TrustProtocolArchitecture

Building a Trust Protocol for AI Agents: From Zero Trust to Earned Trust

Vorim AI Team

March 10, 2026 · 10 min read

Beyond Zero Trust

Zero Trust is the dominant security paradigm of the last decade. "Never trust, always verify" has transformed how we think about network security, access control, and data protection. But when applied to AI agents, Zero Trust alone isn't enough.

Here's why: Zero Trust is binary. Every request is either allowed or denied. There's no concept of degrees of trust, no way to express "this agent has proven itself reliable over 10,000 interactions" versus "this agent was registered 5 minutes ago."

For autonomous agents that need to collaborate, delegate tasks, and make real-time decisions, we need a richer model: earned trust.

What Is Earned Trust?

Earned trust is a continuous, quantitative measure of an agent's reliability and behavior over time. Unlike binary access control, earned trust allows for nuanced decisions:

- A newly registered agent can perform basic read operations but must earn the right to transact

An agent with a high trust score can be granted temporary elevated permissions without human approval
Third-party services can set minimum trust thresholds for agent interactions
Rate limits can be dynamically adjusted based on trust level

This isn't about replacing Zero Trust — it's about building on top of it. Every request is still authenticated and authorized. But trust scoring adds a reputation layer that enables more sophisticated, autonomous decision-making.

Anatomy of a Trust Score

Vorim AI's trust scores range from 0 to 100 and are computed from five weighted factors:

1. Agent Status (Weight: 25%)

An active agent in good standing receives full marks. Suspended, revoked, or quarantined agents receive zero. This is the baseline — a binary gate that ensures only operational agents accumulate trust.

Status	Score Contribution
Active	25/25
Suspended	0/25
Revoked	0/25

2. Agent Age (Weight: 20%)

Trust is earned over time. An agent that has been operating for 90+ days has demonstrated sustained reliability. We use a logarithmic curve — the first 30 days contribute the most, with diminishing returns after 90 days.

Score = min(20, log2(age_in_days + 1) * 3)

This means a 7-day-old agent scores ~9/20, a 30-day-old agent scores ~15/20, and a 90-day-old agent hits the cap at 20/20.

3. Historical Success Rate (Weight: 25%)

The ratio of successful permission checks to total permission checks. An agent that consistently operates within its granted permissions demonstrates reliability.

Score = (successful_checks / total_checks) * 25

An agent with a 98% success rate scores 24.5/25. An agent with a 60% success rate scores 15/25. We require a minimum of 10 checks before this factor contributes — new agents aren't penalized for having no history.

4. Denial Frequency (Weight: 15%)

How often an agent attempts actions it's not permitted to perform. Frequent denials indicate either misconfiguration or potentially adversarial behavior.

Score = max(0, 15 - (denial_rate * 30))

An agent with a 5% denial rate scores 13.5/15. An agent with a 50% denial rate scores 0/15. This factor acts as a negative signal — it actively punishes agents that repeatedly test boundaries.

5. Scope Breadth (Weight: 15%)

How many of the 7 permission scopes an agent has been granted. Agents with narrow, focused permissions (2-3 scopes) are considered lower risk than agents with broad access (5-7 scopes). Counter-intuitively, we reward narrower scope:

Score = 15 * (1 - (active_scopes / 7) * 0.5)

An agent with 2 scopes scores 12.9/15. An agent with all 7 scopes scores 7.5/15. This encourages the principle of least privilege.

Trust in Practice: Real-World Scenarios

Scenario 1: Multi-Agent Collaboration

Consider a customer service system with three agents:

Classifier Agent (trust: 85) — reads incoming tickets and routes them
Response Agent (trust: 72) — drafts and sends replies
Escalation Agent (trust: 91) — handles complex cases, can access billing systems

When the Classifier needs to delegate a complex ticket to the Escalation Agent, it can verify the Escalation Agent's trust score via the Trust API. If the score meets the minimum threshold (say, 80), delegation proceeds automatically. If not, a human is notified.

Scenario 2: Third-Party Integration

Your AI agent needs to interact with a partner company's API. The partner requires a minimum trust score of 70 for write operations. They verify your agent's score via Vorim AI's public Trust API — no Vorim AI account needed, no credentials exchanged.

// Partner's verification middleware
const trust = await fetch(
  `https://api.vorim.ai/v1/trust/verify/${agentId}`
).then(r => r.json());

if (trust.trust_score < 70) {
  return res.status(403).json({ error: 'Insufficient trust score' });
}

Scenario 3: Dynamic Rate Limiting

Instead of static rate limits, adjust limits based on trust:

const rateLimit = trust.trust_score >= 80 ? 1000 
                : trust.trust_score >= 50 ? 100 
                : 10; // requests per minute

Highly trusted agents get 100x the throughput of untrusted ones. This rewards good behavior and naturally throttles suspicious activity.

The Road to a Trust Standard

We believe agent trust scoring will eventually become a standardized protocol — similar to how TLS certificate validation works today. The key principles:

- Public verifiability. Trust scores must be verifiable without privileged access. Vorim AI's Trust API is unauthenticated by design.

Composability. Different systems should be able to consume trust scores and apply their own thresholds. A score of 75 means the same thing regardless of who's checking.
Transparency. The factors that contribute to a trust score should be documented and auditable. No black boxes.
Portability. Long-term, an agent's trust history should be portable across providers. We're exploring cryptographic attestations that can be verified independently of Vorim AI.

Building on the Trust Layer

Trust scoring is one component of a larger vision: a decentralized trust layer for autonomous AI. The pieces are: 1. Identity — cryptographic keypairs (Ed25519) for verifiable agent identity 2. Permissions — fine-grained, time-bounded, conditional access control 3. Audit — tamper-proof event logging with signed bundles 4. Trust — continuous, multi-factor reputation scoring 5. Verification — public APIs and embeddable badges for cross-org trust

Together, these form a protocol — not just a product. Our goal is for agent identity and trust to become open infrastructure that any team can build on, regardless of whether they use Vorim AI or build their own implementation.

Start with the free tier: 3 agents, 10,000 auth events/month, full trust scoring, and public badge support. See what earned trust looks like for your agents.

Ready to build with agent identity?

Free plan: 3 agents, 10K auth events/month, full SDK access. No credit card.