AI Agent Trust: Why Businesses Need to Score the Agents Calling Their APIs
AgentHermes scores businesses on how ready they are for AI agents. But trust is not one-directional. As agent traffic grows, businesses face a new question: which of these agents are trustworthy? Which are legitimate assistants acting on behalf of users, and which are scrapers wearing an agent costume? This is the Know Your Agent problem.
The Bidirectional Trust Problem
In the human web, trust flows one direction. Businesses build websites. Humans visit them. The business trusts that the visitor is a real person (mostly). The visitor evaluates whether the business is legitimate (reviews, SSL, brand recognition).
The agent economy inverts this. Now businesses receive API calls from autonomous software agents acting on behalf of humans. The business cannot see the human. It sees an API request with a bearer token and a User-Agent string. Is this Claude helping someone book a dentist appointment? Is this a competitor scraping prices? Is this a security researcher probing for vulnerabilities?
The Agent Readiness Score measures business-to-agent trust. Can agents find this business? Can they interact with it? Can they transact? But the reverse — agent-to-business trust — is just as important. A business that opens its APIs to agents without verifying agent identity is like a store that lets anyone behind the counter.
The 6 Agent Trust Signals
When an AI agent makes an API request to your business, these are the signals that indicate whether it is trustworthy. Each signal provides a different layer of identity and accountability.
OAuth Client Registration
Trust: HighThe agent authenticates through a registered OAuth 2.0 client with a known redirect URI, client ID, and declared scopes. This is the strongest identity signal — it ties the agent to a registered application with a verified developer.
User-Agent Declaration
Trust: MediumThe agent sends a structured User-Agent header that identifies itself, its version, its operator, and a contact URL. Example: AgentName/1.2 (operator: company.com; contact: agent-ops@company.com). Honest self-identification is a baseline trust requirement.
Rate-Limit Compliance
Trust: MediumThe agent respects HTTP 429 responses, Retry-After headers, and documented rate limits. An agent that backs off when told to is safer than one that hammers endpoints. Rate-limit compliance over time builds a behavioral trust score.
Payment Capability
Trust: HighThe agent can pay for API usage through x402 micropayments, pre-funded wallets, or linked payment methods. An agent with payment capability has a financial identity — it is economically accountable for its actions.
Agent Card Declaration
Trust: MediumThe agent references its own agent-card.json — a machine-readable file declaring its capabilities, operator, terms of service, and supported protocols. This is the agent equivalent of a business card — structured, verifiable, and standard.
Request Pattern Analysis
Trust: BehavioralThe agent demonstrates consistent, purposeful request patterns rather than broad crawling or enumeration. A trustworthy agent reads the menu, selects items, and places an order. A scraper reads every page, downloads every image, and tests every endpoint.
No single signal is definitive. An agent with OAuth registration but aggressive crawling patterns is suspicious. An agent with perfect behavioral patterns but no identity is unverifiable. Trust is the composite of all signals, weighted by the risk level of the API being accessed.
KYA Levels: Know Your Agent Scoring Framework
Just as AgentHermes uses ARL (Agent Readiness Level) tiers to categorize business readiness, KYA levels categorize agent trustworthiness. The framework mirrors security best practices for agent readiness — default-deny, progressive trust, risk-proportional access.
KYA-0: Unknown
Score: 0-19No identity signals. Raw HTTP requests with generic or missing User-Agent. No OAuth, no payment capability, no agent card. Could be a bot, a scraper, or a legitimate agent with no identity infrastructure.
Access policy: Rate limit aggressively. Read-only access. No sensitive data.
KYA-1: Declared
Score: 20-39Structured User-Agent with operator identification. May have a contact URL. Self-declares identity but no verification. Better than unknown but trust is based on the agent's honesty.
Access policy: Standard rate limits. Public data access. Monitor for pattern anomalies.
KYA-2: Verified
Score: 40-59OAuth client registration with verified developer. Scoped permissions. Consistent rate-limit compliance over time. The agent has proven its identity through a trusted third-party mechanism.
Access policy: Full API access within scoped permissions. Transaction capability with limits.
KYA-3: Trusted
Score: 60-79Verified identity plus payment capability plus agent card declaration plus demonstrated behavioral trust over time. The agent has financial accountability, structured identity, and a track record.
Access policy: Full access. Higher rate limits. Priority routing. Direct transaction capability.
KYA-4: Bonded
Score: 80-100All signals present plus insurance or escrow backing. The agent operator has posted a financial bond guaranteeing behavior. Damages from agent misconduct are financially recoverable.
Access policy: Premium access. Custom rate limits. Bulk operations. Financial transactions without human approval.
Scrapers Wearing Agent Costumes
The most immediate threat is not adversarial AI agents — it is traditional scrapers and bots that add an “Agent” User-Agent string to bypass rate limits designed for bots. As businesses create agent-friendly APIs with higher rate limits and richer data access, the incentive for scrapers to impersonate agents increases.
The signals that distinguish real agents from impersonators:
This is why OAuth for agents is not optional — it is the primary mechanism for separating legitimate agents from impersonators. Without OAuth, every request with an “Agent” User-Agent string gets the same treatment.
What Businesses Should Do Now
Agent trust scoring is early. Most businesses have no agent traffic yet. But the ones that build trust infrastructure before the traffic arrives will handle the transition smoothly. Here are the concrete steps.
Implement OAuth 2.0 for API access
Require agent operators to register OAuth clients with declared scopes. This creates verifiable identity for every agent that interacts with your API. It is the foundation of all trust scoring.
Log and classify agent User-Agents
Start collecting structured User-Agent data from API requests. Classify into human browsers, known bots, declared agents, and unknown. This baseline data is needed before any trust scoring is possible.
Set tiered rate limits by trust level
Instead of one rate limit for all API consumers, create tiers. OAuth-registered agents with good behavioral history get higher limits. Unknown requestors get restrictive limits. This incentivizes identity declaration.
Publish an agent interaction policy
Document how agents should interact with your API. What User-Agent format you expect. What scopes are available. What rate limits apply per trust level. Make this machine-readable — an AGENTS.md or agent-policy.json.
Monitor request patterns for anomalies
Build dashboards that show agent behavior over time. Track endpoints accessed, request frequency, error rates, and data volumes. Anomalies in these patterns — sudden spikes, exhaustive crawling, repeated auth failures — indicate scraper behavior.
The AgentHermes approach: When businesses use AgentHermes hosted MCP servers, agent trust scoring is built in. The gateway evaluates incoming agent identity signals and applies access policies automatically. Monitoring and observability of agent traffic is part of the dashboard — business owners see which agents are calling, how often, and with what trust level.
The Trust Economy Is Coming
We are heading toward a world where trust is the primary currency of the agent economy. Agents with high trust scores will get better access, lower prices, and faster responses. Agents with low trust scores will be rate-limited, restricted, or blocked entirely.
This mirrors the human credit system. Your FICO score determines what financial products you can access. An agent's KYA score will determine what APIs it can access, what data it can read, and what transactions it can execute. The Agent Readiness Score is the business side of this equation — how ready is the business for agents. KYA is the agent side — how trustworthy is the agent for the business.
The companies that build both sides of this trust infrastructure will define the rules of the agent economy. AgentHermes is building the business side today and the agent side next.
Frequently Asked Questions
What is Know Your Agent (KYA)?
Know Your Agent (KYA) is a framework for businesses to evaluate the trustworthiness of AI agents calling their APIs. Just as KYC (Know Your Customer) verifies human identity in financial services, KYA verifies agent identity, capability, and accountability in the agent economy. It uses signals like OAuth registration, User-Agent declaration, rate-limit compliance, payment capability, and behavioral patterns.
Why do businesses need to score agents and not just the other way around?
Trust is bidirectional. AgentHermes scores businesses on how agent-ready they are — but businesses also need to know which agents are trustworthy. As agent traffic increases, businesses will receive API calls from thousands of different agents. Some are legitimate assistants acting on behalf of users. Some are scrapers pretending to be agents. Some are malicious bots testing for vulnerabilities. Without agent scoring, businesses cannot tell the difference.
How is KYA different from rate limiting?
Rate limiting is a blunt instrument — it treats all agents the same. KYA is identity-aware. A KYA-3 Trusted agent with verified identity and payment capability gets higher rate limits and deeper API access than a KYA-0 Unknown agent with no identity signals. KYA does not replace rate limiting; it makes rate limiting smarter by adjusting limits based on trust level.
Does AgentHermes implement KYA?
AgentHermes gateway services include agent identity detection as part of the request pipeline. When an agent calls a hosted MCP server, AgentHermes evaluates the agent identity signals present in the request — OAuth credentials, User-Agent structure, agent card reference, payment capability — and assigns a trust level. Business owners can set access policies based on these trust levels.
What happens to agents with no identity?
Agents with no identity signals (KYA-0) are not blocked — they are treated as untrusted. They get the most restrictive rate limits, read-only access to public data, and no transaction capability. This is the default-deny posture: prove who you are before you get access to anything sensitive. Most legitimate AI assistants are adding identity signals rapidly, so KYA-0 will increasingly signal either a very new agent or a suspicious one.
Score your business for agent readiness
See how ready your APIs are for AI agents — and start building the trust infrastructure agents need to interact with you safely.