The Human Root of Trust – public domain framework for agent accountability
18 hours ago (humanrootoftrust.org)
I've spent my career at the intersection of identity, trust, and distributed systems. The thing I keep thinking about: every digital system we've built assumes a human is on the other end. Bank accounts, contracts, API keys — all designed around human singularity.
That assumption has already broken. AI agents are transacting, communicating, and signing contracts autonomously — passing identity checks designed for people, with no human visibly in the loop.
The Human Root of Trust is my attempt to name the problem and sketch the architecture: three pillars (proof of humanity, hardware-rooted device identity, action attestation), a six-step trust chain from human principal to cryptographic receipt, and two implementation paths.
It's dedicated to the public domain. No patent. No product. No ask except that whoever picks this up carries the principle forward.
A bit ironic that this framework's authorship is completely missing.
I like this direction, but I don't think the crypto angle is necessary or practical in an enterprise / corporate setting. Current audit and compliance frameworks don't leverage or really recognize or encourage cryptographically based proof of action, so I don't see the agentic world as needing this to drive agentic adoption.
However, everything else you lay out is spot on.
The problem is any non-cryptographic proof can be spoofed at infinite speed. Which really defeats the whole stack.
If you are inside a trusted network then yeah, maybe you don't need any of this. Then again, maybe you do, it's not like inside of an intranet we let human users go wild without cryptographic authentication...
This resonates with something I've been thinking about a lot. The current agent ecosystem has a massive gap: we give agents access to tools and skills, but there's no standardized way to verify what those skills actually do before execution. It's like running unsigned binaries from random sources.
A human root of trust is necessary but not sufficient — we also need machine-verifiable manifests for agent capabilities. Something like a package.json for agent skills, but with cryptographic guarantees about permissions and data access patterns.
The accountability framework here is a good start. Would love to see it extended with concrete permission models.
The Human Root of Trust – public domain framework for agent accountability