AstraSync AI

Given Agents capacity to alter traditional audit trails, Blockchain's immutable and cryptographic properties are crucial for ensuring identities remain unique and permission boundaries remain immutable. Its decentralised nature ensures both sides of Agentic transactions have a single, common view of events should fault need to be assigned.

Our identity and trust mechanisms remain the same regardless of the use case. What changes is the thresholds that are applied by the counterparty receiving the access request from the Agent. For example, an Agent who's job is simple RAG within trusted partner boundaries the counterparty may opt to accept a lower trust score. On the other hand a counterparty receiving high stakes/risk access requests may enforce a high trust score threshold.

Because the registration, ownership transfer and verification events are recorded on the blockchain, they remain immutably recorded. All other records stored off-chain will be treated in accordance with relevant jurisdictional right to be forgotten requireent, balanced with data retention obligations.

They key difference is access to systems (API endpoints, MCP servers, eCommerce checkout pages, other Agents). If the AI can request access to those systems, we deem them to be an agent that needs identity and trust for the counterparty to verify before granting/denying such access.

The Agent is registered by a primary Developer. If that Developer is a user within a team based account (Developer Plus, Business or Enterprise) the ownership is assigned to the account. When calculating Trust Scores we use three groups of factors 1/ Origin (where the Developer who registers the account factors in), 2/ Owner (the account that is accountable for the Agent) and 3/ Activity (how is the agent behaving).

The best incentive is a high trust score, as the developer score influences the agent's score and the higher the agent score, the more likely they are to be authorised to transact with counterparties. The Trust Score is used on our KYD visual assets (see attached). If you scan the QR code, you'll notice the public profile page enables the developer to advertise their trust score.

This was partially covered on the call. Effectively, once a developer registers an Agent, they are then able to transfer ownership of that agent to another user and the chain of custody is captured on the Blockchain to validate accountability. In an Enterprise account, multiple developers may be enrolled as users, the primary developer would register the agent, but ownership would automatically be assigned to the Enterprise.

Yes, a singe API call will validate the Agent ID as valid, the permission set the Agent is authorised to act within and the dynamic trust score at the point of verification. This can be automated with our SDK installed at the endpoint used by the agent, whether that is an API, MCP server, ecommerce checkout or another agent. The verification event and result are recorded on the blockchain.

While the algorithm is proprietary in terms of the weights assigned to each factor and how we monitor and assess behavioural signals, the components are transparent. Our dashboard includes guidance on steps that can be taken to improve trust scores. We also are engaging independent auditors to certify the credibility and fairness of the score.