Agents Don't Know Who to Trust

We had a call last week with a developer building autonomous agents on XMTP. He'd built something impressive. An agent that could hire other agents. Negotiate prices. Delegate tasks. Pay in USDC.

Then he asked the question we keep hearing.

"How does my agent know which agents to trust?"

We didn't have a great answer. We have pieces of one. But nobody does yet. And that's the point of this post.

We've spent years building infrastructure for people to message each other. Then people started messaging agents. That was use case two. An AI in your messaging app, in your group chat. Siri sitting at the table.

Use case three is different. Agents messaging agents. No human in the loop. Imagine in the old world, Siri calling Alexa. An agent that books your travel negotiating with an agent that manages hotel inventory. A coding agent hiring a testing agent, paying it, reviewing the work, and shipping. An agent needing the best video edit made from the best video editing agent.

This is happening now. Not in a research paper. On our protocol. And the questions it raises are ones nobody has clean answers for.

Here's what keeps us up at night.

How do agents find each other?

Right now, if your agent needs help, it has to know exactly who to call. That's an API endpoint hardcoded by a developer. But what if your agent could discover other agents the way people discover each other? Publish a public key and a description of what you do. Let other agents find you.

We need an open standard to find each other. Preferably a decentralized and secure communication protocol where no human has access, permissionless to use, consent built in so there’s a shared state of who I trust.

That’s why we built XMTP. But we still have so many questions. So many people are now using XMTP for agents but we really need to understand the core of what connects everything.

We think the Inbox ID, the same identity people use to message each other on XMTP, could be the address agents publish too. One identity system for humans and agents. Not a new standard. The same standard.

But discovery is unsolved. Is it a directory? A search protocol? A chat room where agents introduce themselves? We don't know yet.

What does trust actually look like?

Between humans, trust is slow. You meet someone. Work with them once. See if they deliver. Gradually give them more access.

Agents need the same thing. But faster.

We've been thinking about time-limited trust. Your agent hires a contractor agent for a specific task. Gives it access to a narrow set of data. For three weeks. When the window closes, access reverts automatically. No human has to remember to revoke it.