ERC-8126: A New Ethereum Standard for Issuing “Security Health Reports” to AI Agents
TechFlow Selected TechFlow Selected
ERC-8126: A New Ethereum Standard for Issuing “Security Health Reports” to AI Agents
ERC-8126 enables programmable verification. Instead of relying on centralized authorities or a single verification service provider, it fosters an ecosystem of verification services through an open standard.
Navigating Web3 tides with focused insightsAuthor: Don Johnson, Co-author of ERC-8126
Compiled by: TechFlow
TechFlow Intro: AI Agents are already managing wallets, executing transactions, and deploying code—but users lack standardized methods to verify an Agent’s security. ERC-8126 aims to fill this gap. Built atop ERC-8004 identity registration, it defines a five-layer verification framework (tokens, media content, code, web endpoints, and wallets), leverages zero-knowledge proofs to protect privacy, and outputs a unified risk score ranging from 0 to 100. Don Johnson, co-author of the standard, is from the Virtuals Protocol ecosystem.
Introducing ERC-8126: The Verification Layer for AI Agents.
Specification URL: https://eips.ethereum.org/EIPS/eip-8126
Authored by Leigh Cronian and Chris Johnson, with joint contributions from Cybercentry and Virtuals Protocol.
AI Agents are rapidly becoming participants in the digital economy. They deploy code, execute transactions, manage wallets, interact with users, and increasingly collaborate with other Agents. Yet one persistent problem remains unsolved: while we have mature systems to verify people, enterprises, websites, and software, we lack a universal framework to verify AI Agents.
ERC-8126 builds upon ERC-8004’s Agent registration mechanism and introduces a standardized verification framework. AI Agents can prove their trustworthiness via independent verification service providers, while preserving privacy through zero-knowledge proofs.
The Problem: Why Should You Trust an Agent?
Users currently have very limited means to assess whether an AI Agent is trustworthy. Even seemingly simple questions often lack clear answers:
- Is this Agent running on secure infrastructure?
- Has its code been audited?
- Does it truly control the wallet it claims to control?
- Are its associated tokens legitimate?
- Is its published content authentic?
- Has it been compromised?
Existing solutions are fragmented, inconsistent, and largely reputation-based. As Agents begin managing larger sums of capital, autonomously executing more transactions, and integrating into critical systems, reputation alone becomes insufficient. The entire ecosystem requires a shared verification framework.
What Is ERC-8126?
ERC-8126 defines a standardized verification interface for AI Agents registered via ERC-8004. Rather than establishing a single authoritative verifier, it enables a competitive market of specialized verification service providers. Each provider may use its own assessment methodology, but the resulting attestations are interoperable—applications, marketplaces, wallets, and various Agent ecosystems can directly consume these results. Ultimately, this forms a portable AI Agent verification layer.
Verification service providers directly parse Agent metadata from the ERC-8004 identity registry and perform targeted verifications. Results can be transformed into privacy-preserving attestations published to the ERC-8004 verification registry, generating discoverable and verifiable signals across the ecosystem.
The Five Verification Layers
Ethereum Token Verification (ETV)
When Agent metadata includes a contract address, ETV verifies the legitimacy and security of that smart contract. Service providers confirm the contract is deployed on the intended chain and returns non-empty bytecode via eth_getCode, then check against known vulnerability patterns. An Agent may be associated with tokens, contracts, staking mechanisms, or other on-chain systems; if the contract does not exist, is misrepresented, or contains obvious vulnerabilities, users and other Agents need to know before interacting. ETV helps confirm whether the Agent has a legitimate on-chain footprint and enables users to understand the economic foundation underpinning the Agent.
Media Content Verification (MCV)
MCV verifies the authenticity, provenance, and integrity of media associated with the Agent. As Agents appear increasingly in public contexts, media becomes part of their identity: avatars, generated content, branding assets, and publicly released material all influence user trust. MCV checks for tampering, synthetic media, deepfakes, embedded metadata, digital watermarks, steganographic payloads, and digital signatures—and can integrate mature frameworks like C2PA (Content Authenticity Initiative). As AI-generated content grows increasingly realistic, verifying authenticity becomes ever more critical.
Solidity Code Verification (SCV)
When parsed metadata includes Solidity source code, SCV verifies the code’s legitimacy and security. Providers confirm correspondence between the source code and on-chain deployed bytecode and scan for common vulnerabilities such as reentrancy, unsafe external calls, and flash loan attack patterns. An Agent may operate its own smart contracts or interact with them during service delivery; binding vulnerable code directly exposes users, assets, and other Agents to risk. SCV provides the ecosystem with a standardized method to evaluate smart contract security signals at the Agent layer.
Web Application Verification (WAV)
WAV checks whether an Agent’s web endpoints are accessible and secure. Agents commonly expose web interfaces, APIs, dashboards, or other endpoints—each representing a potential attack surface. A compromised URL could phish users, distribute malicious content, or manipulate Agent behavior. WAV validates HTTPS endpoint responses, SSL certificate validity, and scans for common web security vulnerabilities—recommending adherence to mature frameworks like the OWASP Web Security Testing Guide. For many users, a website is the first point of contact with an Agent—long before checking wallets or contracts. The website is the front door, and WAV determines whether that door is secure.
Wallet Verification (WV)
WV confirms wallet ownership and evaluates the on-chain risk profile of the Agent’s wallet. Service providers analyze wallet transaction history and cross-reference threat intelligence databases to identify wallets linked to malicious activity, suspicious behavior, scams, or compromised infrastructure. An Agent’s wallet is among its most critical identity components—it may hold funds, sign messages, authorize tasks, receive payments, and interact with other Agents. A high-risk wallet implies a high-risk Agent. WV offers users and systems a standardized assessment methodology.
Privacy: Zero-Knowledge Proofs
Verification often requires access to sensitive information: source code, infrastructure details, proprietary data, operational systems, and security configurations. Organizations’ reluctance to disclose such information is entirely understandable.
ERC-8126 resolves this tension using Private Data Verification (PDV) combined with zero-knowledge proofs. Verification service providers can review sensitive information and complete analysis, then generate cryptographic proofs attesting to their conclusions without exposing underlying data. In other words, an Agent can prove it passed a security audit without revealing any confidential infrastructure or proprietary information. Verification strength increases while privacy remains intact.
Unified Risk Score: 0 to 100
Each applicable verification type returns a score from 0 to 100; the overall risk score is the average of all applicable scores. The standard defines clear risk tiers:
- Low risk: 0–20
- Moderate: 21–40
- Elevated: 41–60
- High risk: 61–80
- Critical: 81–100
This scoring model makes verification results easily interpretable: different Agents can be directly compared, risk classifications remain consistent, trust signals can directly inform decisions, and scores are interoperable across platforms. Applications may also display individual sub-scores, enabling users to pinpoint precisely where risks originate.
Quantum-Resistant Cryptography: Optional
ERC-8126 also introduces optional Quantum-Resistant Cryptographic Verification (QCV). As quantum computing advances, traditional cryptographic systems may face new security challenges in the future. QCV provides an optional framework allowing service providers to encrypt sensitive verification records using quantum-resistant schemes, ensuring long-term verification data security. It is optional today, yet reflects ERC-8126’s design philosophy: verification infrastructure must evolve alongside technological progress.
An Open Verification Market
ERC-8126 deliberately decouples verification standards from specific implementations. With no centralized authority, any service provider can implement compliant verification services.
This design fosters competition among providers, enables specialization, supports geographic flexibility, improves pricing, and encourages continuous innovation. Just as multiple certificate authorities collectively support web security, multiple verification service providers will make the Agent ecosystem healthier and more resilient.
The Missing Layer
The industry spent years building infrastructure enabling Agents to “exist.” Now it needs infrastructure enabling Agents to be “verifiable.” Identity alone is insufficient. An Agent may have a name, a wallet, and an on-chain identity—yet still operate insecurely. It may execute transactions, interact with users, and even generate revenue—all while exposing users to hidden risks. Verification must become a first-class citizen—that is ERC-8126’s role.
Standardized verification, portable attestations, privacy-preserving proofs, and transparent risk scoring collectively render “trust” itself interoperable. An Agent verified in one ecosystem can carry that trust signal into another. Markets evaluating an Agent need not repeat the entire verification process. Users need not understand every technical detail to make informed decisions.
Identity, Verification, Commerce: The Triad
The next-generation internet will not be driven solely by humans. Increasingly, autonomous software Agents will act on behalf of individuals, organizations, protocols, and other Agents. They will negotiate agreements, manage assets, purchase services, and deploy software—collaborating at scales unattainable by human organizations. Supporting this future requires three foundational infrastructure layers:
- Identity: ERC-8004 provides portable on-chain Agent registration
- Verification: ERC-8126 provides the trust layer, enabling participants to assess risk, verify authenticity, and interact confidently
- Commerce: ERC-8183 establishes standards for economic activity among Agents
Together, these three standards transform Agents from isolated software programs into participants in a shared economic network. No single company owns these layers—they belong to the entire ecosystem.
Why We’re Involved
As developers building Agent infrastructure, contributors to this standard repeatedly encountered the same gap: Agents can register identities, conduct transactions, and collaborate—but users’ most fundamental question lacks a shared answer: “Can I verify this Agent?”
That answer should not belong to any single company. Verification infrastructure only works when it is neutral, open, and independently verifiable. Thus, ERC-8126 is an open standard—not a proprietary product. Anyone can implement it; any service provider can offer verification services based on it; and any application can consume its resulting attestations.
Toward a Verifiable Agent Economy
History’s most successful digital economies were built on trust. People trust websites because of HTTPS, trust software because of code signing, and trust enterprises because of reputation systems and verification frameworks. The Agent economy needs its own verification infrastructure—not because Agents are inherently dangerous, but because trust amplifies opportunity: users who can verify Agents are more willing to interact with them; enterprises that can assess risk are more willing to deploy them; and Agents that can mutually verify each other enable entirely new forms of autonomous collaboration.
ERC-8126’s goal is straightforward: make verification programmable. Not through centralized authority or a single verification service provider—but by catalyzing a vibrant ecosystem of verification services via an open standard. Before Agents transact with the world, the world must first be able to verify them.
Next Steps
ERC-8126 is an open standard. Developers are encouraged to integrate the verification standard into their Agents: parse ERC-8004 metadata and begin publishing attestations today.
Verification service providers: Implement compliant verification services covering ETV, MCV, SCV, WAV, and WV, and publish PDV attestations powered by zero-knowledge proofs through your chosen marketplace.
Protocols, marketplaces, and wallets: Integrate ERC-8126 to display verification results and unified risk scores for each Agent.
Read the full specification: ERC-8126
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@DonJohnsonSays
