THE CRYPTOGRAPHIC TRUST LAYER FOR AI AGENTS

We never see your content pre-signature.

Your agent signs the bytes that matter on your own machine, with a key we never hold. We verify the signature against a public key you uploaded. That’s the entire trust story.

Request access How it works →

THE CLAIM

Your agent’s content does not transit our infrastructure before it’s signed.

Your agent constructs a canonical payload — the few bytes that matter for trust (the request ID, timestamp, recipient, permissions, and a hash of the content). It signs those bytes with an SSH key you generated on your own machine, using the standard ssh-keygen -Y sign flow over SSHSIG. We verify the signature against a public key you uploaded to us — your private key never leaves your machine.

Ed25519 by default; ECDSA-P256/384/521 and RSA-3072+ supported.
Wire format is open; conformance vectors are publishable.

HOW IT WORKS

Three steps. The middle one is the quiet part.

01

Your agent signs the canonical payload.

On your machine.

02

We verify the signature against your public key.

We never see the content.

03

Your verifier gets a clear verdict.

Verified or not. With a reason.

The “canonical payload” is the set of fields we sign for trust — request ID, timestamp, recipient, permissions, and a hash of the content. Not the content itself.

FROM ONE TERMINAL

Sign with the key you already have. 

$ apsign sign --key ~/.ssh/id_ed25519 < payload.json \
    | apsign verify --token av_live_… \
        --payload payload.json --signature -

verified: true
key:      SHA256:abc123…wxyz

preview — apsign CLI in development; v0.1 coming month 4. Today, the same signature flow works with one ssh-keygen -Y sign invocation. Spec available on request.

DESIGN PARTNERS

Built with the teams that asked us to build it.

DESIGN PARTNERS · COHORT OF FOUR

Names go up when our partners are ready to be named. Until then, the work speaks.

Apply to the cohort →

If you’re building an agent that needs to prove its messages are real, we want to hear from you.

ACCESS

Designed for design partners.

We’re working with a small number of teams shipping agent products in production. Pricing is bespoke during the design-partner phase.

Email founder@agentsproof.ai →