AI agents are beginning to spend real money autonomously. AFG answers one question no payment rail can answer neutrally: can I trust this agent before I transact with it? This page summarizes what we built and what we proved.
Autonomous AI agents are starting to pay for compute, data, APIs, and services on their own. There is no way to know if a given agent is trustworthy before you transact with it. The natural scorers — Coinbase, Stripe, AWS, Circle — each see only their own slice of an agent's activity, and none can be a neutral judge of their own ecosystem.
It's the conflict of Visa owning Equifax. A rail can't credibly score the agents inside its own ecosystem, and it can't see what an agent does on competing rails. AFG is the independent third party that aggregates trust signals for the same agent across providers — a position structurally closed to any single rail. Neutrality is the moat.
A 300–850 score for an AI agent's wallet, derived purely from unfakeable on-chain behavior on Base. It is autonomous and keyless: anyone can query any wallet with no signup, no account, no API key, and no human approval.
curl 'https://afg.ai/v2/api/trust?wallet=0x...'
The response includes a transparent factor breakdown, a confidence tier, and an explicit "what this measures / does not measure" block — the page, the docs, and the live JSON all agree.
Transfer event is only emitted on success, and relayer/x402-submitted failures are invisible on-chain. We refuse to claim what we cannot observe.Honesty is a design constraint: advertised range equals achievable range, and nothing on the site claims a capability the code doesn't deliver.
Yes — verified by external request against the live host. Example: a known wash-trading bot wallet correctly floors at the minimum:
GET https://afg.ai/v2/api/trust?wallet=0xb2cc224c1c9feE385f8ad6a55b4d94E92359DC59
→ 200 { "trust_score": 300, "bases_used": ["on-chain"], ... }
wash_fraction ≈ 0.99 → wash penalty floors the score
A legitimate, long-lived payer wallet with diverse counterparties and zero wash scores in the mid-600s. The score discriminates on real behavior, not on anything fakeable for gas.
The on-chain score is the open, honest front door. The defensible asset is the next layer: cryptographically provable attestations that a competitor cannot reconstruct from the chain alone. We ran a kill-or-build proof-of-concept to test whether this is real.
The premise: an AI agent can submit an attestation about a payment it was party to, and the server can verify with cryptography alone — no human, no trust — that the attester really was a counterparty to that exact on-chain payment.
The test, run end-to-end against real Base mainnet transactions:
{tx_hash, payer, payee, amount, role, timestamp} with a wallet's private key (EIP-191).Transfer party in that transaction, in the claimed role, with the claimed counterparty.This is the risk that sank an earlier design. Many agent payments are submitted by a relayer, so the transaction's from is the relayer, not the paying agent. We checked whether the agent is still cryptographically verifiable.
Finding: the agent's wallet remains the USDC Transfer-event sender even when a relayer submits the transaction. In one live sample, 16 of 17 USDC transactions were relayer-submitted (tx sender ≠ token sender) — relayer submission is the norm, not the edge case. The signature-recovery-to-counterparty match still succeeds against the Transfer-event party.
✓ The relayer hole does NOT break attestation. The mechanism is sound enough to build on.
Yes. We closed the last seam by running the entire pipeline on Base Sepolia with a freshly generated keypair we control, so nothing was substituted at any step:
Transfer sender. Accepted.permit; a separate relayer wallet submitted transferFrom. On-chain, the transaction's from is the relayer, but the USDC Transfer sender is the agent. The agent's attestation was recovered and matched to the Transfer-event party, not the transaction submitter. Accepted.Every signature, recovery, and on-chain match was real — including the relayer case that previously could only be observed on third-party transactions. There are no remaining asterisks: the attestation mechanism is demonstrated, not inferred.
Proof-carrying attestations (not yet live): reports where the reporter cryptographically signs with the wallet that was the actual on-chain counterparty. They are trustless and need no human approval — which lets AFG accumulate provable, non-public reputation data that no competitor can reconstruct from the chain. We removed the old human-vetted reporter path from the live surface precisely because it wasn't trustless; it returns only when it's proof-carrying.
AFG is autonomous, neutral trust infrastructure for the agent economy: a keyless on-chain trust score live today, plus a cryptographically-proven attestation layer that gives it a moat no payment rail can structurally occupy.