ERC-8126: Ethereum Introduces a Standardized Framework for AI Agent Verification

Author: DonJohnson, co-author of ERC-8126

Compiled by: Deep潮 TechFlow

DeepChain Summary: AI agents are already managing wallets, sending transactions, and deploying code, but users have no standardized way to verify whether an agent is secure. ERC-8126 aims to fill this gap. Built on top of ERC-8004 identity registration, it defines five layers of verification (tokens, media content, code, web endpoints, wallets), uses zero-knowledge proofs to protect privacy, and outputs a unified risk score from 0 to 100. The author, DonJohnson, is a co-author of this standard and comes from the Virtuals Protocol ecosystem.

Introducing ERC-8126: The Verification Layer for AI Agents.

Official address: https://eips.ethereum.org/EIPS/eip-8126

Authored by Leigh Cronian and Chris Johnson, jointly written by Cybercentry and Virtuals Protocol.

AI agents are rapidly becoming participants in the digital economy. They deploy code, execute transactions, manage wallets, interact with users, and increasingly collaborate with other agents. But one issue remains unresolved: while we have mature systems to verify people, businesses, websites, and software, we have never had a universal framework to verify AI agents.

ERC-8126 builds upon the agent registration mechanism of ERC-8004, introducing a standardized verification framework. AI agents can prove their trustworthiness through independent verification service providers while preserving privacy using zero-knowledge proofs.

Users have always had very limited ways to judge whether an AI Agent is trustworthy. Some seemingly simple questions often have no clear answers:

• Is this Agent running on secure infrastructure?
• Has its code been audited?
• Does it really control the wallet it claims to control?
• Is the associated token legitimate?
• Is the content it published genuine?
• Has it been compromised?

Current solutions are fragmented, inconsistent, and mostly rely on reputation alone. As agents begin managing larger sums of funds, autonomously executing more transactions, and integrating with critical systems, reputation alone is no longer sufficient. The entire ecosystem needs a unified verification framework.

ERC-8126 defines a standardized verification interface for AI Agents registered via ERC-8004. It does not establish a single authoritative verifier, but instead enables a market of specialized verification service providers. Each provider can use its own evaluation methods, but the attestations they produce are interoperable and can be directly consumed by applications, marketplaces, wallets, and various AI Agent ecosystems. The result is a portable AI Agent verification layer.

The verification service directly resolves Agent metadata from the ERC-8004 identity registry and performs a series of specialized validations. The results can be transformed into privacy-preserving attestations, published to the ERC-8004 verification registry, creating discoverable and verifiable signals across the ecosystem.

Ethereum Token Verification (ETV)

When the Agent metadata includes a contract address, ETV is responsible for verifying the legitimacy and security of that smart contract. Service providers confirm the contract is genuinely deployed on the corresponding chain by calling eth_getCode, ensuring the returned bytecode is non-empty, and checking against known vulnerability patterns. Agents may be associated with tokens, contracts, staking mechanisms, or other on-chain systems; if the contract does not exist, is falsely represented, or has obvious vulnerabilities, users and other Agents need to be aware before interacting. ETV helps verify whether the Agent has a legitimate on-chain footprint, enabling users to understand the economic foundation supporting this Agent.

Media Content Verification (MCV)

MCV verifies the authenticity, origin, and integrity of media associated with Agents. As Agents become increasingly visible to the public, media has become part of their identity: avatars, generated content, brand assets, and publicly shared posts all influence user trust. MCV examines signs of tampering, synthetic media, deepfakes, embedded metadata, digital watermarks, steganographic payloads, and digital signatures, and can integrate with established content authenticity frameworks such as C2PA. As AI-generated content becomes increasingly realistic, verifying authenticity is more critical than ever.

Solidity Code Verification (SCV)

When the parsed metadata contains Solidity code, SCV validates the code’s legitimacy and security. The service provider confirms that the code matches the on-chain deployed bytecode and checks for common vulnerabilities such as reentrancy attacks, unsafe external calls, and flash loan attack patterns. Agents may operate smart contracts themselves or interact with them during service provision; binding to vulnerable code directly exposes users, assets, and other agents to risk. SCV provides the ecosystem with a standardized method for evaluating smart contract security signals at the agent level.

Web Application Verification (WAV)

WAV checks whether the Agent's web endpoint is accessible and secure. Agents often expose web interfaces, APIs, dashboards, or various endpoints—all of which constitute attack surfaces. A compromised URL can phish users, distribute malicious content, or manipulate Agent behavior. WAV verifies HTTPS endpoint responses, validates SSL certificate validity, and identifies common web security vulnerabilities, recommending adherence to established frameworks such as the OWASP Web Security Testing Guidelines. For many users, the Agent’s website is their first point of contact—long before they examine wallets or contracts. The website is the gateway, and WAV determines whether this gate is secure.

Wallet Verification (WV)

WV verifies wallet ownership and assesses the on-chain risk profile of the Agent wallet. The service provider examines the wallet’s transaction history against threat intelligence databases to identify wallets associated with malicious behavior, suspicious activity, fraud, or compromised infrastructure. The Agent wallet is one of the most critical components of the Agent identity, as it may control funds, sign messages, authorize tasks, receive payments, and interact with other Agents. A high-risk wallet means a high-risk Agent. WV provides a standardized assessment method for users and systems.

Verification often requires access to sensitive information: source code, infrastructure details, proprietary data, operational systems, and security configurations. It is entirely understandable that organizations are unwilling to disclose these.

ERC-8126 uses Private Data Verification (PDV) combined with zero-knowledge proofs to resolve this contradiction. Verification service providers can review sensitive information, perform analysis, and generate encrypted proofs to confirm conclusions without exposing the underlying data. In other words, an Agent can prove it has passed a security review without disclosing any confidential infrastructure or proprietary information—enhancing verification strength without compromising privacy.

Each applicable verification type returns a score from 0 to 100, and the overall risk score is the average of these values. The standard defines clear risk tiers:

• Low risk: 0-20
• Medium: 21-40
• High: 41-60
• High risk: 61-80
• Critical: 81-100

This scoring model makes validation results easy to interpret: different Agents can be directly compared, risk classifications are consistent, trust signals can be used directly for decision-making, and cross-platform interoperability is enabled. Applications can also display individual component scores, allowing users to see exactly where specific risks lie.

ERC-8126 also introduces an optional Quantum Cryptographic Verification (QCV). As quantum computing advances, traditional cryptographic systems may face new security challenges in the future. QCV provides an optional framework allowing service providers to encrypt sensitive verification records using quantum-resistant methods, ensuring the long-term security of verification data. Today it is optional, but it reflects ERC-8126’s design philosophy: verification infrastructure must evolve alongside technology.

ERC-8126 deliberately separates the verification standard from its specific implementation. Without a centralized authority, any service provider can implement a verification service that complies with the standard.

This design fosters competition among service providers, specialized division of labor, geographic flexibility, better pricing, and continuous innovation. Just as multiple certificate authorities collectively support the security of the Web, multiple verification service providers can make the Agent ecosystem healthier and more resilient.

The industry has spent years building the infrastructure for Agents to "exist"; now what's needed is infrastructure for Agents to be "verifiable." Identity alone is not enough. An Agent can have a name, a wallet, and an on-chain identity, yet still operate in an insecure manner. It can execute transactions, interact with users, and even generate revenue—all while exposing users to hidden risks. Verification must become a first-class citizen, and that’s the role of ERC-8126.

Standardized verification, portable authentication, privacy-preserving proofs, and transparent risk scores together make trust itself interoperable. An Agent that completes verification in one ecosystem can carry that trust signal to another. Markets can assess an Agent without redoing the entire verification process. Users can make informed decisions without understanding every technical detail.

The next generation of the internet will not be driven solely by humans; an increasing number of autonomous software agents will act on behalf of individuals, organizations, protocols, and other agents. They will negotiate agreements, manage assets, purchase services, and deploy software, collaborating with each other at a scale unattainable by human organizations. Supporting this future requires three layers of infrastructure:

• Identity: ERC-8004 provides portable on-chain Agent registration
• Verification: ERC-8126 provides a trust layer that enables participants to assess risk, verify authenticity, and interact with confidence.
• Business: ERC-8183 establishes standards for economic activities between agents.

Together, these three standards transform the Agent from an isolated software program into a participant in a shared economy network. No single company owns these layers—they belong to the entire ecosystem.

As developers building Agent infrastructure, contributors to this standard repeatedly encounter the same gap: Agents can register identities, conduct transactions, and collaborate, but there is no shared answer to users’ most basic question: Can I verify this Agent?

The answer to this question should not belong to any single company. Verification infrastructure is only effective when it is neutral, open, and independently verifiable. Therefore, ERC-8126 is an open standard, not a proprietary product. Anyone can implement it, any service provider can offer verification services based on it, and any application can consume the attestations it produces.

The most successful digital economies in history have been built on trust. People trust websites because of HTTPS, software because of code signing, and businesses because of reputation systems and verification frameworks. The Agent economy needs its own verification infrastructure. The reason is not that Agents are inherently dangerous, but that trust amplifies opportunity: users are more willing to interact with Agents they can verify; businesses are more willing to deploy them when they can assess risk; and when Agents can verify each other, entirely new forms of autonomous collaboration become possible.

The goal of ERC-8126 is straightforward: to make verification programmable. Instead of relying on centralized authorities or a single verification service provider, it aims to foster an ecosystem of verification services through an open standard. Before Agents can interact with the world, the world must first be able to verify those Agents.

ERC-8126 is an open standard that welcomes developers to integrate the verification standard into their Agent: parse ERC-8004 metadata and start publishing certifications today.

Verification Service Provider: Implement compliant verification services covering ETV, MCV, SCV, WAV, and WV, and deploy PDV certification based on zero-knowledge proofs through your chosen market.

Protocol, Market, and Wallet: Integrate ERC-8126 to display verification results and a unified risk score for each Agent.

Read the full specification: ERC-8126