ChainAware Launches Agent Trust Score – On-Chain Trust Scoring for the Agentic Commerce Era


Something fundamental is changing in how commerce works. AI agents — software systems that can perceive, decide, and act autonomously — are beginning to transact. They are paying for APIs, settling invoices, executing DeFi strategies, managing DAO treasuries, and interacting with financial infrastructure in ways that traditional systems were never designed to handle. McKinsey estimates AI agents could mediate $3-5 trillion in global commerce by 2030 ↗. Today, 68% of new DeFi protocols launched in Q1 2026 already include at least one autonomous AI agent.

Every one of those agents initiates transactions without human approval. Furthermore, every one of those transactions is a trust decision — a question of whether the agent on the other side of the interaction is controlled by a legitimate operator, or by someone whose on-chain history includes rug pulls, honeypot tokens, mixer exposure, and Sybil farming at scale. Until today, no infrastructure existed to answer that question. ChainAware’s Agent Trust Score is that infrastructure.

Read the launch announcement: ChainAware Launches Agent Trust Score — Official Announcement →

Table of Contents

  1. The Agentic Commerce Era: Why Trust Is the Missing Layer
  2. The Agentic Commerce Trust Stack: Where Agent Trust Score Fits
  3. CB Insights Validation: ChainAware in the AI Fraud Prevention Market Map
  4. What ERC-8004 Gives You — and What It Doesn’t
  5. State of the ERC-8004 Registry: Trust Analysis of 274,792 Agents
  6. The Five Signals Only ChainAware Provides
  7. The Data Moat: Why This Cannot Be Replicated
  8. How the Agent Trust Score Works
  9. Score Tiers: What Each One Means
  10. The Compounding Risk of Unscreened Agent Access
  11. Integration Guide for DeFi Protocol Builders
  12. Guide for Agent Creators: How Your Score Is Determined
  13. How Agent Trust Score Compares to Other Platforms
  14. Frequently Asked Questions

FREE — NO SIGNUP REQUIRED

Score Any ERC-8004 Agent Instantly

Paste any agent ID, owner address, or agent wallet. Get the full Agent Trust Score — owner fraud probability, feeder analysis, rug pull history, and farm detection — in seconds. No API key required for public indexed agents.

Try Agent Trust Score Free ↗   Read the Methodology ↗

The Agentic Commerce Era: Why Trust Is the Missing Layer

Agentic commerce is not a future scenario — it is happening now, across every DeFi protocol that accepts agent-initiated transactions. Consequently, DeFi protocol builders face an immediate and urgent problem: how do you trust an agent you have never met, whose controlling wallet was created last week, whose funding source you cannot trace, and whose operator may have a history of financial fraud under a different wallet identity?

The scale of the shift is concrete. Morgan Stanley projects that nearly half of all online shoppers will use AI shopping agents by 2030 ↗, accounting for approximately 25% of their total spending. In Web3 specifically, the transition is even faster — agents are moving from advisory roles (suggesting trades) to execution roles (completing them). The distinction between advice and execution is the distinction between a bad recommendation and an empty wallet.

Three converging forces are accelerating this shift in Web3. First, ERC-8004 ↗ went live on Ethereum mainnet in January 2026, giving AI agents a standardized on-chain identity for the first time. Second, x402 — the open payment protocol championed by Coinbase, Google Cloud, and Circle — provides agents with stablecoin-native payment rails, enabling micropayments without human login flows. Third, trust infrastructure has lagged behind. As Google Cloud’s Global Head of Strategy for Web3 stated at Consensus 2026: “The biggest friction points center on the fact that most products are still built for humans, not agents.” Agent Trust Score is ChainAware’s response to that friction at the trust layer specifically.

For a deep dive into the commercial context, see our article on why the first step in agentic commerce is trust, not integration.

The Know Your Agent (KYA) Imperative

Know Your Agent — KYA — is emerging as the agent-layer equivalent of KYC. Unlike KYC, however, KYA for Web3 is necessarily on-chain behavioral rather than documentary. There are no passports in DeFi. Instead, there is transaction history — permanent, public, immutable, and available for scoring without touching any personal data. KYA answers the same fundamental question KYC does — who is this entity, should I trust them? — using behavioral pattern analysis across 20M+ wallet personas trained on confirmed fraud and legitimate address populations.

The regulatory tailwind is real. The EU AI Act ↗, which takes full effect in August 2026, creates documentation and risk assessment requirements for high-risk AI systems. Autonomous agents with financial execution permissions are a clear candidate for high-risk classification. Protocols operating in EU-regulated markets need demonstrable risk controls for agent interactions — Agent Trust Score satisfies that requirement without adding friction for legitimate agents.

The Agentic Commerce Trust Stack: Where Agent Trust Score Fits

The agentic economy has built four of its five required infrastructure layers. The fifth — trust — launched today. Understanding where Agent Trust Score sits in the full stack clarifies both what it does and why no existing protocol addresses the same problem.

LayerWhat It SolvesWho Provides It
Layer 1 — IdentityWho is this agent? What is its on-chain address?ERC-8004 Identity Registry
Layer 2 — PaymentHow does the agent pay for services and settle transactions?x402 (Coinbase, Google, Circle) / MPP (Stripe/Tempo)
Layer 3 — DisputesWhat happens when an agent delivers work and a counterparty disputes?ERC-8183 on-chain dispute resolution
Layer 4 — TrustShould I interact with this agent? Who controls it? What have they done?ChainAware Agent Trust Score ← NEW

This framework — which we call the Agentic Commerce Trust Stack — maps the four distinct problems any agentic commerce protocol must solve before autonomous transactions can happen safely. Each layer answers a different question. Moreover, each layer requires different infrastructure. x402 handles payment rails. ERC-8183 handles disputes after transactions complete. ERC-8004 handles identity registration. Agent Trust Score handles the question that must be answered before any interaction begins: is this agent controlled by someone whose on-chain history warrants the trust implied by autonomous execution?

The stack is not theoretical. Mastercard completed Europe’s first live AI-agent bank payment in 2026. Visa launched an agent-focused payment framework. TON Foundation launched Agentic Wallets in April 2026, allowing AI agents on Telegram to autonomously store and spend funds within user-defined limits. The payment rails are live. The dispute layer is being built. The identity layer has 274,792 registered agents. The trust layer — until today — was the missing piece.

CB Insights Validation: ChainAware in the AI Fraud Prevention Market Map

Context matters for a product launch in a nascent category. ChainAware’s inclusion in the CB Insights AI Fraud Prevention Market Map ↗ provides that context clearly. CB Insights mapped 200+ of the most promising companies building AI-powered fraud prevention infrastructure, from deepfake detection to on-chain intelligence and — their exact words — “agentic trust infrastructure.” ChainAware appears in the On-Chain Intelligence category alongside Chainalysis, Elliptic, and TRM Labs.

The CB Insights placement is significant for three reasons. First, it validates the methodology — CB Insights uses Mosaic scores and predictive signals, not self-reported data, to select companies. Second, it identifies “agentic trust infrastructure” as a standalone market segment within fraud prevention — confirming that Agent Trust Score addresses a recognized institutional need, not a speculative niche. Third, it positions ChainAware as the Web3-native player in a category otherwise dominated by forensic analytics firms whose methodology is reactive rather than predictive.

For the full analysis of what the CB Insights placement means for ChainAware’s market position, see our CB Insights market map coverage article. For the competitive landscape of agent trust platforms specifically, see our Agent Trust Infrastructure Race analysis comparing six platforms across 19 capabilities.

DEFI PROTOCOL BUILDERS

See Agent Trust Score in Your Protocol Architecture

Our team will walk through your specific integration, score a sample of agents already interacting with your protocol, and show you exactly which trust signals your current stack leaves uncovered. No commitment required.

Book a Demo ↗   AI Agent Trust Use Case ↗

What ERC-8004 Gives You — and What It Doesn’t

ERC-8004 is a well-designed standard that solves a specific problem: giving AI agents a standardized, verifiable on-chain identity. Every registered agent receives an ERC-721 NFT representing its identity, a controlling owner wallet, an agent payment wallet, and a URI pointing to its agent card JSON. The registry answers the question “does this agent exist?” cleanly and cryptographically.

The standard does not answer the question “should I trust this agent?” — and the specification explicitly leaves scoring to third parties. This design choice is correct architecturally: the registry should be a neutral data layer, not an opinion engine. However, it means that every protocol integrating ERC-8004 agents is responsible for answering the trust question independently. Most currently do not — they query the registry to confirm the agent exists and proceed. Agent Trust Score is what fills the gap between “agent exists” and “agent is safe to interact with autonomously.”

The Voting-Based Reputation Problem

ERC-8004 also includes a built-in Reputation Registry — a standard interface for peer feedback. On paper, this sounds like a trust mechanism. In practice, it is a manufactured-trust system waiting to be exploited. An operator deploying 50 agent wallets can have each one review every other, generating a full positive reputation history in hours at a cost measured in gas fees. On BSC or Base, that cost is less than a dollar. The result is indistinguishable from genuine reputation on any platform that reads the registry naively.

ChainAware does not read the ERC-8004 Reputation Registry to compute the Agent Trust Score. Instead, we look behind the agent at the behavioral history of the wallets controlling it and funding its controller. That history is immutable — it cannot be manufactured overnight. An operator who rugged three liquidity pools in Q4 2025 and registered 47 agents in Q1 2026 carries that history forward regardless of how many peer reviews the new agents accumulate. For a detailed analysis of why voting-based reputation fails at scale, see our guide to Web3 Wallet Auditing Providers in 2026.

State of the ERC-8004 Registry: First Ever Trust Analysis of 274,792 Agents

ChainAware has indexed the complete ERC-8004 registry — 274,792 agents across Ethereum mainnet, BSC, Base, and Avalanche — and applied the Agent Trust Score to produce the first comprehensive behavioral trust analysis of the agentic economy. The results reveal a striking picture that should concern any DeFi protocol granting autonomous execution access to registry agents.

Trust Score Distribution

TierScore RangeAgent CountShareMeaning
Sovereign800-100057,47920.9%Verified owner, clean feeder, no criminal record
Trusted600-79934,88412.7%Strong owner, feeder available and clean
Provisional400-59940,11414.6%Mixed signals — proceed with monitoring
Elevated Risk200-39970,79025.8%Weak history, obfuscated feeder, or fleet signals
Untrusted0-19971,52526.0%Fraud signals, criminal record, or farm confirmed

The headline finding is stark: more than half of all ERC-8004 registered agents — 51.8% — carry Elevated Risk or Untrusted scores. This is not a marginal tail of bad actors. It is the majority of the registry. Protocols granting autonomous execution access to unscreened ERC-8004 agents are, statistically, granting that access to a population where more than half present material trust risk.

Flag Analysis: What Is Driving Low Scores

  • FARM_DETECTED: 58,061 agents (21.1%) — one in five agents belongs to a Sybil fleet where a single operator controls multiple agents
  • FEEDER_UNKNOWN: 26,124 agents (9.5%) — nearly 1 in 10 agents has an owner wallet with an obfuscated or untraceable funding source
  • EIP7702_DELEGATED: 20,946 agents (7.6%) — the registered owner has delegated control to a secondary address, potentially obscuring the real controller
  • FEEDER_CEX_VERIFIED: 2,691 agents (1.0%) — confirmed CEX-funded owners, the strongest legitimacy signal available
  • FEEDER_RUG_HISTORY: 741 agents (0.3%) — agents whose owner wallet was funded by a confirmed rug pull operator
  • CREATOR_RUG_HISTORY: 59 agents (0.02%) — agents controlled directly by confirmed rug pull creators
  • CREATOR_HONEYPOT_HISTORY: 3 agents — agents whose owner has previously created honeypot token contracts

The farm detection finding deserves particular attention. 58,061 agents — 21.1% of the entire registry — are controlled by fleet operators running multiple agents simultaneously, frequently registered in the same block. Individual agent scoring is structurally blind to this pattern. ChainAware detects it because we maintain an owner profile database tracking fleet size across all indexed chains — a capability that requires the full registry index, not just individual agent lookups.

For the full competitive context of how these signals compare to what RNWY, SkyeProfile, AXIS T-Score, and DJD Agent Score provide, see our Agent Trust Infrastructure Race analysis.

The Five Signals Only ChainAware Provides

Agent Trust Score combines signals that no other agent trust platform currently provides. Each one addresses a specific threat model that the other approaches structurally cannot reach. We intentionally do not publish the exact weights, thresholds, or model coefficients behind these signals — doing so would allow bad actors to calibrate their behavior to stay just below each detection threshold. What we do publish are the signal categories and what each one means for your trust decision.

Signal 1: Owner Wallet Behavioral Fraud Score

The owner wallet is the human or entity controlling the agent. ChainAware scores it using a predictive AI model trained on 20M+ wallet personas across Ethereum, BSC, Base, and beyond — achieving 98% fraud detection accuracy. This is not a blacklist check. Rather, it is a forward-looking behavioral prediction: given this wallet’s complete transaction history, what is the probability it will engage in fraudulent activity? The model retrains continuously on new confirmed fraud cases, meaning evasion strategies become stale quickly.

The fraud score is the primary input to the Agent Trust Score — a clean wallet starts at a high baseline, while a fraud-flagged wallet scores low regardless of any other signal. For the full methodology behind the fraud prediction model, see our AI-Powered Blockchain Analysis guide.

Signal 2: Feeder Address Analysis

The feeder address is the wallet that funded the owner. No other agent trust platform traces and scores this signal. ChainAware traces feeder addresses for approximately 38% of indexed agents. The feeder signal has three variants that carry different trust implications. A CEX-verified feeder (Binance, Coinbase, Kraken, OKX withdrawal address) implies the owner passed KYC somewhere upstream — ChainAware’s strongest positive signal. An unknown or obfuscated feeder is itself a risk signal. A feeder with confirmed fraud status applies hard suppression to the final score.

When the feeder address has rug pull or honeypot history in ChainAware’s database, the owner may have deliberately cycled wallets to obscure a fraud track record — the feeder criminal record check is what catches this pattern. For more on how feeder analysis works in practice, see our Forensic vs AI Blockchain Analysis guide.

Signal 3: Criminal Record — Rug Pull and Honeypot History

ChainAware maintains a database built from on-chain liquidity pair history and token audit data spanning over a year of activity. This database records which wallet addresses created pools that subsequently exhibited rug pull patterns, and which wallet addresses previously deployed honeypot token contracts. Before computing the Agent Trust Score, ChainAware cross-references both the owner wallet and the feeder address against this database.

Criminal record signals result in hard caps on the Agent Trust Score that no other signal can override. This is the signal that connects yesterday’s token fraud to today’s agent deployment. An operator who rugged pools on PancakeSwap in Q4 2025 and registered 40 agents in Q1 2026 is caught by this check. No other agent trust platform makes that connection because no other platform maintains a paired rug pull database and cross-references it against agent registry data. For background on how rug pull and honeypot patterns are detected, see our guide to Rug Pull vs Pump and Dump in Web3.

Signal 4: Trust Delegation

Agent payment wallets are frequently fresh addresses created specifically for the agent — they have no transaction history, no counterparty network, and no behavioral record. A naive scoring approach penalises every newly deployed agent regardless of the owner’s reputation, producing low scores for legitimate agents and making the score useless as a gate for new deployments.

ChainAware’s trust delegation mechanism solves this: the owner wallet’s reputation sets a floor for the agent wallet’s effective score. A reputable developer deploying their first agent wallet scores well through delegation. A fraud-flagged owner cannot delegate any meaningful trust — the delegation collapses, and the agent score reflects the owner’s history rather than the wallet’s lack of it.

Signal 5: Fleet-Level Farm Detection

Every competitor in this market scores agents individually. ChainAware maintains an owner profile database tracking agent fleet size across all indexed chains. Owners controlling unusually large numbers of agents — particularly those registered in tight time windows — receive farm modifiers that suppress scores across their entire fleet, regardless of how any individual agent scores in isolation.

This fleet-level view catches the specific agentic commerce attack pattern that individual scoring cannot surface: one operator manufacturing ecosystem depth through a controlled population of agents, each of which appears clean when scored independently. Our data shows 58,061 agents — 21.1% of the entire ERC-8004 registry — are already in this category today.

FREE TOOL

Check Any Agent Across All Five Signals — Free

Paste any ERC-8004 agent ID, owner address, or agent wallet. ChainAware returns the full score, tier, and flag set in under 100ms. The same engine that identified 58,061 farm-detected agents and 741 feeder-rug-history agents in the live registry.

Try Free Now ↗   Full Methodology ↗

The Data Moat: Why This Cannot Be Replicated

Agent Trust Score is built on three proprietary data assets accumulated over years of continuous operation. A competitor starting today cannot purchase these assets, compress the time required to build them, or replicate them from publicly available sources alone. Each one compounds in value as it grows — making ChainAware’s intelligence advantage wider over time, not narrower.

20M+ Wallet Personas: Years of Behavioral Training Data

ChainAware’s fraud prediction model is trained on more than 20 million wallet personas across 8 blockchains. Each persona represents a complete behavioral fingerprint — transaction history, timing patterns, counterparty networks, protocol diversity, AML exposure, and dozens of derived features. Building this dataset required years of continuous on-chain data collection, labeling of confirmed fraud cases, and iterative model retraining against real-world fraud outcomes. The result is 98% fraud detection accuracy on held-out test data.

This persona depth cannot be replicated quickly. A new entrant would need years of historical blockchain data, a confirmed fraud label dataset from real fraud cases, and the engineering infrastructure to process and update 20 million behavioral profiles continuously. Furthermore, the model improves as the dataset grows — each new confirmed fraud case sharpens the prediction boundary. ChainAware’s advantage in this dimension compounds daily.

One Year of On-Chain Pair History: The Criminal Record Database

The rug pull and honeypot criminal record check that powers Agent Trust Score’s hardest caps requires a database of historical liquidity pair creation and token audit results — accumulated over more than a year of continuous on-chain monitoring. ChainAware has tracked pair creation across PancakeSwap, Uniswap, and other major DEX venues, cross-referencing creator wallet addresses against confirmed fraud outcomes: pools where liquidity was removed in rug pull patterns, and token contracts that embedded honeypot mechanics preventing buyers from selling.

This database is what catches the serial fraudster who registers new agents after previous fraud campaigns. It connects the rug puller of November 2025 to the agent creator of February 2026 — a connection that exists only if you have the historical data linking both events to the same wallet address. No competitor in the agent trust scoring market currently maintains this database. Furthermore, building it retroactively is impossible: the historical pair data exists on-chain, but the labeling of fraud outcomes requires the passage of time to observe liquidity removal patterns after the fact. For the data behind this detection engine, see our Rug Pull Tracker report and our AI-Based Predictive Fraud Detection guide.

38% Feeder Coverage: The Funding Chain Network

ChainAware traces feeder addresses — the wallets that funded owner wallets — for approximately 38% of indexed ERC-8004 agents. This coverage reflects the on-chain reality: some owner wallets receive funds from multiple sources, some from bridge or faucet infrastructure that does not produce a single attributable feeder, and some from deliberately obfuscated multi-hop paths. The 38% with traceable single-hop feeders represents the population where the funding chain reveals meaningful intelligence.

Feeder coverage is itself a compounding asset. As ChainAware indexes more agents and more wallet interactions over time, the feeder network graph grows denser — revealing connections between previously unlinked wallet clusters. An operator who cycled through three funding wallets across different campaigns may appear disconnected today but becomes linkable as the transaction graph accumulates more data points. Additionally, the CEX label database — identifying which addresses are verified exchange hot wallets — improves as exchange infrastructure evolves and new verified addresses are confirmed. The feeder signal is the one no competitor has reached because building it requires both the feeder tracing infrastructure and the fraud intelligence to score what you find at the other end of the funding chain.

Why the Moat Compounds

Each of these three data assets improves as it grows larger and older. More wallet personas means better fraud prediction boundary precision. More pair history means more confirmed criminal records attached to operator wallets. More feeder coverage means more fraud connections surfaced across the registry. A competitor starting today with identical engineering resources would still need years to catch up — and by the time they did, ChainAware’s assets would be proportionally larger still. This is the definition of a compounding data moat: the advantage is not a snapshot, it is a trajectory.

How the Agent Trust Score Works

The Agent Trust Score uses a multi-layer pipeline that combines owner fraud probability, trust delegation, feeder analysis, farm detection, and criminal record hard caps into a single 0-1000 score. Each layer applies a specific transformation before passing the result to the next.

We intentionally do not publish the exact weights, thresholds, or multipliers used in each layer. Publishing precise thresholds would allow bad actors to calibrate their behavior to stay just below each detection cap — which would directly undermine the system’s ability to catch sophisticated fraud. Our scoring model retrains continuously on new confirmed fraud patterns. What works as evasion today becomes detectable tomorrow as the model updates.

What we do publish is what each layer measures and why it matters:

  • Owner fraud probability — the primary driver of the base score. A clean owner wallet starts at a high baseline. A fraud-flagged wallet scores low regardless of any other input.
  • Experience and on-chain history — a modest bonus for owners with genuine DeFi activity over time. Experience adds to the score but cannot compensate for high fraud probability.
  • Trust delegation — lifts a fresh agent wallet when the owner has strong history. Collapses when the owner is fraud-flagged.
  • Feeder modifier — adjusts the score based on who funded the owner. CEX-verified feeders boost the score. Unknown or fraud feeders suppress it.
  • Farm modifier — suppresses scores across an entire fleet when the owner controls an unusually large number of agents or registers them in bulk.
  • Criminal record hard caps — override all other signals when confirmed rug pull or honeypot history is found. These caps are absolute and cannot be offset by positive signals elsewhere.

The result is a score between 0 and 1000. The full methodology overview — covering signal categories without exposing exact parameters — is available at chainaware.ai/learn/agent-trust-score.

Score Tiers: What Each One Means for Protocol Builders

The Agent Trust Score maps to five tiers on the 0-1000 scale. Each tier carries a specific operational recommendation for DeFi protocol builders. The right threshold for your protocol depends on the risk profile of the transactions involved — a high-value lending protocol and a low-value DEX swap use different thresholds against the same score.

Sovereign (800-1000) — Full Autonomous Access

Sovereign agents have strong owner fraud probability, a clean or CEX-verified feeder address, no criminal record signals, and no farm detection flags. Sovereign is appropriate for high-value autonomous operations: large-value lending, treasury management, and governance participation with financial consequences. Protocols can grant Sovereign agents the same execution permissions they would grant to established protocol participants.

Trusted (600-799) — Standard Integration

Trusted agents have strong owner fraud probability, a generally clean feeder, and no hard-cap signals. Trusted is appropriate for standard DeFi integrations — trading agents, yield optimisers, and automated compliance workflows where individual transaction risk is moderate and human monitoring is available as a backstop.

Provisional (400-599) — Monitoring Required

Provisional agents show mixed signals: moderate fraud probability, unknown feeder, or a fresh payment wallet. Provisional agents should not receive unsupervised autonomous execution access for high-value operations. However, they are appropriate for lower-risk automated workflows with active monitoring — read-only queries, low-value token swaps, or agentic onboarding flows where individual transaction size is capped.

Elevated Risk (200-399) — Restricted Access Only

Elevated Risk agents carry weak owner history, obfuscated feeders, or farm detection signals. These agents should not be permitted autonomous financial execution. If your protocol needs to serve Elevated Risk agents — for example in a permissionless DEX context — transaction size limits, velocity caps, and real-time monitoring should all be active simultaneously.

Untrusted (0-199) — Block

Untrusted agents carry active fraud signals, confirmed rug pull or honeypot history, confirmed farm detection, sanctioned address exposure, or repeat offender status. These agents should be blocked at the access control layer before any transaction reaches the execution layer. The score is not borderline — it reflects definitive fraud signals from immutable on-chain history. For context on the types of on-chain fraud that produce Untrusted scores, see our AI-Based Predictive Fraud Detection guide.

The Compounding Risk of Unscreened Agent Access

Human-initiated fraud and agent-initiated fraud differ in one fundamental operational characteristic: velocity. A fraudulent human interacting with your protocol manually can execute perhaps dozens of interactions before detection. A fraudulent agent operating autonomously executes thousands of interactions in the same period — at machine speed, without sleep, without rate-limit awareness unless you specifically implement it, and with the full behavioral sophistication of the AI model powering it.

Therefore, the cost of a single misidentified agent is not comparable to the cost of a single misidentified human user. The exposure scales with the agent’s operational capacity. A lending protocol that grants a fraudulent agent autonomous execution access for six hours faces losses that scale with protocol TVL and agent transaction rate. Traditional fraud detection tools are particularly poorly suited to this environment. Rule-based systems flag agent behavior as suspicious because agents naturally exhibit the patterns those rules target: high velocity, cross-category activity, unusual timing distributions. Consequently, you end up blocking legitimate agents while missing sophisticated fraudulent ones engineered to mimic human behavioral patterns.

The Farm Attack at Scale

Agent farming is a specific attack pattern that compounds differently from individual fraud. Consider the operational math: one operator registers a large fleet of agents across BSC and Base, each appearing clean individually. Each agent interacts with your protocol at modest frequency. Collectively, that generates thousands of agent interactions per day from a single coordinated operator. Furthermore, because each agent appears to be an independent participant, your protocol’s per-user rate limits and monitoring thresholds are never triggered on any single agent. Across a week, you may process tens of thousands of transactions from what is effectively a single fraud operation — without any individual agent exceeding your anomaly detection thresholds.

ChainAware’s fleet-level farm detection catches this pattern before the first transaction. When agents from the same owner wallet query the Agent Trust Score API, they return FARM_DETECTED — regardless of how clean any individual agent appears. The trust decision happens at the fleet level, not the individual agent level, because the fraud pattern exists at the fleet level. Our data shows 58,061 agents — 21.1% of the entire ERC-8004 registry — already carry the FARM_DETECTED flag. For the broader context of how predictive models compare to forensic analytics for this class of threat, see our Forensic vs AI analysis guide.

The Serial Fraudster Rotation Pattern

A second compounding risk pattern is the serial fraudster who rotates wallet identities between campaigns. The typical sequence: Wallet A runs a rug pull campaign, extracts funds, and becomes known to forensic databases. Wallet B is then created fresh, funded from Wallet A — the feeder relationship recorded immutably on-chain — and used to register new agents on ERC-8004. Every platform that scores only the agent or the current owner wallet sees a clean Wallet B. ChainAware traces the feeder and scores Wallet A, which carries the rug pull history. Wallet B’s agents receive suppressed scores regardless of how clean Wallet B’s own transaction history appears.

The data confirms this pattern is live in the current registry: 741 agents carry the FEEDER_RUG_HISTORY flag, meaning their owner wallet was funded by a confirmed rug pull operator. These 741 agents appear completely clean to any platform that does not trace the feeder chain. They represent confirmed serial fraudsters using fresh wallets to continue operations under new identities. For the macro picture of rug pull losses, see our Rug Pull Tracker report.

Integration Guide for DeFi Protocol Builders

Adding Agent Trust Score to a DeFi protocol requires one additional step between the ERC-8004 registry lookup and transaction execution. That step takes under 100ms and returns a structured output the protocol’s access control layer can act on directly.

The Trust-Aware Integration Pattern

Agent initiates transaction
  ↓
Resolve agent_id → owner_address + agent_wallet (ERC-8004 registry)
  ↓
GET /erc8004/agent/{chain_id}/{agent_id}/trust-score
  ↓
Response:
{
  "agent_trust_score": 882,
  "tier": "Sovereign",
  "flags": ["FEEDER_CEX_VERIFIED"],
  "scored_at": "2026-07-12T09:14:00Z"
}
  ↓
score ≥ protocol_threshold → execute
score < protocol_threshold → reject or route to human review

The threshold is your decision. Different use cases warrant different risk tolerances:

Protocol TypeRecommended Minimum TierScore Range
High-value DeFi lendingTrusted600+
Automated market makerProvisional400+
Governance participationProvisional400+
Airdrop eligibilityTrusted600+
High-frequency trading agentSovereign800+

MCP Integration

Agent Trust Score integrates natively with ChainAware’s Prediction MCP server. Any Claude-based DeFi agent can call agent trust scoring as a native tool call without custom API integration code. For teams building on the MCP stack, our library of 32 ready-made agents includes agent verification logic that can be cloned and deployed in under 30 minutes. For DeFi credit scoring alongside agent trust verification, see our DeFi Credit Score Platform Comparison.

Latency and Rate Limits

Agent Trust Score returns results in under 100ms for pre-indexed agents. ChainAware pre-indexes the full ERC-8004 registry continuously, so the vast majority of queries return cached scores without a live computation cycle. Enterprise plans include dedicated rate limits, SLA guarantees, webhook notifications for score changes, and a dedicated integration engineer. Free tier covers the first 1,000 queries per month with no API key required for public indexed agents. For the AML and MiCA compliance context, see our DeFi Compliance and KYT/AML guide.

FOR DEFI PROTOCOL BUILDERS

Add Agent Trust Scoring to Your Protocol in One API Call

ChainAware’s Agent Trust Score API returns a 0-1000 score, tier, and flag set for any ERC-8004 agent across Ethereum, BSC, Base, and Avalanche. Sub-100ms latency. Enterprise plans include SLA, dedicated rate limits, webhooks, and integration support.

Try Free ↗   Book Integration Demo ↗

Guide for Agent Creators: How Your Score Is Determined

If you are deploying ERC-8004 agents, understanding how your agents are scored enables you to optimize for legitimate trust signals. The score reflects real behavioral history — it cannot be manufactured, but it can be legitimately improved over time through genuine on-chain activity.

What Improves Your Score

The primary lever is your owner wallet’s fraud probability — keeping it low requires genuine, diverse on-chain activity over time. Specifically, interacting with a range of DeFi protocols (lending, trading, staking, bridging) across multiple months produces a behavioral profile that scores well. Additionally, using a CEX withdrawal as your owner wallet’s funding source (Binance, Coinbase, Kraken) immediately flags your agent as FEEDER_CEX_VERIFIED and applies the maximum feeder boost. Furthermore, deploying agents with consistent patterns over time rather than in bulk avoids farm detection signals.

What Permanently Caps Your Score

Criminal record signals are immutable. A confirmed rug pull or honeypot in your on-chain history permanently caps your agents — regardless of how clean your current behavior is. These caps exist because the on-chain events that trigger them are permanent. A wallet that drained a liquidity pool cannot remove that event from the blockchain. Consequently, there is no path to a high Agent Trust Score for operators with confirmed fraud history. For context on how rug pull and honeypot patterns are detected, see our Rug Pull Detector learn page.

How Agent Trust Score Compares to Other Platforms

Agent trust scoring is a new market with several emerging approaches. Each platform answers a different question about the same agent. Understanding the distinction matters for protocol builders choosing a trust gating system — selecting the wrong approach means the specific fraud pattern you face is precisely the one your chosen platform cannot detect.

CapabilityRNWYSkyeProfileAXIS T-ScoreDJDChainAware
Core questionAre reviews genuine?What does the wallet hold?Does the agent perform tasks well?What is the wallet history?Who controls this agent and what have they done?
Owner wallet scoredInformational onlyPartial✓ Core input
Feeder address traced✓ Unique
Rug pull history✓ 1-year pair DB
Predictive fraud model✓ 20M+ personas, 98% accuracy
Fleet farm detectionReviewer sybil only✓ Owner fleet database
Chain coverage12 chains33 chainsOff-chainBase onlyETH, BSC, Base, AVAX

RNWY is the most established competitor and provides strong review quality analysis and sybil detection. However, their core methodology solves fake reviews — not fake owners. ChainAware solves fake owners. These are complementary approaches: DeFi protocols can use both simultaneously, with RNWY for reputation display and ChainAware as the fraud intelligence gate before execution. For the full 19-capability comparison across all six platforms, see our Agent Trust Infrastructure Race.

Frequently Asked Questions

Which chains does Agent Trust Score cover?

Agent Trust Score indexes ERC-8004 agents across Ethereum mainnet, BSC (BNB Chain), Base, and Avalanche C-Chain, with Mantle in progress. The owner wallet and feeder scoring draws on ChainAware’s broader behavioral intelligence database, which covers 8 blockchains including Polygon, TON, TRON, and HAQQ. Chain coverage expands continuously as new ERC-8004 registry deployments go live.

Does it require any personal data or KYC?

No. Agent Trust Score is derived entirely from public on-chain data. No personal information is collected, no identity verification is required, and no data is stored beyond what is already publicly available on the blockchain. The product is compatible with DeFi’s privacy-first ethos and compliant with GDPR by design.

Can an agent improve its score over time?

Yes — through the owner wallet’s behavioral history, not through the agent wallet itself. As the owner wallet accumulates genuine on-chain experience and maintains a clean fraud probability score, the Agent Trust Score improves. However, criminal record signals are permanent — they do not improve over time because the underlying on-chain events are immutable.

Why don’t you publish the exact scoring weights?

Publishing exact thresholds and weights would allow bad actors to calibrate their behavior to stay just below each detection cap. This is the same reason credit scoring agencies (FICO, Experian) publish the signal categories they use — payment history, credit utilization, account age — without publishing the precise weights. Our fraud model retrains continuously, so even partial knowledge of current parameters becomes stale quickly. The signal categories are published at chainaware.ai/learn/agent-trust-score. The exact parameters remain proprietary.

What happens when an agent is transferred to a new owner?

ERC-8004 agents are ERC-721 NFTs and can be transferred between wallets. When ChainAware detects an ownership transfer, the Agent Trust Score recalculates using the new owner wallet’s behavioral history. The score tracks the current controlling entity, not the original registrant. An agent cannot inherit a previous owner’s strong score after transfer.

How does EIP-7702 delegation affect the score?

When EIP-7702 delegation is detected, ChainAware scores both the registered owner and the delegate address. The Agent Trust Score takes the less favorable of the two results. Agents with EIP-7702 delegation are flagged explicitly in the API response as EIP7702_DELEGATED, giving protocol builders the option to apply additional scrutiny regardless of the final numerical score. Currently 7.6% of indexed agents — 20,946 agents — use EIP-7702 delegation.

How is Agent Trust Score different from Wallet Reputation Score?

Both use the same 0-1000 scale, making them directly comparable. However, Agent Trust Score applies the scoring to multiple addresses simultaneously — owner wallet, agent wallet, and feeder address — and combines them using trust delegation logic and fleet-level farm detection signals that do not exist in the standalone Wallet Reputation Score. Additionally, Agent Trust Score cross-references the criminal record database for rug pull and honeypot history. For the Wallet Reputation Score methodology, see our Wallet Auditor learn page.

What is the free tier?

The free tier covers 1,000 queries per month for indexed public agents on Ethereum, BSC, Base, and Avalanche. No API key required to start — simply query beta.chainaware.ai/agent-trust-score with any agent ID, owner address, or agent wallet. Enterprise plans with higher rate limits, SLA, webhooks, and dedicated integration support are available via chainaware.ai/schedule.

READY TO INTEGRATE?

Add Agent Trust Score to Your DeFi Protocol

Start free — no signup required for the first 1,000 queries. Enterprise plans include dedicated rate limits, SLA guarantees, webhook notifications for score changes, and a dedicated integration engineer.

Book a Demo ↗   Try Free Now ↗

Further Reading


ChainAware.ai is the Web3 Agentic Growth Infrastructure — behavioral intelligence for DeFi protocols, AI agents, and individual crypto users. 20M+ wallet personas, 98% fraud detection accuracy, <100ms API latency across 8 blockchains. Named in CB Insights’ AI Fraud Prevention Market Map in the On-Chain Intelligence category. chainaware.ai