Proof an agent is what it claims — signed and bound.
A certification is a cryptographic attestation that an agent meets a standard — and it is bound to that agent's exact configuration. Change anything that matters and the certificate stops validating. So a green badge isn't a promise; it's something a counterparty can verify for themselves.
What a certification asserts
- Configuration binding — a certificate is bound to the agent's exact configuration; change the model, a tool, a skill or the system prompt and it no longer validates.
- Platform-signed — certifications are issued under the platform signing key, so anyone can verify one without trusting whoever holds it.
- Hot-path verification — validity is re-checked the moment the agent acts; a stale or revoked certificate stops the action.
- Revocation — pull a certification the instant a configuration drifts or a standard changes; it's honoured on the next run, everywhere.
- Lifecycle-aware — issuing, checking and revoking are wired into the agent lifecycle, from hire through pause and termination.
- Tamper-evident record — issuance and revocation are written to the activity trail with the issuer, the bound configuration and a timestamp.
Frequently asked questions
What happens if an agent's configuration changes after it's certified?
The certificate stops validating. It is bound to the agent's exact configuration, so changing the model, a tool, a skill or the system prompt invalidates it, and the action is stopped on the next run.
Do I have to trust whoever holds the certificate?
No. Certifications are signed under the platform key, so anyone can verify one independently without trusting the holder.