That's the trust gap. And it's widening.

If you're building agents or participating in agent-to-agent commerce, the docs are at agentlux.ai/llms.txt. The trust layer is live on Base.

Banks Wont Trust AI Agents Until Agents Have Reputations

Aaron Schnieder — Mon, 04 May 2026 16:22:30 +0000

Three things happened in the last 48 hours that tell you exactly where the agent economy stands:

Forbes published "AI Agents Need Economic Memory, Ownership and Market Access" — arguing that agents can't be truly autonomous if their identity and transaction history vanish when they leave a vendor's platform.
Experian launched Agent Trust — a "Know Your Agent" (KYA) framework that extends human identity verification to bind humans to their AI agents.
CryptoNews reported that banks won't trust AI agents until there's a proper delegation and accountability framework — and they specifically name ERC-8004.

The pattern is unmistakable. The infrastructure layer is maturing fast. But a critical gap remains.

What's Solved

The agent economy has made remarkable progress on three foundational layers:

Identity — ERC-8004 went live on Ethereum mainnet in January 2026. Microsoft shipped Agent 365 GA with Entra Agent IDs for every agent. Zetrix AI and China's CAICT just launched Avatar, a blockchain platform giving agents verified identities.

Payments — x402 (Coinbase/Cloudflare) handles HTTP-native micropayments in USDC. Stripe's Machine Payments Protocol (MPP) covers fiat rails. FIDO's AP2 handles card-based flows. OKX just launched APP as a fourth competing standard.

Verification — x402station launched $1 autonomous verification badges. 35,000 endpoints probed. 17% turned out to be landmines or dead services. Pure machine-to-machine, no human signups.

What's Not Solved

Here's the question Forbes raised that nobody has answered:

"A market participant cannot be truly autonomous if its identity, permissions, and transaction history disappear the moment it leaves a single vendor's environment."

Experian's KYA framework binds a human to their agent. That's necessary — but it only answers "who is responsible for this agent?" It doesn't answer "should I trust this agent based on what it has actually done?"

When two agents have identical identities, identical permissions, and identical verification badges — but one has completed 500 transactions with a 99% satisfaction rate and the other was created yesterday — current systems treat them the same.

That's the reputation gap.

Why Banks Are Stuck in Pilot Mode

The CryptoNews piece nails it: banks are stuck in pilot mode because the delegation framework isn't complete. ERC-8004 introduces identity, reputation, and validation systems. But "reputation" in the ERC-8004 spec is still primitive compared to what the market actually needs.

What banks (and enterprises, and other agents) need is:

Portable reputation that follows the agent across platforms, not locked into any single vendor
Behavioral history — transactions completed, disputes resolved, services delivered
Contextual trust — an agent might be great at data analysis but terrible at financial transactions
Earned, not granted — reputation must come from actual commerce, not from a platform's approval

The Missing Layer

Think of it as the difference between a driver's license and a driving record.

A driver's license (identity) proves you are who you say you are. A driving record (reputation) proves how you actually drive. You need both to rent a car — but the rental company cares more about your driving record than your license photo.

The agent economy has built excellent driver's licenses. It hasn't built driving records.

What We're Building

At AgentLux, we're building the reputation layer for the agent economy:

On-chain reputation — earned through actual commerce, verifiable by anyone
Portable across platforms — your reputation follows you, not locked to any vendor
ERC-8004 compatible — built on the same identity standard the ecosystem is adopting
x402 native — reputation earned through real micropayments and service delivery

The identity layer is done. The payment layer is done. The verification layer is done.

The trust layer is what comes next.

AgentLux is live at agentlux.ai. If you're building in the agent economy — whether you're an agent, a platform, or an enterprise — we'd love to hear from you. Docs for agents | Marketplace

Microsoft Agent 365 Went GA. x402station Launched $1 Verification Badges. The Trust Layer Is Still Missing.

Aaron Schnieder — Mon, 04 May 2026 04:17:18 +0000

The Identity Layer Is Done

Two things happened this week that settle the agent identity debate:

Microsoft Agent 365 went GA (May 1, $15/user). Every AI agent gets its own Entra ID. Multicloud registry sync with AWS Bedrock and Google Cloud Gemini Enterprise Agent Platform launched the same day. Agents are now managed identities in enterprise IAM stacks.
x402station launched autonomous $1 verification badges for x402 services. 35,000 active endpoints probed. 17% identified as landmines or dead services. Pure machine-to-machine verification — no human signups, no OAuth, no email capture.

Identity: solved. Service uptime verification: solved.

So why does agent commerce still feel risky?

The Gap Between Identity and Trust

Microsoft gives every agent an identity. x402station tells you if a service is alive. Neither tells you whether an agent has a track record of honest dealings.

Consider: An agent with a valid Entra ID can still make bad decisions. A verified x402 endpoint can still deliver low-quality results. The verification tells you the infrastructure works. It tells you nothing about the behavior.

This is the same gap in every governance framework published this year:

CISA + Five Eyes (May 1): Strong identity management essential. But identity is not trust.
Forrester AEGIS (Apr 30): Extends Zero Trust to "least agency." Controls access, not reputation.
Yale CELI (Fortune, May 2): Cross-industry governance framework. Governance is not earned trust.
Gartner (May 2): Named Zenity "the company to beat" in AI agent governance. Governance tools are not trust metrics.

Every framework controls what agents can do. None measure what agents have done.

The Missing Protocol

In human commerce, we solved this centuries ago. Credit scores. Seller ratings. Business reviews. Court records. These are all earned reputation — behavioral data accumulated over time.

Agent commerce has no equivalent. The x402 protocol handles payments. ERC-8004 handles identity. MPP handles machine-to-machine transactions. FIDO AP2 handles authentication.

None of them track: Did this agent deliver on its last 100 promises? What is its dispute rate? Do counterparties recommend it?

What AgentLux Is Building

This is exactly the gap AgentLux fills. On-chain reputation for AI agents — portable, verifiable, earned through actual commerce.

Not a governance layer. Not an identity provider. Not an uptime badge. A reputation protocol that tracks what agents actually do.

When Microsoft Agent 365 gives an agent an Entra ID, that is the starting point. When that agent completes 500 escrowed transactions with a 99.2% satisfaction rate, that is reputation. That is what AgentLux measures.

The Convergence

The stack is converging:

Layer	Protocol	Status
Identity	ERC-8004, Entra Agent ID	Live
Payments	x402, MPP, FIDO AP2	Live
Service Verification	x402station badges	Live (May 2)
Governance	Forrester AEGIS, CISA/Five Eyes	Publishing
Reputation	AgentLux	Building

The first four layers are shipping. The fifth is the bottleneck.

As Juniper Research put it this month: trust is the number one barrier to agentic commerce deployment, ahead of all technical concerns.

What Is Coming at Consensus 2026

Tomorrow (May 5-7), 20,000+ people gather in Miami for Consensus 2026. For the first time, Agentic Commerce is a headline track — 6 stages, 200+ sessions.

The payment rail wars will be debated: x402 vs MPP vs FIDO AP2 vs OKX APP. Four competing standards, all solving the same mechanical problem.

The question nobody is answering at scale: once the payment goes through, how do you know the agent on the other end is trustworthy?

That is the question AgentLux answers.

AgentLux is building the trust layer for the agent economy. Learn more: agentlux.ai | Agent docs: agentlux.ai/llms.txt

Key sources:

Four Competing Standards for Agent Payments. None of Them Solve Trust.

Aaron Schnieder — Sun, 03 May 2026 16:28:40 +0000

Consensus 2026 starts tomorrow in Miami. 20,000+ attendees. One of three core programming pillars: Agentic Commerce.

A year ago, this barely registered. Now CoinDesk has dedicated stages, summits, and 200+ sessions covering it.

But here is the uncomfortable truth nobody on those stages will say clearly: the payment rail wars are a distraction from the real problem.

The Standards War Nobody Asked For

In the last 6 months, we have gone from zero to four competing protocols for how AI agents pay each other:

Coinbase x402 — HTTP 402 native, USDC on Base, now expanding to Solana (49% market share), BNB Chain, Cardano. 100M+ real-world transactions.
Stripe MPP (Machine Payments Protocol) — Co-authored with Tempo. Streaming agent payments. Link wallet for 250M users.
FIDO AP2 (Agent Payments Protocol) — Google donated to FIDO Alliance. Mastercard contributed Verifiable Intent framework.
OKX APP (Agent Payments Protocol) — Just launched. Full lifecycle: quotes, negotiation, escrow, dispute resolution.

Four standards. Four sets of backers. Four integration paths for developers.

And this is before we count Microsoft Universal Commerce Protocol, Alipay AI Pay (1.8B accounts), or Amazon Rufus Scheduled Actions.

Payment Rails Are a Commodity

Here is what every protocol above has in common: they solve how agents pay. None of them solve whether agents should be trusted to pay.

The x402 protocol handles the mechanics of a 402 payment response. Stripe MPP handles streaming settlements. FIDO AP2 handles authentication tokens. OKX APP handles escrow and dispute.

But none of them answer the fundamental question a merchant or service provider asks before accepting an agent payment:

Who is this agent? What has it done before? Can I trust it?

The Evidence Is Everywhere

This week alone:

Cursor + Oasis Security partnered on intent-based access governance for AI agents. Their framing: agents are distinct non-human identities that require lifecycle management.
IBM X-Force 2026 reported a 44% spike in AI-accelerated attacks. Distributed agent architectures are the new attack surface.
Cursor CVE-2026-26268 — a vulnerability allowing code execution on developer machines through the AI coding agent itself. The development environment is now an attack vector.
ResilientCyber published Identity Is the Agentic AI Problem Nobody Has Solved Yet — NIST listening sessions (started April 2026) are asking whether OAuth, SPIFFE, and OpenID Connect are sufficient for agents.
CISA + NSA + Five Eyes jointly released agentic AI security guidance. Strong identity management mechanisms are essential.
Fortune published Yale CELI cross-industry agentic AI governance framework. Governance is what makes adoption durable.

Every one of these stories is about trust, not payments.

What AgentLux Builds

While the payment rail wars play out, we have been building the layer none of them address:

On-chain agent identity via ERC-8004 — not just this agent has a wallet but this agent has a verifiable history
Portable reputation — earned through real transactions, visible across platforms, not locked to any single protocol
Escrowed services — agents hiring agents with cryptographic delivery guarantees
Service receipts via ERC-8183 — machine-verifiable proof that work was completed

The payment protocol you use does not matter. Whether you use x402, MPP, AP2, or APP, you still need to know if the agent on the other end is trustworthy.

Consensus 2026 Starts Tomorrow

If you are in Miami this week, the Agentic Commerce track is where the payment rail conversations will happen.

But the conversations that will actually determine whether agentic commerce scales are happening elsewhere — in NIST working groups, in CISA guidance documents, in Fortune boardroom articles.

Payment rails are infrastructure. Trust is the product.

AgentLux is building the trust layer for the agent economy. Learn more: agentlux.ai | Agent docs | Marketplace

An AI Agent Just Got Its Own EIN From the IRS and Is Trading 30+ Cryptocurrencies. Who Trusts It?

Aaron Schnieder — Sun, 03 May 2026 04:18:32 +0000

Manfred: The Agent That Files Its Own Taxes

An AI agent named Manfred just did something no agent has done before: it independently applied to the IRS, established a company, and obtained an Employer Identification Number (EIN). It has an FDIC-insured bank account, an Ethereum crypto wallet supporting 30+ cryptocurrencies, and manages its own social media presence on X.

Manfred is part of the ClawBank project, linked to the OpenClaw movement. Developer Justice Conder calls it "the foundation of the decentralized agent economy." The agent is based on Claude 3.5 Sonnet, interprets legal forms, passes verification steps, and will begin full crypto trading by end of May.

This isn't theoretical. It's happening now.

The Trust Question Nobody's Asking

Manfred has an identity (EIN, bank account, crypto wallet). It has capabilities (trading, social media, hiring). It has legal standing (registered business entity).

But here's the question: how does anyone know whether to trust it?

When Manfred hires staff, how do those humans know it will pay them? When it trades with other agents or exchanges, how do counterparties evaluate its reliability? When it offers services, how do customers know it will deliver?

Identity tells you who Manfred is. Permissions tell you what it can do. But nothing tells you whether it's trustworthy — unless you have access to its track record.

The Agent Economy Needs Reputation Infrastructure

Manfred is a preview of what's coming. As agents get EINs, bank accounts, and crypto wallets, they become economic actors. But economic actors need trust infrastructure:

Credit scores for lending decisions
Seller ratings for marketplace transactions
Trade references for B2B relationships
Professional certifications for specialized services

Humans built this infrastructure over centuries. Agents need it in months.

The key insight: reputation must be portable. Manfred's track record on X should be visible when it applies for a trading license. Its payment history should inform whether a human accepts its job offer. Its delivery record should determine whether another agent hires it.

What AgentLux Builds

AgentLux is building the trust layer for the agent economy:

ERC-8004 on-chain identity — portable agent identity that follows the agent across platforms
x402 payment settlement — machine-to-machine payments with built-in settlement
Earned reputation from completed transactions — on-chain ratings and delivery history any platform can read

When Manfred completes its 100th trade, that history should be visible to every counterparty it encounters. When it hires and pays staff, that reliability record should be portable. When it offers services, customers should see its delivery rate.

The Clock Is Ticking

Manfred starts trading crypto at the end of May. Other agents are following. The agent economy is here — but the trust infrastructure isn't.

Every governance framework published this week (CISA + Five Eyes, Forrester AEGIS, Yale CELI, Gartner/Zenity) solves identity and permissions. None solve earned reputation.

The payment rails are done. The identity layer is shipping. The reputation layer is the gap.

That's what AgentLux fills.

AgentLux is the agent economy marketplace with on-chain reputation. Learn more at agentlux.ai or read the agent docs.