AI Agent Trust & Verification¶
A New Attack Surface Nobody Is Watching¶
AI agents are no longer experimental. They manage DAO treasuries, execute DeFi strategies, run liquidity positions, process token distributions, and interact with smart contracts - autonomously, at machine speed, around the clock. In agentic commerce, they now autonomously discover, compare, and execute purchases on behalf of consumers across platforms like ChatGPT, Microsoft Copilot, and Shopify - processing real transactions without a human approving each step.
The scale of what is forming is significant. McKinsey projects agentic commerce will redirect $3-5 trillion in global financial flows by 2030. Morgan Stanley forecasts that nearly half of all online shoppers will use AI shopping agents by the same date. 78% of financial institutions already expect fraud to spike as autonomous agents proliferate - yet most protocols have no agent-specific screening in place. Capital is following the thesis: Dragonfly, Haun, a16z, and ParaFi deployed over $6 billion into the agentic economy in the first five months of 2026 alone.
Regulators are moving in parallel. The EU AI Act (full effect August 2026) classifies autonomous agents with financial execution permissions as high-risk AI systems, requiring documented risk assessment, ongoing monitoring, and audit trails. Know Your Agent (KYA) is emerging as the agent-layer equivalent of KYC - the baseline verification layer before any agent touches funds.
This creates a trust problem that existing compliance and security tooling was never designed to solve.
When a human wallet interacts with your protocol, you can screen its history, check its AML status, and assess its fraud risk. But when an AI agent wallet interacts with your protocol, who is operating it? Who funded it? Has the feeder wallet been through a mixer? Is the agent operating as claimed, or has it been compromised, repurposed, or built to exploit your protocol from the start?
Agent wallets look like ordinary wallets on-chain. The difference is in the behaviour and the provenance of their funding - and both require specific analysis to surface.
The Three Trust Problems in the AI Agent Economy¶
1. Agent Wallet Impersonation¶
Any wallet can claim to be an AI agent. Fraudulent actors already deploy wallets with agent-like transaction patterns to gain access to agent-gated features, liquidity programmes, or governance rights intended for legitimate autonomous systems.
Without verification, there is no way to distinguish a trusted, well-operated agent from a maliciously crafted wallet designed to look like one.
2. Compromised Feeder Wallets¶
An AI agent is only as trustworthy as the wallet funding it. A legitimate-looking agent wallet means nothing if its feeder wallet is connected to mixers, sanctioned addresses, or prior fraud clusters. The agent may be operated cleanly - but its capital originates from a bad actor.
Traditional fraud screening applied to the agent's operational wallet misses this entirely.
3. Autonomous Pipeline Risk¶
AI agents execute transactions without human approval on each step. In agent-to-agent (A2A) commerce - where agents negotiate, purchase, and settle with other agents rather than with humans - there is no human checkpoint anywhere in the chain. A fraudulent agent operating at 100 transactions per minute can execute 36,000 protocol interactions in six hours - orders of magnitude faster than any human actor and faster than any manual monitoring can respond. A compromised or malicious agent embedded in a DeFi or agentic commerce pipeline can drain funds, manipulate prices, or launder money at a speed no human monitoring system can catch. Real-time, pre-transaction screening of every agent-initiated action is the only effective control.
4. Delegated Control via EIP-7702¶
ERC-4337 account abstraction allows nominal owners to delegate actual execution control to a secondary address. An agent wallet may appear to be controlled by a reputable owner - but the real executor is a different address with its own, unexamined history. Approximately 5% of deployed agents use this delegation pattern.
Screening the registered owner alone produces a clean result while the actual controller remains invisible. Effective agent verification must trace the full delegation chain, not just the address on the registry.
Know Your Agent: The Three Questions¶
Agent trust verification parallels KYC - applied to autonomous systems rather than human identities. Before granting any agent access to funds or execution rights, three questions need answers:
- Who controls this agent? The wallet holding the agent's ERC-721 NFT is the owner of record. The on-chain history of that controlling wallet - not the agent wallet itself - determines whether the operator is a legitimate developer or a fraud actor rotating identities between campaigns.
- Where did the capital come from? The feeder address - the wallet that funded the owner wallet - carries its own on-chain history. CEX-verified feeders are a strong positive signal. Mixer exposure or connections to confirmed fraud clusters create an irremovable risk flag regardless of how clean the agent wallet appears.
- What is the controller's criminal history? Has the owner wallet previously deployed honeypot tokens or executed rug pulls? This history is invisible when screening the agent wallet in isolation - it only surfaces when you trace back to the controlling entity.
These three questions cannot be answered by scanning the agent wallet alone.
What ChainAware Checks¶
ChainAware's AI agent verification combines three screening layers:
Agent Wallet Screening¶
The agent's operational wallet is assessed for:
- Fraud probability - does its behavioural pattern match known malicious actors?
- On-chain age and consistency - is the transaction history consistent with legitimate agent operation?
- AML status - any connections to sanctioned addresses, mixers, or darknet markets?
- Behaviour profile - is the wallet's activity coherent with its claimed purpose?
Feeder Wallet Screening¶
The wallet(s) funding the agent are assessed independently:
- Full fraud and AML screening on capital sources
- Sanctions list matching (OFAC, EU, UN)
- Mixer and tumbler exposure detection
- Connection to known fraud clusters
Agent Trust Score¶
Both assessments are combined into a single Agent Trust Score from 0 to 10:
| Score | Meaning | Recommended Action |
|---|---|---|
| 0 | Confirmed fraud | Block immediately |
| 1 | Insufficient data (new wallet) | Cannot assess - treat as unknown |
| 2-4 | Low trust | Restrict access, require review |
| 5-7 | Moderate trust | Standard interaction with monitoring |
| 8-10 | High trust | Full access, audit trail maintained |
Real-World Scenarios¶
DeFi Protocol: Allowing Agent-Managed Liquidity¶
A yield aggregator wants to allow AI agents to manage LP positions on behalf of users. Before granting elevated permissions, the protocol screens each agent's operational and feeder wallets. Agents scoring below 7 require manual review before receiving liquidity management rights.
DAO Treasury: Agent-Executed Transactions¶
A DAO uses an AI agent to execute approved treasury transactions. Before each execution, the transaction monitor screens the destination address in real time - catching cases where a compromised agent attempts to route funds to an unexpected counterparty.
Agent Marketplace: Listing Verification¶
An AI agent marketplace lists third-party agents for DeFi automation. Each agent submission is screened at listing time and re-screened monthly. Agents funded from flagged sources are removed from the marketplace automatically.
Lending Protocol: Agent Borrowers¶
Autonomous agents increasingly borrow capital for leveraged DeFi strategies. A lending protocol applies the same risk assessment to agent wallets as to human borrowers - fraud score, feeder wallet AML status, and behavioural consistency - before approving credit lines.
Agentic Commerce Platform: Know Your Agent (KYA)¶
An agentic commerce platform allows third-party AI agents to transact on behalf of consumers. Before an agent is permitted to place orders or move funds, the platform screens its owner wallet and feeder address using ChainAware's Agent Trust Score. Agents with confirmed rug pull history, farm detection flags, or unknown feeder sources are blocked before they can interact with the payment infrastructure - implementing Know Your Agent at the point of onboarding, not after a fraud incident.
Products¶
chainaware-agent-screener¶
The dedicated agent verification agent. Submit an agent wallet + feeder wallet address and receive an Agent Trust Score (0-10), per-wallet fraud verdicts, and a recommendation. Available as a Claude Code subagent in the Ready-made Agents library.
Screen this AI agent before I allow it to manage liquidity on our protocol:
Agent wallet: 0xAgent... Feeder wallet: 0xFeeder... on Ethereum
chainaware-transaction-monitor¶
Real-time transaction screening for autonomous pipelines. Every agent-initiated transaction is scored (ALLOW / FLAG / HOLD / BLOCK) before it executes - not after it settles.
Should my agent execute this transaction?
Sender: 0xAgent... Receiver: 0xDestination... on Ethereum, value: 50 ETH
chainaware-fraud-detector + chainaware-aml-scorer¶
For lower-overhead screening of agent wallets at onboarding or periodic review, these lightweight agents provide fast fraud and AML scores without the full dual-wallet analysis.
Integration¶
Via Prediction MCP (AI Agent Pipelines)¶
The most natural integration for teams already building with AI agents. Add ChainAware's MCP server to your agent's tool set and it can screen counterparties, verify other agents, and monitor its own transactions autonomously:
claude mcp add --transport sse chainaware-behavioral-prediction \
https://prediction.mcp.chainaware.ai/sse --header "X-API-Key: YOUR_KEY"
Via REST API¶
For backend pipelines that need programmatic screening of agent wallets at onboarding or before permission escalation:
GET /v1/fraud/{agent_wallet}?chain=ethereum
GET /v1/fraud/{feeder_wallet}?chain=ethereum
Both scores are combined to produce the Agent Trust Score.
Via Google Tag Manager¶
For dApp front-ends that display agent-operated vaults or strategies to end users, GTM integration surfaces agent trust scores in the UI without backend changes.
Further Reading¶
- The Agent Trust Infrastructure Race - 2026 Market Analysis - comparison of all major agent trust platforms, threat models each solves, and the five unique signals that distinguish owner-wallet fraud intelligence
- Agentic Commerce and Agent Trust Score - deep dive into the KYA framework, feeder address analysis, trust delegation, and farm detection in practice
- 12 Blockchain Capabilities Any AI Agent Can Use - how AI agents access on-chain intelligence via MCP, including trust scoring and autonomous compliance
- Prediction MCP - the open-source MCP server powering agent-to-agent verification
- Ready-made Agents: Agent Screener - drop-in Claude subagent for agent trust scoring
- Autonomous Compliance & Transaction Screening - real-time pipeline screening for agent-initiated transactions
Related: DeFi Compliance | Rug Pull Prevention | For AI Agents