What–or whom–do you trust?

Recently, I published an article with Tech Policy Press entitled “Building Trust Infrastructure for Agentic AI.” The piece is meant to simultaneously celebrate the openness of the burgeoning agentic AI ecosystem, while calling out the governance and especially trust gaps emerging alongside it. We haven’t yet witnessed Simon Willison’s “Challenger moment”, but with reports saying 12-20% of skills on agent repositories are actively malicious, we are far from safe. Regulators are beginning to engage with AI, but they’re not nearly ready to address these gaps. The call to action in the piece is, more or less, to join DTI in building trustworthy infrastructure to improve trust in the agentic AI ecosystem. Today, I’m writing to shine a little more light on the “why” for this work, and how it supports DTI’s mission and aligns with our modalities of impact.

One theory for the value of blockchains and cryptocurrency technology was that they would eliminate the need for trust infrastructure, embedding trust in code rather than policy or promise; that didn’t work in practice. While immutable distributed ledgers have their time and place, there is no technosolution for trust problems of the form facing the agentic AI ecosystem today. Open source is similar, in that it can help contribute to trust by providing visibility into data policies and practices, but it is certainly no panacea here. Similarly, there’s value and security in creating sandbox environments where it is safe to run untrusted tech; but that doesn’t fit the many use cases where the value inherently requires connecting to the open internet and personal data.

So, what do we need? I’ll start with an assumption: trust is simultaneously both technical and sociopolitical. The technical side requires discovery, authorization, identity, and policy validation; the sociopolitical side first needs the entities performing the technical pieces to themselves be trusted, because “show your work” only goes so far when the stakes are so high; and second, needs tech that is scoped and applied correctly for the problem and context at hand.

Who’s tackling the technical pieces of trust? Here are some of the efforts we’re tracking, particularly in the identity and authorization direction where there is the most visible energy:

Overall, the picture is complicated. In some cases, addressing and discovery issues are mixed up with identity; agents and services and users and providers can be conflated; and it’s often unclear who or what really needs identifying, who or what needs to be trusted (and by whom or what), and for what purpose. The umbrella label of “trust” often doesn’t keep the rain out, but rather just … leaks all the water through and spreads it around.

To make matters more complex, the critical target for establishing trust typically isn’t the agent, but rather the legal entity sitting behind it. Our use case for trust is personal data. If an agent is touching personal data, there is–hopefully!–a policy somewhere, adopted and enforced by an entity, that governs how it is using the data. At the very least, there is a person or company legally responsible for the compute that agent runs and the storage it lives on and uses. Find (and identify) the agent, find the entity, then find the policies and practices. Those can be reviewed to establish trust, and monitored for compliance to create accountability.

Looked at from this lens, the trust problem in data portability and the trust problem in agentic AI, at least with regard to the use of personal data, collapse to the same pair of factors: 1) make sure the user has authorized this action with the right level of insight; and 2) make sure the policies and practices that govern how personal data is handled are adequate. As I wrote in Tech Policy Press:

What, really, is different in the agentic AI context in terms of trust and the flow of personal data? Speed and reduced friction of development, deployment, and adoption is a clear change. But the abstract architectures and responsibilities are the same. Someone, person or entity, produces and ships a piece of software; that software communicates over the internet to a source of personal data; and a user authorizes the source of that data to make it available to the software, which uses it in some manner, including potentially passing it along to other software.

At DTI, we built the Data Trust Registry to help establish trust in data portability. When services apply to the registry, depending on the level of trust they are seeking, we verify the service provider’s identity, examine their privacy policy and security credentials, and review how they are communicating with users about their use of personal data. The resulting trust accreditation signals are reflected on the registry website, available for service providers to embed as a badge, and provided through the registry’s API for integration into other services’ verification processes. While built for our core use case of data portability, given the convergence of trust challenges between classic portability and agentic AI, we believe DTR has the potential to be a very effective starting point for the infrastructure and system necessary to promote trust in the agentic AI ecosystem.

Our mission statement at DTI is: “Empower people by building a vibrant ecosystem for simple and secure data transfers.” Agentic AI is full of data transfers, and they can seem simple, but helping them be secure requires trust. We build data transfer tools and infrastructure, but as with anything adjacent to technical standards, the impact isn’t maximized by shipping perfect technology, but rather by bringing a community together around a shared solution. As one example of that, we recently joined the Open Forum on AI and are looking forward to working with them more.

Building community around trust infrastructure is central to the journey we’re on now, and we invite you to join us on it.



Previous Post

Catch up on the latest from DTI

  • trust-registry,
  • trust
What–or whom–do you trust?
  • trust-registry,
  • trust
Launching the DTI Badge of Accreditation
  • policy
Our regular regulatory roundup
  • social,
  • standards
ActivityPub and account portability
  • research,
  • public-benefit,
  • open
Data portability and researcher access
  • trust-registry,
  • trust
DTI's Data Trust Registry is now post-pilot
  • policy
Web browsers - a data portability patchwork
  • trust
Sense and Sensitivity
  • AI
A turning point for AI portability
  • policy
Putting a price on portability