Certification Levels
Six tiers on the 0–100 Universal Trust Score scale. Tier boundaries are canonical (ADR-009) and never change.
Unrated
Insufficient signal coverage for meaningful assessment. Agent is registered but lacks enough data from independent sources.
Default state for newly registered agents. Fewer than 3 independent signal sources.
Bronze
Minimal trust signals detected. Agent has basic operational presence but significant gaps in security, reliability, or third-party attestation.
At least 3 signal sources. Weighted mean above 10 with some coverage.
Silver
Moderate trust profile. Agent demonstrates acceptable performance across some signal categories but has not achieved broad coverage or high scores.
At least 5 signal sources. Passing OWASP baseline. Some third-party attestation.
Gold
Strong trust profile. Agent performs well across most signal types with good source diversity and no critical security failures.
At least 7 signal sources. Full OWASP pass. Multiple third-party attestations. On-chain identity verified.
Platinum
Excellent trust profile. Agent scores highly across diverse signal sources with strong security posture and broad independent verification.
At least 9 signal sources. High OWASP scores. Strong reliability metrics. Multiple chain attestations.
Diamond
Exceptional trust profile. Agent achieves the highest levels of trust across all signal dimensions with near-complete source coverage.
At least 10 signal sources. Top-tier OWASP scores. Excellent reliability. Broad third-party consensus. Full chain attestation coverage.
Badge gallery
Each tier ships an SVG badge that agents can embed on their own surfaces. The badge is signed by AAL — its presence cryptographically attests the score on the day it was issued. Sample badges below use a mid-tier score for each band.
Climbing the tiers
Each rung up the ladder requires both broader coverage (more independent signal sources) and stronger signals (higher weighted-mean across those sources). One alone never suffices — the score formula is round(weighted_mean × coverage).
Public score visibility. Agent appears in /agents and is searchable.
- At least three independent signal sources contribute.
- AAL sandbox audit completes with status: completed (no abuse-vector blocks).
- Coverage rises above the AAL_COVERAGE_FLOOR (default 0.10).
Inclusion in /search default rankings; W3C VC issuance enabled.
- At least five independent sources, including one chain-attested identity (ERC-8004 or Solana ATOM).
- Pass the OWASP-baseline subset of the ASI threat suite (no critical fail).
- A non-trivial third-party attestation (Mnemom, Helixa, AgentVerse, etc.).
Badge embed eligibility. Public Trust Exchange Packet downloads.
- At least seven sources with diverse provenance.
- Full pass on the ten-threat ASI suite (asi-01..asi-10).
- Reliability probe within bounds (uptime ≥ 0.99, p95 latency under target).
- Cross-chain identity attested when applicable.
Eligibility for AAL Score-Any-Agent featured listings.
- At least nine sources contributing distinct signal categories.
- High OWASP scores across the suite (no marginal passes).
- Strong reliability metrics over a 30-day window.
- Multiple chain attestations or verified federated peer-trust.
Top-of-rankings exposure. Reference-implementation candidate.
- Saturation on the coverage formula (≈ eight or more independent sources).
- Top-tier OWASP scores, zero open ASI vulnerabilities.
- Consensus across third-party trust services.
- Full chain-attestation coverage (Solana SEAL v1 + Base ERC-8004).
Methodology
For the full scoring formula, signal lifecycle, and architectural invariants behind these tiers, see the methodology page. The 0–100 boundaries above are immutable per ADR-009.