Agentic Trust Framework — Live Demo

Zero Trust for AI Agents in 60 Seconds

Watch an AI agent navigate all 5 ATF elements and earn its first promotion. Everything you see below maps to deployed, tested, open-source services.

📄 Based on CSA Agentic Trust Framework v0.1.0-draft →

Ready — click Run or step through manually

🔐 Element 1 — Identity

Agent Registration & Credential Issuance

"Who are you?"

The agent registers with a DID:web identity and receives a Verifiable Credential. Its purpose declaration, capabilities, and ownership chain are established before any access is granted.

→ Registering agent: supply-chain-optimizer-v3 DID: did:web:berlinailabs.de:agents:sco-v3 Credential: JWT-VC issued (RSA-256, exp: 2026-08-09) Purpose: "Optimize multi-tier procurement allocation" Capabilities: [read:procurement, write:orders, compute:optimization] ✓ Trust Score initialized: 0.65 (Intern level) ✓ Agent identity verified and enrolled

↗ agent-trust-verifier

👁️ Element 2 — Behavior

Execution Proof & Behavioral Tracking

"What are you doing?"

Every agent action is signed with Ed25519 and linked into a tamper-proof hash chain. Critical decisions are optionally anchored to Solana for independent verification.

→ Agent executing task: procurement_optimization_q3 PoE Record #1: Analyzing 847 supplier bids... Signature: Ed25519:8f3a...c71d (verified) Previous Hash: sha256:0000...0000 (genesis) PoE Record #2: Recommending 3 allocation changes... Hash Chain: sha256:8f3a → sha256:b2c4 (linked) Solana Anchor: tx:4vK9...mZ2p (slot: 312847291) ✓ 2 execution proofs recorded, 1 anchored on-chain

↗ pdp-protocol (Veracity Core)

🛡️ Element 3 — Data Governance

Input Validation & Output Governance

"What are you eating? What are you serving?"

All inputs pass through a sub-20ms ONNX firewall detecting prompt injection, PII, and API key leakage. Outputs are scanned for bias and compliance with EU AI Act trails.

→ ConvoGuard scanning input payload... Input tokens: 1,247 | Model: ONNX-distilbert-v4 ✓ Prompt injection: CLEAN (confidence: 0.98) ⚠ PII detected: 2 email addresses masked → [REDACTED] ✓ API key scan: CLEAN Latency: 14ms (target: <20ms) ✓ EU AI Act: Art. 11 ✓ | Art. 12 ✓ | Art. 73 ✓ ✓ Payload approved with 2 PII redactions

↗ convo-guard-ai

📊 Element 4 — Segmentation

Access Policy Enforcement

"Where can you go?"

The segmentation engine evaluates the agent's access request against policy-as-code rules. Rate limits, maturity-level gating, and A2A communication permissions are enforced in real time.

→ Access request: procurement-db/write Agent Level: Intern | Required: Junior ✗ ACCESS DENIED — maturity level insufficient Falling back to read-only access... → Access request: procurement-db/read Rate limit: 42/100 requests (window: 60s) ✓ ACCESS GRANTED — read-only, rate limited A2A: Communication with finance-agent allowed ✓

↗ agent-trust-protocol/atf

⚔️ Element 5 — Incident Response

Adversarial Testing & Circuit Breaker

"What if you go rogue?"

The agent is tested against 41 adversarial attack vectors. A circuit breaker monitors for anomalies with automatic containment on critical or high-severity incidents.

→ agent-pentest scan --agent sco-v3 Running 41 vectors across 4 categories... Prompt Injection: 11/11 defended Data Exfiltration: 10/10 defended Jailbreak: 9/10 defended (1 partial bypass) Safety Bypass: 10/10 defended Safety Score: B+ (40/41 passed) Circuit breaker: CLOSED (0 failures / 3 threshold) ✓ Agent cleared for continued operation

↗ agent-pentest

⬆

🎓 Maturity Model — Promotion

Intern → Junior — Earning Autonomy

"Can this agent be trusted with more?"

After completing all 5 elements, the agent applies for promotion. Five gates are evaluated: performance, security, business value, incident record, and governance.

→ Evaluating promotion: Intern → Junior Gate 1 — Performance: PASSED (accuracy: 94%, availability: 99.7%) Gate 2 — Security: PASSED (pentest: B+, adversarial: cleared) Gate 3 — Business Value: PASSED (ROI: +12%, owner: approved) Gate 4 — Incident Record: PASSED (0 critical, 0 high) Gate 5 — Governance: PASSED (security team ✓, risk committee ✓) ───────────────────────────────── ★ PROMOTED: Intern → Junior New capabilities: write access, reduced oversight Trust Score: 0.65 → 0.82

↗ agent-trust-protocol/atf

This Is Running Code, Not a Roadmap

12 open-source services. 100+ tests. Live on Railway. All mapped to ATF's 5 elements.

View the Reference Implementation Read the Technical Guide