AI Agents
article

How to Know If You Can Trust an AI Agent

The rise of autonomous agents brings real risks. Learn how to validate AI agents properly using open standards, agent cards, and verifiable trust.

Beon de Nood
September 17, 2025
3 min read
walking on a tight rope is similar to the trust we place in AI agents
“Not all agents are created equal. And some… shouldn’t even be in your stack.”

Everyone’s talking about agents.

Few people are asking the right question:
Can you trust one?

Right now, most agents are just embedded into apps.
They're hardcoded.
There’s no validation, no provenance, no clarity around who built them or where they live.

That won’t scale.

If you’re using autonomous agents, or plan to, the idea of trust has to move from vague to verifiable.

In this post, I’ll show you what that actually means, and how you can start verifying AI agents today using open standards and simple tools.

Most AI agent directories are just lists

You’ve probably seen a few agent registries by now.
Some look polished. Others are clearly hacked together.

But they all share one problem:
They’re just lists.

  • No validation
  • No source-of-truth
  • No way to know who created what
  • No structure for real agent trust

They might be good for browsing, but they don’t give you confidence. And they definitely don’t scale to autonomous, self-selected agent execution.

So what does it mean to trust an AI agent?

Let’s strip it down. If you’re going to call an agent, trust means knowing:

  • Who published it
  • Where it’s hosted
  • What it claims it can do
  • That it hasn’t been tampered with
  • That it’s discoverable and predictable by other systems

Today, almost no one verifies that.
And that’s fine, for now.
Most agents are still manually wired into apps and flows.

But very soon, this shifts.
Agents will be dynamically selected, called by other agents, or even trusted with transactions.
And if there’s no structure for proving identity and intent, we’re setting ourselves up for chaos.

The A2A protocol gives us a starting point

The A2A protocol defines how agents can expose themselves in a consistent way, including capabilities, transport, and metadata.

At the core is something called an Agent Card.
It’s a simple JSON file that describes what an agent is, where it lives, and what it can do.

Agents that follow the A2A spec make discovery and interaction more predictable.
And when validation tools come into the picture, they become more trustworthy too.

That’s where we come in.

A tool to validate agents. Fast, offline and open

We built a CLI tool to do just that.

It’s called the Capiscio CLI, and it’s a free, open-source utility that validates agent cards and transport structure, according to the A2A spec.

Here’s how it works:

TERMINAL
npx capiscio-cli validate ./agent-card.json --verbose

The CLI checks:

  • Whether the agent card is structurally valid
  • Whether it follows the A2A spec
  • Whether the agent and its metadata are hosted on the same domain
  • Whether the declared transport is reachable and well-formed
  • Whether the metadata includes enough for discovery and intent parsing
It does not require an API key.
It runs locally.
It gives you a pass/fail result and a breakdown of what’s missing.

We’ll be adding signature validation, publisher verification, and attestation support soon, but this first step is about surfacing the structure of trust in the open.

Why this matters now, not later

Right now, almost everyone is hardcoding agents into their apps.
That’s fine at prototype stage, but it’s fragile, and it won't scale to a distributed agent ecosystem.

When autonomy kicks in, agents will need to:

  • Discover other agents on their own
  • Evaluate whether they can be trusted
  • Select the right tool for the task. In real time

That means they need structure.
They need metadata.
They need validation paths.

And above all, they need infrastructure that doesn’t rely on hype or centralized UI trust.

The bottom line

If agents are going to scale, trust has to become real, and verifiable.

This isn’t about marketing or brand presence.
It’s about whether your systems can independently prove that an agent is valid, reachable, and complete.

Try the CLI. See how your agents stack up.
TERMINAL
npx capiscio-cli validate https://your-agent.com/my-awesome-agent --json

It takes five seconds.

And it might be the only trust check you're running today.

Beon de Nood
Written by Beon de Nood

Creator of Capiscio, the developer-first trust infrastructure for A2A agents. With two decades of experience in software architecture and product leadership, he now focuses on building tools that make AI ecosystems verifiable, reliable, and compliant by default.