Building a Trust Layer for AI Agents

How can AI agents or users trust an unknown AI agent? ERC-8004 could be a solution for trustless agents using Ethereum.

You might not know this, but AI agents have a coordination problem. Thousands of AI agents are being built across different frameworks, platforms, and organizations. They can talk to each other (sort of), but they can't trust each other. Yet.

That could change by utilizing blockchains for one of their key strengths - building consensus trustlessly. This is not just an “Ethereum nerd thing,” but a structural piece for the AI economy.

The Billion Dollar Question

The AI bubble might be slowly deflating, but regardless we know it’s going to be a big market eventually. But most of that value assumes AI agents can work together. Not just within Big Tech’s ecosystem, but across organizational boundaries, across companies, across countries.

Today, when your AI assistant needs to hire another AI service, it faces the same problem humans faced before: how do you trust a counterparty you've never met? The current solution is crude - we rely on platform intermediaries. Think App Stores or curated marketplaces like Amazon, Etsy, or eBay.

The value of AI agents isn’t in what they can do alone, but whether they can work together. ERC-8004 is a bet that trustless coordination is the missing piece.

The Foundation: Google's A2A Protocol

Earlier this year, Google did something unexpected. They took their Agent-to-Agent (A2A) protocol - developed with 50+ partners - and donated it to the Linux Foundation.

The A2A protocol provides a common language for AI agents to discover each other's capabilities, communicate, and coordinate tasks. At its core, A2A defines:

• Agent Cards: JSON documents that describe an agent's capabilities, like a resume for bots

• Communication protocols: How agents authenticate and message each other

• Task orchestration: Standard ways to request work, track progress, and handle results

Here's what an Agent Card looks like:

json

{
  "name": "Market Analysis Bot",
  "description": "Provides crypto market analysis",
  "skills": [
    {
      "skillId": "btc-analysis",
      "name": "Bitcoin Market Analysis",
      "description": "Technical and fundamental analysis of Bitcoin",
      "parameters": {
        "timeframe": "string",
        "depth": "string"
      }
    }
  ],
  "endpoint": "https://analysis-bot.ai/api",
  "authentication": "bearer-token"
}

Think of it as HTTP for AI agents. But there's a catch: A2A assumes agents operate within trusted environments, typically inside organizations. The protocol has no concept of reputation, no way to verify work quality, no mechanism for agents to build trust over time. In other words, A2A gets agents talking, but it doesn’t tell you who to trust on the other end.

What happens when an agent in Tokyo needs to hire an agent in São Paulo that it's never encountered before? How does it know the Brazilian agent won't just take payment and deliver garbage? How can it verify the agent even exists?

Enter ERC-8004: The Trust Layer

On August 13, 2025, the Ethereum community got its answer. ERC-8004 "Trustless Agents".

Quick Primer: What's an ERC?

ERC stands for "Ethereum Request for Comments" - it's how the Ethereum community proposes and debates new standards. Think of ERCs as blueprints that, if adopted, become the common standards everyone builds on. ERC-20 gave us fungible tokens (every USDC, DAI, and memecoin uses it). ERC-721 gave us NFTs. ERC-8004 might give us trustless AI coordination.

The process is deliberately open: anyone can propose an ERC, the community debates it publicly, implementations are tested in the wild, and eventually, successful standards become part of Ethereum's DNA.

The Architecture: Minimal but Sufficient

ERC-8004 doesn't try to put AI on the blockchain (that would be expensive and slow). Instead, it adds just enough blockchain infrastructure to enable trust between agents that have never met. No complex consensus mechanisms, no heavy computation on-chain, no storage of large datasets.

The system uses three lightweight registries on Ethereum:

1. Identity Registry

Every agent gets a blockchain ID tied to their domain. The registration is simple:

Identity: Who are you?

solidity

function registerAgent(
    string memory agentDomain,
    address agentAddress
) external returns (uint256 agentId) {
    // Verify msg.sender owns agentAddress
    require(msg.sender == agentAddress, "Unauthorized");
    
    // Assign incrementing ID
    agentId = nextAgentId++;
    
    // Store the mapping
    agents[agentId] = Agent({
        domain: agentDomain,
        address: agentAddress,
        registered: block.timestamp
    });
    
    emit AgentRegistered(agentId, agentDomain, agentAddress);
}

(The code example for registerAgent is simplified - production would need domain verification)

Verification happens off-chain. When you meet agent #12345 claiming to be "analysis-bot.ai", you check for their Agent Card at an URL (say https://fake-analysis-bot.ai/.well-known/agent-card.json. That card should include the agent ID, address, and signature:

json

{
  "registrations": [
    {
      "agentId": 12345,
      "agentAddress": "eip155:1:0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb7",
      "signature": "0x..." // Proves they control this address
    }
  ]
}

This creates a bidirectional link: the blockchain points to the domain, the domain points back to the blockchain. Simple.

2. Validation Registry

When an agent completes work, independent validators can verify it and post a score (0-100) on-chain. The interface is minimal:

Validation: Did you actually do the work?

solidity

event ValidationRequest(
    uint256 indexed validatorId,
    uint256 indexed serverId, 
    bytes32 dataHash
);

event ValidationResponse(
    uint256 indexed validatorId,
    uint256 indexed serverId,
    bytes32 dataHash,
    uint8 score  // 0-100
);

The dataHash is a commitment to all the data needed to verify the work - inputs, outputs, timestamps, everything. The actual data lives off-chain (IPFS, Arweave, or even centralized storage), but the hash creates an immutable reference. Pending validation requests timeout after a certain period which prevents griefing attacks.

Validators can use different trust models:

• Crypto-economic: Validators stake tokens on their assessment. Wrong answer = lose stake. This could be a single trusted party, a decentralized network like EigenLayer, or a DAO.

• Crypto-verifiable: The agent runs in a Trusted Execution Environment (TEE) like Intel SGX and provides cryptographic proof. Or uses zkTLS (a cryptographic method to prove data authenticity without revealing the data itself) to prove data came from a specific source.

• Reputation-based: Validators with strong track records have more weight. Think Chainlink oracles but for AI task verification.

3. Reputation Registry

Agents can authorize each other to leave feedback:

Reputation: Do others say you’re trustworthy?

solidity

function authorizeFeedback(
    uint256 clientAgentId,
    uint256 serverAgentId
) external {
    require(agents[serverAgentId].address == msg.sender, "Not authorized");
    
    bytes32 authId = keccak256(abi.encode(
        clientAgentId, 
        serverAgentId,
        block.timestamp
    ));
    
    emit FeedbackAuthorized(clientAgentId, serverAgentId, authId);
}

The actual feedback lives off-chain, but the authorization creates an audit trail. Client agents can't spam fake reviews - they need explicit authorization from the server agent they worked with.

Open Challenges

The current implementation faces several unresolved issues:

• Domain squatting: Anyone can claim any domain on-chain without verification. The community is debating DNS oracles vs ENS integration.

• Gas costs: Even minimal on-chain operations add up. L2 deployment is likely necessary for scale.

• Payment integration: Deliberately excluded from the spec to maintain modularity, but essential for actual agent commerce.

The ChaosChain Demo

Within 24 hours of the proposal, ChaosChain shipped the first working demo. Not a mockup, not a whitepaper - a working demo. We love to see it.

In the demo, Alice’s agent hires Bob’s validator agent to verify a Bitcoin analysis. Within minutes, a blockchain record shows Alice got high-quality work, Bob got paid, and Charlie left feedback. No human intervention required.

The Autonomous Economy

The LLM API market has exploded to $8.4 billion in 2025, more than doubling from the previous year. Anthropic alone is on track for $9B in ARR by the end of 2025, up from just $1 billion at the end of 2024. This is almost entirely B2B - humans calling APIs, humans managing payments, humans resolving disputes. Even with all the "AI agent" hype, we're still early in agent-to-agent commerce.

ERC-8004 enables something different: autonomous economic agents. Your AI assistant could:

1. Discover specialized agents for tasks it can't handle

2. Negotiate terms (price, deadline, quality standards)

3. Escrow payment in smart contracts

4. Verify work quality through validators

5. Release payment automatically

6. Build reputation over time

As the AI agents space matures, more practical and specialized agents will be built. Watch this space with a keen eye.

Current State: Building in Public

As of late August 2025, ERC-8004 is in draft status with heated debate at the Ethereum Magicians forum. The core team is taking a "building-first approach" - prioritizing feedback from teams actually implementing the standard.

ERC-8004 is deliberately minimal - it's supposed to be the TCP/IP layer, not the full application stack. Teams are already building on top:

• ChaosChain: Building production-ready infrastructure and tooling

• EigenLayer: Exploring integration with their AVS framework for validation

• Virtuals Protocol: Considering ERC-8004 for their AI agent NFTs

• Several stealth startups: Building agent marketplaces and orchestration platforms

The standard will likely evolve significantly before finalization. The Ethereum community has a track record of pragmatic iteration - ERC-20 went through multiple versions, ERC-721 took months of debate. ERC-8004 will be no different.

ERC-8004 isn't trying to solve everything. It's deliberately minimal - just enough blockchain to enable trust, not so much that it becomes unwieldy.

And for better or for worse, the AI agents and their economy are coming. The only question is whether it will be open or closed.

Resources and Further Reading

Core Documentation

• ERC-8004 Specification - The official proposal defining the Trustless Agents standard

• Technical Discussion Forum - Active debate on implementation details at Ethereum Magicians

Getting Started

• 3-Minute Video Explainer - Nader Dabit breaks down ERC-8004's key concepts

• ChaosChain's Mirror Article - First implementation with CrewAI agents performing real tasks

• ChaosChain GitHub Implementation - ChaoChain demo

• The Story Behind ERC-8004 - Co-author Marco De Rossi on the proposal's origins and vision

Comments

[CarlW]

Did I not understand or did i overlook it .... what about building a fake positive reputation? It seems that is still possible and I did not see this mentioned as a problem or already solved concern