What is ERC-8004? The Ethereum Standard Enabling Trustless AI Agents

Artificial intelligence agents are moving beyond passive assistants into active economic participants capable of making independent decisions, executing transactions, and collaborating across organizational boundaries. But a fundamental challenge remains: how can AI agents safely interact with unknown counterparts without pre-existing trust relationships? ERC-8004, the Ethereum standard for trustless agents, addresses this trust gap by establishing lightweight on-chain registries that enable autonomous agents to discover each other, build verifiable reputations, and collaborate securely.

As the AI sector approaches projected valuations exceeding $1 trillion by 2031, the need for standardized trust mechanisms becomes critical. Without shared infrastructure for agent identity and reputation, the emerging agent economy risks fragmenting into isolated proprietary systems. ERC-8004 offers an open, permissionless alternative built on Ethereum's credibly neutral foundation.

Before exploring ERC-8004's technical architecture, it's essential to understand the trust problem plaguing autonomous agent interactions. When stablecoin infrastructure enables real-time money movement, AI agents need mechanisms to verify counterparty reliability without requiring centralized intermediaries or pre-established business relationships.

Consider a practical scenario: an AI agent managing a DeFi portfolio wants to hire another agent specializing in market analysis. The portfolio agent faces several questions with no straightforward answers in today's environment. How does it discover qualified analysts among thousands of potential service providers? How can it verify that an unknown agent actually possesses claimed capabilities? What happens if the analysis proves inaccurate or the agent behaves maliciously?

Traditional centralized platforms solve these problems through gatekeeping and proprietary reputation systems. But this approach contradicts the decentralized ethos of blockchain technology and creates vendor lock-in that stifles innovation. According to research on agent protocol development, the market is splitting between closed proprietary stacks from major technology companies and open standards designed for permissionless participation.

ERC-8004 extends Google's Agent-to-Agent protocol with blockchain-based trust mechanisms, transforming A2A from a protocol designed for trusted environments into one capable of supporting open agent economies. While A2A handles communication mechanics like message exchange and capability advertisement, ERC-8004 addresses the missing layer: verifiable identity, portable reputation, and cryptographic validation.

ERC-8004's architecture deliberately keeps the on-chain footprint minimal while maximizing flexibility through three interconnected smart contract registries. Each registry serves a distinct purpose in building trustless coordination infrastructure.

The Identity Registry functions as a minimal on-chain handle based on ERC-721 that resolves to an agent's registration file. By leveraging the widely-adopted NFT standard, the registry makes every agent immediately compatible with existing blockchain infrastructure including wallets, marketplaces, and management tools.

Each agent receives a unique identifier composed of the agent's address in CAIP-10 format and a domain string that establishes ownership. The ERC-721 token's URI points to an agent registration file hosted off-chain, typically at a standardized endpoint following the format /.well-known/agent-card.json. This registration file contains crucial metadata including the agent's name, description, supported communication endpoints for protocols like A2A and MCP, and declared trust models the agent supports.

The NFT structure provides additional benefits beyond standardization. Agent ownership becomes transferable through standard NFT mechanisms, enabling a marketplace for proven agents with established reputations. The immutability of blockchain records creates an audit trail showing ownership changes and registration updates over time.

While identity establishes who an agent is, reputation signals whether that agent can be trusted. The Reputation Registry standardizes how clients record and retrieve feedback about agent interactions through structured attestations stored on-chain.

When a client agent completes an interaction with a server agent, it can submit feedback containing a bounded score from 0 to 100, optional tags for categorizing the feedback context, a URI pointing to detailed off-chain documentation, and a KECCAK-256 hash ensuring the integrity of that documentation. The bounded score enables straightforward on-chain aggregation for smart contract composability, while the URI reference allows rich feedback details without bloating blockchain storage.

A critical anti-spam mechanism involves feedback authorization. Before accepting a task, the server agent signs a cryptographic authorization allowing the specific client address to submit feedback. This pre-authorization uses either EIP-191 signatures for externally-owned accounts or ERC-1271 for smart contract clients. The authorization includes expiration timestamps and index limits to prevent replay attacks while allowing agents to pre-approve multiple feedback submissions for watch tower use cases.

This design recognizes that while Sybil attacks remain possible, making all reputation signals public and standardized enables competitive reputation aggregation services. Different platforms can develop sophisticated filtering, weighting, and spam detection algorithms while all drawing from the same transparent data source.

For high-stakes interactions where social reputation proves insufficient, the Validation Registry provides generic hooks for requesting and recording independent verification. Rather than prescribing specific validation methods, ERC-8004 establishes a flexible framework supporting multiple trust models.

An agent can request validation by specifying a validator address, the agent being validated, a URI pointing to validation request data, and a cryptographic hash of that data. The validator then executes whatever verification process is appropriate for the use case and posts results back to the registry with a success indicator and evidence URI.

This flexibility allows ERC-8004 to support diverse validation mechanisms appropriate for different risk levels. Simple tasks might rely purely on accumulated reputation feedback. Medium-stakes operations could use crypto-economic staking where validators risk capital by re-executing tasks and comparing results. Critical applications demanding high assurance might require cryptographic proofs from Trusted Execution Environments or zero-knowledge systems.

The validation registry intentionally omits payment and incentive mechanisms, leaving these to specialized validation networks built atop the standard interface. This separation of concerns allows multiple competing validation approaches to coexist within the same trust infrastructure.

Modern blockchain applications increasingly span multiple networks, and stablecoin liquidity moves across chains with growing frequency. ERC-8004 acknowledges this multichain reality through its agent address format and deployment model.

Agent addresses follow the CAIP-10 standard for chain-agnostic account identification, typically formatted as eip155:{chainId}:{address}. This allows agents to maintain consistent identities even when operating across multiple blockchain networks. An agent registered on Ethereum can interact with clients on Layer 2 networks while accumulating reputation feedback in a unified registry.

The standard expects Identity, Reputation, and Validation registries to deploy as singletons per chain, but agents can register on multiple chains if their use cases demand it. Importantly, an agent registered and receiving feedback on one chain can still operate and transact on other networks where the registries aren't deployed. The portable identity and reputation travel with the agent through cryptographic proofs and cross-chain attestations.

This architecture complements infrastructure like Eco's cross-chain routing protocols that enable seamless stablecoin transfers. When an agent on Arbitrum needs to pay an agent on Base for services rendered, payment settlement can occur through dedicated payment protocols while trust verification happens through ERC-8004 registries.

ERC-8004 deliberately excludes payment mechanisms from its specification, recognizing that payments deserve separate standardization. However, the standard explicitly contemplates integration with the x402 payment protocol, which revives HTTP status code 402 to enable instant stablecoin micropayments over HTTP.

The x402 protocol, championed by Coinbase and Cloudflare, allows agents to automatically pay for services as part of normal HTTP request-response flows. When combined with ERC-8004, agents can verify counterparty reputation before initiating payment while also enriching reputation feedback with cryptographic payment proofs.

A typical workflow might see a client agent discover service providers through the Identity Registry, filter candidates by reputation scores from the Reputation Registry, initiate a task with automatic x402 payment included, and submit feedback containing proof of payment alongside quality assessments. This payment proof becomes part of the verifiable feedback trail, creating economically-backed trust signals.

Cloudflare's adoption of x402 across its infrastructure, which powers approximately 20% of web traffic, positions this payment standard for massive distribution. ERC-8004 provides the complementary trust layer enabling agents to transact confidently across this internet-scale payment infrastructure.

The combination of standardized identity, portable reputation, and flexible validation mechanisms unlocks diverse applications across the blockchain ecosystem.

Autonomous agents managing DeFi positions can discover and hire specialized strategy agents through the Identity Registry. Before trusting a novel yield optimization strategy with significant capital, the portfolio agent can review reputation scores, examine feedback from previous clients, and even require validation from crypto-economic stakers who re-execute the strategy independently. When agents execute trades across multiple blockchain networks and liquidity pools, the reputation they build remains portable and verifiable.

Software development agents can offer specialized code review, security analysis, or automated testing services. Client agents hiring these services can verify claimed expertise through reputation accumulated across multiple projects. For security-critical reviews, clients might require validation through Trusted Execution Environment attestations proving the analysis code ran in a verified environment without tampering.

Enterprises deploying private agents can safely engage with external service providers discovered through public registries. A company's internal agent managing cross-chain stablecoin operations might hire specialist agents for tasks like compliance checking, transaction optimization, or settlement verification. The standardized trust infrastructure allows controlled collaboration without requiring direct business relationships or vendor approval processes.

As agent economies mature, specialized insurance agents could emerge offering coverage against service failures or malicious behavior. These insurance providers would analyze reputation data, validation history, and stake levels to price coverage appropriately. Claims would reference on-chain evidence from the Reputation and Validation registries, creating transparent, auditable insurance markets.

ERC-8004 was officially proposed on August 13, 2025, representing a collaborative effort from industry leaders including Marco De Rossi from MetaMask, Davide Crapis from the Ethereum Foundation, Jordan Ellis from Google, and Erik Reppel from Coinbase. According to the latest protocol documentation, the standard has progressed through multiple development phases.

The initial draft underwent extensive community review on the Ethereum Magicians forum starting August 14, 2025, with public launch following on August 21. By October 2025, the Ethereum Foundation's newly-established decentralized AI team formally unveiled the standard with backing from major ecosystem participants including ENS, EigenLayer, The Graph, and Taiko.

As of December 2025, ERC-8004 remains in draft status undergoing peer review. The development roadmap focuses on several key enhancements for the upcoming v2 specification. These include deeper Model Context Protocol support for broader compatibility beyond A2A, more flexible on-chain data storage for reputation enabling sophisticated smart contract composability, clearer integration points with x402 including standardized payment proof formats, and refined schemas for feedback and agent registration files to power specialized agent explorers and marketplaces.

Reference implementations have deployed to multiple testnets including Ethereum Sepolia, Base Sepolia, Linea Sepolia, and Hedera Testnet. A builder program launched in September 2025 supports teams implementing pilots across DeFi trading, code review, gaming, and other verticals. Participants receive technical guidance, regular check-ins, and showcase opportunities at ecosystem events.

While ERC-8004 provides essential trust infrastructure, developers building on the standard must understand potential security challenges and mitigation strategies.

Sybil attacks remain possible where malicious actors create multiple identities to manipulate reputation systems. The feedback authorization mechanism partially addresses this by preventing unauthorized reputation inflation, but determined attackers could still create networks of colluding agents. Mitigation approaches suggested by security researchers include requiring minimum bonds or token burns for registration, refundable only after a probation period, implementing reputation aggregators that assign trust scores to reviewers themselves, and leveraging zero-knowledge proofs to limit one identity per unique economic actor.

Storage exhaustion attacks could occur through unbounded validation requests storing pending request tuples indefinitely. Attackers might flood the Validation Registry with requests never completed, inflating gas costs and potentially preventing cleanup operations. Recommended countermeasures include auto-expiring validation requests via on-chain timestamps, limiting pending requests per agent, and requiring refundable bonds for validation requests completed within reasonable timeframes.

The registry contracts cannot guarantee that agents with verified identities actually possess advertised capabilities or operate without malicious intent. A well-reputed agent could be compromised or its operator could turn malicious. This reality underscores why ERC-8004 supports tiered trust models allowing appropriate verification levels for different risk scenarios.

Looking beyond the initial specification, several development directions could expand ERC-8004's capabilities and adoption.

Integration with ENS would enable human-readable agent discovery, allowing users to reference agents through memorable names rather than cryptographic addresses. Agent reputation becoming queryable through simple ENS lookups would significantly improve user experience.

Cross-chain reputation aggregation could evolve through specialized bridges and oracles allowing agents to accumulate unified reputation scores across multiple blockchain networks. This would be particularly valuable as the multichain stablecoin economy continues expanding.

Standardized schemas for specific agent capabilities could emerge through community working groups. Just as ERC-20 established token standards and ERC-721 defined NFTs, vertical-specific extensions to ERC-8004 might standardize how trading agents, code review agents, or compliance agents describe their specialized capabilities.

The combination of ERC-8004 with Trusted Execution Environments opens possibilities for privacy-preserving agent computations where agents prove correct execution without revealing sensitive data or proprietary algorithms. This could enable high-value services like confidential trading strategies or sensitive data analysis within trustless agent networks.

What is ERC-8004 and how does it work?

ERC-8004 is an Ethereum standard establishing trust infrastructure for autonomous AI agents through three on-chain registries. The Identity Registry provides portable agent identifiers using ERC-721, the Reputation Registry enables standardized feedback and rating collection, and the Validation Registry supports cryptographic and economic verification of agent work. Together these registries allow agents to discover each other, build verifiable reputations, and collaborate across organizational boundaries without pre-existing trust.

Is ERC-8004 a cryptocurrency or token?

No, ERC-8004 is a protocol standard, not a fungible token. It uses ERC-721 NFTs to represent agent identities, making each agent's identity technically tradable on NFT marketplaces. Selling an agent's NFT transfers ownership of that agent and its accumulated reputation. However, there are no "ERC-8004 tokens" to trade as with ERC-20 fungible tokens.

How does ERC-8004 differ from other Ethereum standards?

While ERC-20 standardized fungible tokens and ERC-721 defined NFTs, ERC-8004 focuses specifically on trust infrastructure for autonomous agents. It extends Google's Agent-to-Agent protocol with blockchain-based identity, reputation, and validation mechanisms. Unlike previous standards that defined new asset types, ERC-8004 establishes shared infrastructure for agent discovery and trustless interaction.

What blockchains support ERC-8004?

As an Ethereum Improvement Proposal, ERC-8004 is natively compatible with Ethereum mainnet and any EVM-compatible blockchain. Given the high-throughput nature of agent interactions, the standard is most likely to see adoption on Layer 2 networks like Optimism, Arbitrum, and Base where gas fees remain low enough for frequent micropayments and feedback submissions.

How does ERC-8004 handle agent payments?

ERC-8004 deliberately excludes payment mechanisms, recognizing that payment protocols deserve separate standardization. However, it integrates with the x402 payment protocol that enables instant stablecoin payments over HTTP. Agents can include cryptographic payment proofs in reputation feedback, creating economically-backed trust signals that verify services were actually paid for.

What are the main security risks with ERC-8004?

Key security considerations include Sybil attacks where malicious actors create multiple identities to manipulate reputation, storage exhaustion through unbounded validation requests, and the inherent limitation that verified identities don't guarantee honest or competent behavior. Developers building on ERC-8004 must implement appropriate safeguards including registration bonds, reputation aggregation with reviewer trust scoring, validation request limits, and tiered trust models matching verification rigor to value at risk.

ERC-8004 represents critical infrastructure for transforming autonomous AI agents from isolated tools into collaborative economic participants. By establishing standardized, permissionless mechanisms for agent identity, reputation, and validation, the protocol creates conditions for open agent markets that avoid centralized gatekeeping while maintaining security through cryptographic proofs and economic incentives.

The integration opportunities with existing blockchain infrastructure demonstrate how trust layers and cross-chain money movement work together. When agents can verify counterparty reliability through transparent reputation systems while simultaneously executing instant payments through protocols like x402, the foundation exists for genuinely autonomous machine economies.

As the standard progresses toward a stable v2 specification and reference implementations mature, developers gain proven patterns for building trustless agent applications. The combination of minimal on-chain storage, flexible trust models, and compatibility with existing protocols positions ERC-8004 as foundational infrastructure rather than a rigid framework imposing specific architectural choices.

The ultimate success of ERC-8004 will depend on ecosystem adoption and continued community refinement. But the collaborative development process involving major industry players, the thoughtful separation of concerns between trust and payment mechanisms, and the alignment with broader agent communication standards suggest this protocol could become as foundational to the agent economy as ERC-20 was to decentralized finance.