Abstract

AI-driven systems increasingly rely on externally developed AI agent artifacts, such as agents, tools, plugins, and services, that are distributed through registries or marketplaces and executed within enterprise environments. While existing registries enable discovery and existing runtime security systems focus on detecting malicious behavior during execution, there is no mechanism to ensure that such artifacts are authentic, legitimately published, and governed across their lifecycle before execution.

The proposal introduces systems and methods for trusted distribution and authentication of AI agent artifacts, establishing a pre-execution trust framework that enables consuming systems to verify publisher identity, artifact authenticity, provenance, and lifecycle state prior to download or execution. The framework operates independently of registries and complements runtime security systems by preventing unauthenticated, tampered, or revoked artifacts from entering execution environments.

A key aspect of the proposal is the use of a long-term cryptographic trust model, including support for quantum-resilient cryptographic mechanisms, to ensure that authenticity assertions and provenance records remain verifiable over extended time horizons as cryptographic threats evolve. The proposal further provides immutable lifecycle tracking, controlled redistribution, and ecosystem-wide revocation and recall, enabling product-style governance for distributed AI agent artifacts.

The proposed approach is protocol-agnostic and applies broadly to distributed AI agent ecosystems. In one non-limiting embodiment, the artifacts include Model Context Protocol (MCP) servers and agents, where the proposed framework operates alongside MCP registries and MCP runtime security systems to provide layered protection.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS