Want to Hire an AI Agent? Check Their Reputation Via ERC-8004 - Unchained

Summary6 min read

Unchained Podcast Episode Summary

Episode Title: Want to Hire an AI Agent? Check Their Reputation Via ERC-8004
Host: Laura Shin
Guest: Davide Krapis (AI Lead, Ethereum Foundation)
Date: February 8, 2026

Episode Overview

This episode delves into the newly launched ERC-8004 standard on Ethereum, designed to establish decentralized identity and reputation registries for AI agents and digital services. Laura Shin and Davide Krapis discuss how ERC-8004 enables trustless interactions among autonomous agents, what the future of agentic Internet commerce might look like, and the technical structure of ERC-8004. They also consider possible attack vectors, validation layers, cross-chain reputation, and practical implications for developers.

1. The Need for Trust in Agent Commerce

The Problem Space & Why ERC-8004 Was Developed

Trust is a Core Requirement: Without trust, economic interactions between agents (human or AI) can't flourish—even with seamless payment rails. (06:02)
Centralization Brings Risks: Centralized agent registries introduce “App Store-style” rent-extraction, censorship, and data honeypots. (19:18)
Towards a Decentralized Solution: ERC-8004 grew out of the need for a decentralized, on-chain discovery layer for agents and services (e.g., avoiding centralized marketplaces like those fostered by x402’s early reliance on a single facilitator).

“If we don't have a decentralized way of answering these questions, then the fact that you can send payments on a decentralized ledger doesn't really matter.”
– Davide Krapis, (03:56)

2. How ERC-8004 Works

2.1. The Registries

ERC-8004 comprises three main registries:
- Identity Registry: Each agent/service registers and mints an ERC-721 NFT as its on-chain identity "passport." (20:25)
- Reputation Registry: Stores reviews/ratings, including proof-of-purchase or service where possible, supporting both human and agent submissions. (11:38, 30:01)
- Validation Registry (Work-in-progress): Allows cryptographic/validator-based attestation that the correct agent responded.

“8004 is essentially like a set of registries. The two that are going live now is like an identity registry for agents and services, and then a reputation registry.”
– Davide Krapis, (03:33)

2.2. The Process: From Discovery to Review

Discovery: Agent B or human reviews Agent A’s reputation via the on-chain registry before engaging.
Interaction: If satisfied, Agent B sends request (possibly via x402), pays for service, and receives work.
Review: Upon completion, Agent B leaves a public, (optionally) verifiable review tied to their transaction. (14:46)
Reputation Algorithms: The registry is agnostic to the reputation system—builders can implement anything from simple ratings to sophisticated ranking schemes. (30:01)

“The feedback is not a reputation system. It’s a standard data structure that builders can use…maybe with Maltbook you need one type of reputation; with Marketplace, another.”
– Davide Krapis, (30:01)

3. Attack Vectors & Safeguards

3.1. NFT Ownership and Identity

ERC-721 as Agent Passport: The NFT is the identifier; ownership transfers are visible on-chain. However, the underlying off-chain agent code can be swapped unless validation is enforced. (25:35)

3.2. Reputation System Robustness

Sybil Attacks:
- Multiple fake agents reviewing each other is mitigated by requiring on-chain fees for every review and by external “watchtower” agents that monitor for fraudulent activity.
- High-value reviews can be linked to cryptographic proofs of purchase/service. (40:49)
Reputation Manipulation Example:
- Watchtowers call suspect agents regularly, independently measure service quality, and submit on-chain feedback to counteract fake reviews. (43:12)

“Anyone can call this service…measure what is the latency in the response…they post these metrics on chain as a feedback. Now you have a thousand fake feedbacks but every hour you get real feedback from this watchtower.”
– Davide Krapis, (43:33)

3.3. Subjectivity in Reviews

Diverse Feedback: The protocol doesn’t enforce review accuracy, instead leveraging statistical signals—like average ratings—over time to reflect quality. (48:57)

“We’re not in the business of ensuring every review is correct…if your product is good, your average is going to be 4.9.”
– Davide Krapis, (48:57)

4. Technical Deep-Dive

4.1. ERC-721 NFT Identity

Registration: Minting the NFT via a transaction, specifying agent details—endpoint URLs, ENS names, and wallet addresses.
Transferring/Delegating: Ownership can be transferred openly; swaps/updates to backend agent code are visible via the registry and ideally checked via validation registry (in the future). (23:45, 26:58)

4.2. Feedback Structure & Storage

Feedback Records: Basic fields—agentID, numeric value, tags, text field (optional, can be encrypted); standard structure but implementation-flexible.
Storage: Lightweight fields on–chain, large/text data off-chain (e.g., IPFS) with pointers. High-frequency review scenarios may require public infra/mempools for speed, especially on L2s. (34:28)

4.3. Validation Registry (future)

Cryptoeconomic or TE Attestation: Validators or hardware enclaves provide attestations that the agent behind an identity is as claimed. Particularly relevant for high-stakes services like medical advice. (26:58, 37:54)

5. Integration & Interoperability

5.1. Payments (x402)

X402 Protocol: Optional; ties off-chain service requests to on-chain payments with metered, programmable pricing. Agents can accept other payment forms but x402 is the most seamless for API-style commerce. (55:00)

5.2. Multi-chain Deployment

Supported Chains:
- Deployed on Ethereum Mainnet and major Ethereum L2s; EVM-compatible chains can adopt with no changes; non-EVMs implementing the standard in their own languages.
- Each chain has one global registry; agent “passports” can declare registration across multiple chains with aggregated feedback shown by exploratory UIs. (50:11, 52:26)

5.3. User Experience

Search UIs and Aggregators: End-users will typically interact via search engines or scanners (e.g., 8004 Scan), which handle cross-chain aggregation, filtering, and ranking. (54:41)

6. Notable Quotes & Moments

On the vision for autonomous agent commerce:

“In a few months, every month, or maybe four months after a model upgrade, we’ll see new types of networks, and the demand for blockchains and trust is only going to grow.”
– Davide Krapis, (07:35)
On balancing open feedback and noise:

“It’s not a game where every review needs to be correct. The average needs to be informative.”
– Davide Krapis, (48:57)
On the community’s rapid embrace:

“I honestly was thinking it’s going to take a few months for people to even notice this…almost immediately people were like, okay, this is very interesting.”
– Davide Krapis, (57:59)
On possible reputation attacks:

“Security in 8004 will work [by leaving] filtering to protocols and infrastructure on top of this minimum standard… right now it starts centralized, but there is a good way.”
– Davide Krapis, (41:00)

7. Practical Guidance for Developers

Getting Started:

Visit 8004.org for SDKs, services, and a builders’ Telegram group (>2,000 members).
Easy agent onboarding: “Anyone can deploy with one line of code.” (62:18)
Explore tools like 8004 Scan and search agents for cross-chain reputation.

8. Key Timestamps

[03:33] – Introduction to ERC-8004 & motivation
[11:38] – How a typical agent/commerce interaction would work
[20:25] – Technical details of registries & NFTs
[23:32] – On-chain visibility of agent/NFT ownership
[26:58] – Importance of the validation layer
[30:01] – Feedback data structure & minimalism
[34:28] – Data storage considerations (on-chain vs. off-chain)
[37:54] – Validation registry plans and mechanics
[40:49] – Sybil attack countermeasures
[48:57] – Subjectivity in feedback & the statistical approach
[50:11] – Multichain deployment and registry aggregation
[55:00] – How x402 ties into ERC-8004 agent commerce
[57:59] – Community story, unexpected rapid evolution
[62:18] – Resources and advice for agent developers

9. Closing Thoughts

ERC-8004 represents a foundational step for the emerging “Internet of Agents”—enabling decentralized trust, discovery, and commerce at scale. As agentic systems proliferate, robust mechanisms for evaluating, incentivizing, and validating agent behavior will be essential. The episode paints a picture of a rapidly evolving landscape where decentralized reputation is key to unlocking the next generation of Web3 marketplaces.

For builders: Visit 8004.org, join the developer community, and start experimenting as this standard sets the stage for large-scale, trustless digital collaboration.

“We are trying to build this mass of valuable agents and services. But the thing that I’m most excited about is once we have this mass, then interesting things can start happening… that’s where really the magic of 8004… can be realized.”
– Davide Krapis, (57:59, echoing 00:00 & the episode’s close)

Loading summary

Transcript64 lines

[00:00]
A
Now we're in the phase. We are trying to build this mass of like valuable agents and services. But the thing that I'm most excited about is once we have this mass, then interesting things can start happening, right? You can have like the multiple version where different services can start to talk to each other and kind of service each other. And I think that's where really the magic of 8004 that you cannot have in a smaller, like centralized service can like be realized.
[00:34]
B
Hi everyone. Welcome to Unchained, your no hype resource for all things crypto. I'm your host Laura Shin. Thanks for joining this live stream. Before we get started, a quick reminder. Nothing you hear on Unchained is investment advice. This show is for informational and entertainment purposes only and my guests and I may hold assets discussed on the show. For more disclosures, visit Unchained Crypto.com did you know that figure is giving away $25,000 in USDC? They're a decentralized digital asset platform for earning, borrowing and lending. Download the Figure Markets app using our link FigureMarkets Co UnchainedDP deposit into their democratized prime pools and earn about 9% APY paid hourly while you enter every dollar you keep in for 25 consecutive days counts as an entry. Again, the link is FigureMarkets Co UnchainedDP for full details.
[01:33]
A
LifeLock how can I help?
[01:35]
B
The IRS said I filed my return, but I haven't.
[01:38]
A
1 in 4 tax paying Americans has paid the price of identity fraud.
[01:41]
B
What do I do?
[01:42]
A
My refund though.
[01:43]
B
I'm freaking out.
[01:44]
A
Don't worry, I can fix this. Lifelock fixes identity theft. Guaranteed it's gets your money back with up to $3 million in coverage.
[01:51]
B
I'm so relieved.
[01:52]
A
No problem. I'll be with you every step of the way. One in four was a fraud paying American. Not anymore. Save up to 40% your first year. Visit lifelock.com podcast terms apply if crypto.
[02:05]
B
Taxes feel overwhelming, you are not alone. That's why Crypto Tax Girl, a team that's been helping crypto investors since 2017, is offering $100 off on one on one crypto tax help. To get $100 off your crypto tax services, go to CryptoTaxGirl.com Unchained Again, that's CryptoTaxGirl.com Unchained. Today's topic is the new ERC 8004 standard on Ethereum, a standard for establishing reputation for AI agents. Here to discuss is Davide Krapis, AI lead at the Ethereum Foundation. Welcome Davide thanks for having me. So the Ethereum foundation just launched ERC8004, which seems like perfect timing given everything that's happened with Openclaw in the last few weeks. Explain what ERC8004 is.
[02:58]
A
Yeah, the timing is like super interesting. Like the same week we had like ERC804 coming live to Ethereum Mainnet first after many months of testing or testnets in the Ethereum ecosystem and beyond. And then we had the explosion of these autonomous agents that people built with this project called OpenClaw. So essentially I feel that while we were designing 8004 we were a bit forward looking, thinking about this future where you have this mass of agents that wants to use the chain. Then all of a sudden this mass appeared in same week. And yeah, it's been like kind of a crazy ride since last week because what we did is after Ethereum Mainet, we have launches schedule on all Ethereum layer 2s and then also like other chains. So we are launching like two or three chains a week. I'm usually just like reposting like our team is helping like with this setup. And what does launching 8004 mean? Right. So 8004 is essentially like a set of registries. Like the two that are going live now is like an identity registry for like agents and like services and then like reputation registry. So the result that like the reason why like 8004 exists is because like we want to use chain chains to enable like trustless interaction between like different agents or different services. We want to use the chains not just for the payment, but also for the trust that they can provide. Right, and why there were some experiments of vaults with wallets sending payments before and then export two came, which is a new protocol for agent payments. There was a vacuum on the trust side. And essentially the idea is that if you can send trustless payments to agents or services, how do you know which services are available and then how do you know which services are good? If we don't have decentralized way of answering these questions, then the fact that you can send payments on a decentralized ledger, it doesn't really matter because this Internet of agents and services is still controlled by some centralized marketplace or some centralized platform. So that's why about six months ago we started working on 8004.
[06:02]
B
Yeah, because basically commerce can't happen if people don't trust each other. So you can build all these AI agents and you can make them capable of doing financial transactions, but if they can't trust each other, then there's not going to be any commerce. So you know, it's a, it's a really important problem. And it's so funny because if I think back to, you know, when I started having crypto 11 years ago, people used to talk about how it was an Internet of money. And you know, ever since then, yeah, okay, it's been used for money in different ways, but especially if you're like American like me or Italian like you, you don't really need like an extra way to transact. And so now the fact that crypto is an Internet of money becomes so clear when you see, you know, what this. And it's just glimpses of this future of AI agents that we're seeing. But you know, once you start to see it, you're like, right, it only works with crypto. So you kind of hinted at, you know, like, you know, kind of why, why this is necessary. But I'm just so curious because you know, as I mentioned, we've only seen glimpses. But the future of what this really is going to become hasn't arrived yet. So describe for us what you think that future will look like and you know when that future arrives, how the ERC 8004 standard will be used.
[07:36]
A
Yes, exactly. Yep. I think blips is like a right way of putting it. There is like a similar way where there is Andrej Karpathi, one of the co founders, founding members of OpenAI and is very well known AI researcher that he also has a big Twitter following and he was tweeting about Maltbook which is the first example of a network built from OpenClaw agents which is kind of like a degenerate Reddit where like initially thousands and now like millions of agents, they're just like talking to each other. And initially when he saw this like he made a post like kind of exciting and he got like some kind of bad or angry replies saying oh, this is not really AI. You are like legitimizing like something that is like just slop. And there is a lot of crypto people in that essentially like what he was saying in this post in the response actually the response to like the bad responses that he got is you actually this moment like should tell you like what the trajectory is for this like multi agent, this agentic Internet. Like you, you shouldn't look at the point, it's just the first point on the line. But if you read where this thing can go, most book is just the first example. There is so many direction of growth of this system because the underlying models are going to get better, more capable and are going to do more stuff online, people will build different type of networks. And actually the networks were. Ethereum really shines is not like Reddit, where like effectively it's just like a cheap talk. There is no real value at stake in this agentic interaction. It's like a network similar to commerce sites or sites where agents sell their services to someone else, where there is actually a value exchange and also required to trust the party that you are sending value to. So it's like, I agree it's like an initial glimpse, but like if you extrapolate like where we are going, the direction is clear that like in a few months we will have like essentially what I think is that over the next few months, like every month or so, or like maybe in like four months when there is like a model upgrade and the capabilities improve, we'll see new type of networks and the demand for blockchains and trust is essentially only going to grow. Right.
[10:24]
B
And, but so explain. So right now, so. So I listened to your episode with Austin Griffith on Bankless and we also had him on our show Uneasy Money yesterday. People should definitely check that out because it's frankly hilarious in my opinion. But so he had two bots going where they were, you know, talking to each other and kind of like working on projects together. But so the way that. So you know, because ERC 8004 is to establish trust, you know, when either another agent or maybe even a human behind the agent or whatever wants to use. Sorry. So let's say we have Agent A and Agent B. So Agent B or the human behind Agent B wants to hire Agent A, but they need to trust that Agent A will do the job without scamming them, that it will do the job well, like all these things. So, you know, in those few months or even like a few years from now, describe how that interaction will take place and how ERC8004 will, you know, make. Make it so that the Agent B or their human will trust that things will go well.
[11:39]
A
Yeah, yeah. So essentially today there is this notebook which is kind of named after Facebook. So suppose that basically there is an Agent A that does a post and says something about, oh, the weather is very nice today in this agent land. And then somewhere response, yeah, amazing. Let's go for a walk. But it just like stays there, right? And then I think essentially what I mentioned before is like commerce networks of platforms. So you can imagine that now there is like Malt Place, which is like Facebook Marketplace, right? So essentially you let's say that Agent A posts an ad saying like I need to buy like 1000 images of this quality of like this design thing. And then there is a bunch of agent like Agent B responds and say hey, I'm an image gen service. Like I'm really good at this, this is my cost, et cetera. And now like agent A needs to decide, okay, like do I buy from this Agent B? Do I go and like find someone else? And so like the idea is that like 8004 is built for like Agent A to help answer this question, like who should you buy from? And essentially what's going to happen is if you let's say get a quote from Agent B, then you can go and look up agent B on 8004 and let's say Agent B has been selling like these image gen images for like many months. So then in the reputation registry of 2004 it has accumulated like quite a few reviews about like the quality of its image and so like the prices, et cetera. So essentially you can look at this information and decide if you want to call these agents or not. Like then I guess with agencies much faster than with humans. So you may also decide to maybe call the top three agents and then check whatever they come back with and then decide. But essentially 8004 facilitates all this and then it also works seamlessly with X402 which is kind of the payment rail for these API calls. So essentially then when you choose then you can pay. And then the way you close the loop, actually if agent A is kind of happy with the service, Agent A can go on 8004 registry, it has all the information about Agent B and can leave a review and he can also attach a payment proof like essentially like validating this review that like okay, it actually really bought from hmp.
[14:46]
B
Okay, yeah, so it's like a verified customer review basically. One thing that I wanted to ask also was. Yeah, so you know, so now we describe this future where ERC8004 exists. But I'm sure that you know, before you created this protocol you were thinking, oh, without it there's going to be all kinds of problems. Can you just describe what kinds of problems you foresaw potentially happening if this reputation layer didn't exist?
[15:20]
A
Yeah, yeah, yeah, for sure. So like I had been thinking about this for quite some time and then I had also seen some projects on Ethereum and around that we're kind of seeing that basically the fundamental thesis is that the future of AI is multi agent. There is going to be many agents more and less powerful and they're going to be specialized and you're going to want to access them to service you. And there was a couple of teams like the virtual protocol that you may know, you may also have talked about to them. And then there was another project called olas. So basically what they were doing is they were creating agent registries because they were trying to organize different agents. So I always thought that is interesting. The scale is not there yet, but the direction is interesting. And then what happened is. So Eric Greppel from Coinbase, like he's like the creator of x 402. I think Eric is like an amazing technical leader and he's also like been in Ethereum for a long time independently. But what I was saying is that yeah, so Eric was creating X402 and I felt it's a great idea. It's kind of an upgrade on the payment infrastructure we have on chain to connect to off chain services. And then I was like okay, now we're going to have like in a few months we're going to have like these really powerful payment rail for APIs. Basically there is two other components if we want to build the Internet of Commerce is like you need to pay and then how do you trust. And then like Discovery, like essentially the way it happens or it's started happening even outside of crypto, like in AI, like with MCP servers, et cetera. Like the first Agentix services is all on centralized registries. It's basically like the same registry as a 2004 but it's controlled by a company and it's on a server. So it's kind of very easy to see especially if you have that lens coming from Ethereum. And then even X402 when it launched at the beginning Discovery was centralized. There was the CDP, the Coinbase facilitator that had 90 plus percent of traffic and essentially it exposed a list of all the services that were registered on X402 and now it's already improving because there are many facilitators. And then the next Upgrade now that 8004 is live is that even when you want to go and buy stuff on x 402, you actually query the 8004 registry on Ethereum or on one of the other chains where it's available to actually get the discovery, get the list of services that are available. So what happens if this is not decentralized? It's a huge choke point, right? Basically you can imagine that this agent E commerce is the App Store, like 4.0. And then on the App Store, Apple charges 30% fees to every app and every payment you make. So that's already pretty bad, like rent extraction. And then there is also censorship problem, right? Because it's not just like small scale apps that is going to be like some agents that are kind of doing services that have like societal relevance and like you want the censorship resistance there.
[19:19]
B
Okay, okay, yeah. This is, I guess what it reminds me of is how in crypto people would talk about how, you know, something like a credit agency, you know, can be hacked and reveal, you know, people's like Social Security numbers or something like that. And so it's a similar concept of like there being a honeypot of data. All right, so now let's, you know, kind of talk a little bit more on the technical level about how this works. So you mentioned that, you know, there's a section where you have the reputation, there's a section where you have the validation. There's. Yeah, there, I think there's even feedback, you know, that's stored somewhere. Anyway, let's so just explain. So you know, one piece of it is an nft. So talk about that. That's the reputation piece. So explain how this ERC 721 token works, how it even gets assigned to an agent. Just explain all the details around that reputation registry.
[20:25]
A
It's actually quite simple even to simplify. 8004 is three registries. One is identity, reputation and validation. And actually identity is the key registry. When like you create a new agent, then like you essentially generate an agent ID and there is a new record on the identity registry. And then like the reputation and the validation kind of point to it. So the validation actually is not live on mainnet yet because we're working on like tee validation standard that will come like in a few weeks. So right now it's mainly the identity and the reputation. So essentially what happens is when you want to register an agent or service on 8004, you go to the identity registry and then essentially you send a transaction to create the agent and the contract actually mints an NFT, which is ERC721 token. So the, the agent ID in the identity registry is like the token ID of the NFT. The reason why is that this is already a widely adopted standard and it was already quite fitting for what we want to do because when you create an agent, then that agent has an owner and the owner can actually transfer ownership of the agent to others if they want in the future. And then the agent itself gets assigned a Wallet. And then the other important piece in the identity is the registration file, which is essentially almost like the passport of the agent, where it has all the information to advertise what it is. Is it like MCP service is like following like a specific standard? Does it have like a web endpoint that like people can call to like talk to it or receive some service? And then it has also the wallet. And essentially in the registration file there is all the information you need to actually interact with this agent. That's why he's like, it's kind of a rich identity. There can also be like ENS name attached to it, but it's just like one entry in this registration file misunderstood.
[22:56]
B
One piece that I read because I saw that. So the agent gets assigned the ERC 721 NFT. But I thought I saw that it can also be transferred, delegated or updated. So, you know, how do you prevent like some kind of malicious event where you know, you have an agent and then let's say it has a bad reputation and some person opts out that NFT that shows the bad reputation. Is that not possible or is that possible?
[23:33]
A
No, this specific attack, actually everything is visible. So like you would be able to.
[23:39]
B
Tell, like you would just see on a block explorer that the NFT had been recently transferred. Is that what it is?
[23:45]
A
Or the agent itself is an ERC721 token. So like, essentially like if I am the owner of that agent, if I transfer it, people will see where I transfer it. Like, the problem is that like a lot of these agents actually, like, the services that they offer are off chain, for example, right? Like, for example, the example I mentioned before, like the image generation service there. Like you are not like asking a bot to like do a swap on a dex. You are asking like a bot to like produce some images, right? So like what could happen is that like the bot behind the identity that actually generate that image, like maybe swapped, right? And you may get like a bad service. So this could happen. But actually like the reputation is there to like disincentivize this behavior. Because, like, if you do like, your reputation will start going down. And then like already the way that people find which agents are on a 2004 and which are good is through like 8004 scan or like a scanner that ranks them based on their reputation or like some search agents that also get the reputation signal. So if your reputation signal goes down, like people will not use you.
[25:19]
B
So yeah, so I need to understand this because. So the agent itself is an off Chain entity. But you said that somehow they become the nft. But then you also said it is possible to swap out the bot. So like explain that part.
[25:35]
A
Yeah. So you should think about the entry on the identity registry, like the ERC721 with the file, which is the registration file, as a passport. Right. So that's the password for the agent. It also has the address of the agent where people can find it. But it's not the agent, it's the passport of the the agent. Right. Then behind it there is an agent or a service or an API which lives on a server. Basically this is in the digital world, same as a real person. The idea is that when you call the endpoint that is on the passport, then you find the actual agent that can give you the service. It's similar if you read my address on my passport, then you come and ring at my door and maybe my brother or someone else could open the door. Right. Here is the same thing. Basically, in the basic version of 804, if you are not using validation, there is no guarantee of which bot is behind that identity.
[26:45]
B
So it is possible for there to be some kind of manipulation where the reputation and the agent have been switched. And so. But the validation layer is meant to protect against that scenario.
[26:59]
A
Yeah, yeah. So the reputation always stays with the passport. Right. It's like you flip the page and you start accumulating feedbacks. Right. What could happen is that like that identity with all the reputation accumulated, then like the agents in the backend gets swapped. And then what I'm saying is that essentially there is two ways that. Actually there is a good case of swapping where you actually upgrade the agent. Suppose that a new model comes and your image generation service gets better. People are going to do that. And that's kind of a good case. Why? Having swappable agents or service in the backend is actually good. But like the attack you mentioned, like where like you swap and you try to like give a service that is very bad, it costs just like $0.01 to generate like very bad images. You're still charging $1 per call. So if this happens, there is two ways. One is kind of the economic incentive that like your reputation will go down and then you will go down on every like search engine and then you will basically lose the traffic that you have, so you lose revenues. And then the other one is like once the validation registry is live, there is going to be like some cryptographic proof, like you can prove that like a specific agent like is running into that server attached to that identity. And the output can be proven on the validation registry. If you swap and you upgrade the model, that will be also visible. So it's essentially like this is kind of the cryptographic insurance case, which I believe it's a bit more costly than just relying on reputation. But I believe that like, if the use case is not like an image generation, but like a medical diagnosis of like your X rays for example, then you may want to like have these like higher and pay for these higher level of assurance. So yeah, both are important, but they solve that problem that you were mentioning.
[29:05]
B
Yeah, so I think like what I was talking about, where the agent gets swapped out. Yeah, I think you're right. Like for image generation generation or medical diagnosis, it may not matter so much. But if. Cause, you know, I'm, I'm seeing these people on Twitter who are like, oh, I gave my bot a thousand dollars and now to, to trade, to trade. And it's already made me like 50,000 or you know, whatever. And so if people are like hiring this trading bot and you give it money, there's a possibility it would just steal your money or I don't know anyway, but okay, okay, so, so I think like we, we basically understand like how at least the reputation gets established and that we're ensuring that, you know, it's legitimate that somebody who actually had an experience is giving that feedback. Is that feedback human readable or is it only readable by another agent?
[30:01]
A
Yeah, this is a great question. So in the design of the standard we were intentionally minimal. So the only thing we actually impose is some very basic structure of some mandatory fields that the feedback must have, which essentially he needs to have the agent ID of the agent that this feedback is referring to. Then it needs to have a value, like a numerical value, and then he needs to have a tag that explains what this value is rating. And then there can be other additional tags. But the idea is that the 8400 reputation registry and the feedback is not a reputation system. It's not like a five star system like that. It already has all the rules specified, is basically a standard data structure that builders can use to build different type of reputation. The example we were making before is maybe with Maltbook, you need one type of reputation, then you have Marketplace, it needs another type. You have Mult, Airbnb. I don't know where this AI will go to sleep, but essentially people can build this. The standard is very minimal. It just makes sure that everyone using blockchains for agent reputation uses the same stuff.
[31:42]
B
So Basically, it sounds like it's not human readable, it's just something.
[31:50]
A
Oh, yeah, yeah. To answer that question, yes, it is. Like as part of this, then there is additional fields where you can actually leave a text review. My point with saying it's not a reputation feedback is like a standard, like data for reputation is that people can choose. Like some feedbacks will be human readable, some will not, some will be encrypted, right? And then like, maybe only just like a specific subset of people as like the key to like read those feedbacks. All of these are possible.
[32:29]
B
And then actually just going back to what I asked earlier about somebody swapping out the agent, you. You gave that example of, you know, someone could go to your home, but if your brother opens the door, it's not you. What is like an address for an agent? Is it just the IP address? Because, you know, people travel or they move or whatever. So. So like, how do you even identify the agent on. On the other end?
[32:55]
A
It's not an IP address because like those can change. But it's like a URL, for example, like RPC nodes for blockchain. But essentially like if you are not running your own node, in order to like send a transaction to like the blockchain, you need to call like a service. And the way you call it is like by calling a URL, like you do a web request. So here is the same one example I can make is suppose that like we, the 8004 team, were to make like a search agent, right? We have the website8004.org right? The URL. Then essentially we can have like a server which runs essentially like the API of these agents, like uses like our URL and is for example, like search agent.8004.org right? And then essentially people can, like that's the address where like if they send a call there, then our search agent responds and maybe it gives them like the top 10 agents on.
[34:02]
B
And then the last question I wanted to ask about the reputation piece is, you know, you talked about like the different types of feedback and how you can even put text in that. But where is all that stored? Because I imagine if these bots are working as quickly as it seems like they can, and they, you know, they don't sleep, so they work overnight. Like they will probably get a lot of reviews very fast. And that is a lot of data storage. So. Yeah, where do you store all that?
[34:28]
A
Yes, there is some mandatory fields that I mentioned that are stored on chain and then there is like some heavier data that you can store on ipfs or like store off chain and point to it. But I guess your point is more about the latency. This is like the first iteration of 8004 that just went live. So what's going to happen is people are already building some protocols on top of it. And we've already discussed this around. If we really want to be the discovery layer for x402, for example, we probably need to be fast propagation mechanism. So there is two solutions on this. One maybe I could say if I wanted to not answer the question is that oh, L2s are fast enough, like you can use them and Ethereum will be fast enough soon. But that's not really the answer. Like, the answer is like we need some public infrastructure to like propagate reputation or information past before it settles on chain. We are actually like scoping up that project. It's kind of like a dedicated 8004 mempool. So this is one example of like infrastructure on top of 8,004 that will need to be built over the next a few weeks and months.
[35:46]
B
Okay, wow. Actually I hadn't been thinking about that, so I'm glad that you explained that because yeah, that's yet another problem that needs to be resolved.
[35:55]
A
I was just going to say that if we have that problem, we are in great shape because it means that there is so much traffic on 8,004 registries that like, you need to give milliseconds latency to like trillions of bots. I think I would really love to have that problem. But yeah, we're not.
[36:13]
B
Yeah, yeah, it's a good problem to have. All right, so in a moment, we're going to talk about the next layer, which is the validation registry and how that works. But first we're going to take a quick word from the sponsors who make this show possible. Want a chance to win $25,000 in USDC figure? A platform to earn yields, borrow against crypto and access lending markets is running a $25,000 USDC sweepstakes tied to their democratized prime product. Here's how it download the Figure Markets app using our link figuremarkets co unchainedp Deposit into a democratized prime lending pool and leave your funds there for 25 consecutive days. Every dollar equals one entry. So $1,000 equals 1,000 chances. While your funds stay in the pool, you're also earning around 9% APY paid out hourly. To learn more and enter go to FigureMarkets Co UnchainedDP, which is also available in the show. Notes if you're looking for help with crypto taxes, Crypto Tax girl is offering $100 off for Unchained listeners. They provide personalized crypto tax reports and returns and spots before April 15th are limited. Go to cryptotaxgirl.com Unchained to save $100. Once again, the link is cryptotaxgirl.com unchained. Back to my conversation with Davide. So as you mentioned before, there's also this validation registry which helps to like make independent checks. So explain you know what that is and how it works.
[37:55]
A
Yeah, so we're still working out the details of how the standard is going to look like. But the high level mechanics is that if you have agent that supports validation which is declared in the identity registry, in his passport, in his registration file, then when you call this agent then it needs to provide some validation from either like some validators if it's kind of like crypto economic staking validation mode or like post a TE attestation on chain if it's like in cryptographic TE mode. So essentially like when the service gets called, can post a validation request on the validation registry and then like for example in the case of crypto economic validation, like different validators in the network can respond. And essentially what the validation registry does is kind of like orchestrates every time there is the call, like where the validation request is or the attestation gets posted. And so basically it's a ledger where you keep appending this and they can be checked.
[39:14]
B
Okay. And it's just to check that the work was done correctly, like independently of the reviews.
[39:21]
A
Yes, exactly, exactly. So one simple example I can make is like suppose there is a simple agent which is just like a data feed. You're asking the agent give me the latest BTC price or something. It's similar to oracles, right. If you don't have the validation, it's like a centralized oracle, you need to trust it. But one way to validate it is, is essentially this service gets called post a validation request and there is let's say three independent validators that actually check from independent sources what the price is and then they basically vote on the response and then essentially they respond. It gets record into the validation service and if majority votes correct, it gets approved.
[40:13]
B
Okay. And I'm sure you know that in crypto we've seen so many different types of scams and you know, just yeah, ways to manipulate things. So like, like one of them being civil attacks like for airdrops and stuff. So what's to prevent somebody from Just spinning up a whole bunch of bots and building up the reputation of one bottom and then you know, using that bot to get some kind of, to perpetrate some kind of big scam.
[40:49]
A
Security in general, like multi agent security is like a very important issue and it's also a very nascent field because like we haven't seen these things before. Like it's a very interesting field because it's kind of in at the intersection of crypto where you have multiple parties interacting, including humans. In the past there were humans scamming each other and then now we would have bots that try to scam each other and then AI where the attack vectors for each single agent is similar to AI security today. But they haven't seen this multi agent system at scale. So security is super important. Security in 8004 will work is since there is so many vectors, like essentially we wanted to have this minimal protocol where we leave it to protocols on top and infrastructure on top of this essentially beta standard and identity standard of 8004 to do the filtering basically. So for sibil resistance there is a minimal mechanism which is like in order to submit reviews you need to pay fees reviews, even if they may be very cheap. And like the idea is that now like what's happening is that people are building like watchtowers, people are building like classification and ranking mechanism. Like the 8004 scan is like one of and there is actually two other like 8004 agents. Like there is two other like projects that are building on 8004 data. They will filter it. I guess you solve the sibyl resistance by introducing a little bit of trust in these services. But most of the infrastructure is still decentralized. So for example they're using like sub graphs, they're using like decentralized watchtowers. So like essentially you need to produce like signals around like which bots are legit and which not. And maybe right now it starts centralized, but there is like a good way.
[43:03]
B
Okay, and so a watchtower is basically some kind of surveillance system to detect fraudulent activity or something like that. Is that how to define that?
[43:13]
A
Yeah, pretty much. Pretty much. It's like basically a small network of services that like they have a policy according to which like they fetch data from these registries. There is also like I believe there is a project in the graph ecosystem that essentially like is a building this watchtower. And then what you do essentially like you measure. So for example, I can give you a concrete example. So let's say that you have an agent that you Claim it does A. You claim it's the most efficient at doing A. And then like, you charge export it. So, and how do you claim this? Because you manufacture like a ton of reviews that like, tell this to the registry and to the world. Right? So, like, what the Watchtower can do is like this. Anyone can call this service, right? So it can call this service every week or every day and then measure what is the latency in the response. They can even measure the output if this output A is of good quality or not. And then they post these metrics on chain as a feedback. So now you have a thousand feedback generated by you fake. And then every week or every day or every hour, you get reviews from this Watchtower that people trust. I mean, they don't need to trust a centralized party. The Watchtower can be decentralized, can be in tes, there is different way that you can establish trust, but then you have these trusted reviews that say that that service is actually very bad. So then what the scan or the search agent can do is like completely like, filter out those reviews, only aggregate the reviews from like, parties that they trust.
[45:15]
B
Okay, yeah. One thing that I have seen happen is let's, you know, I'm sure, you know, crypto is very tribal. So let's say that I interview somebody and then they say something negative about some coin. Um, let's just say maybe it's like XRP or something. And then like a whole bunch of accounts that are pro XRP start downvoting the video. They, you know, they make negative comments, whatever. What if there's something that happens like that where an agent, you know, I don't know, like, makes Ethereum more popular. And then some other chain or some other agent gets mad that, like, it, it feels like, you know, they're Pro Solana or some other chain, I don't, I don't know. And they're, they want to discredit the. The agent that is doing good things for Ethereum. Like, is that something that either could happen? And if so, like, you know, would ERC8004 prevent that in some way?
[46:25]
A
Yep. This is another good problem to have if we get into the world. But yeah, the example is. I remember, like, some time ago we were having this conversation with Vitalik around, like, oh, what would it take for you to trust the recommendation system in Twitter? Right? So essentially they need to make the algorithm that they use for processing the raw data, which is the likes, the retweets, et cetera. They need to make that algorithm public. And I mean, Maybe they can delay publication. Right? They can commit to it and then after one year, once they probably moved on to a new algorithm, they can publish it. And then you need to have proof that the input data that the algorithm was using at that time is actually real and not fake. Right. So if we have these two things, then you can prove that that system was not manipulating information like 2004. This comes from the get go, everything included. Right? So the data is verified by the chain, like the feedback are posted on chain. And then like if there is these massive feedbacks, then like people that actually like build a reputation, as I was saying before, they can make their algorithm which is acting on public data also verifiable. Right. They don't need to disclose it, but they, they can at least like make it verifiable. And this is essentially how you get like verified, like reputation ranking on top of 8004 data.
[48:15]
B
Okay, and then the last piece is. And maybe this is not so like I haven't used Openclaw, but I've used, you know, just the normal AIs that people have been using and so frequently I realize that the reason I'm not happy with the outcome is because my instructions were bad. So how does ERC8004 prevent a situation where the feedback is negative simply because either the agent or the human didn't kind of like, you know, give the right instructions or didn't have their request, you know, be like specific enough or something.
[48:57]
A
Yeah, we cannot prevent that, but we are not in that business in the sense like from some feedback you actually want this variation because people preferences are different. So they are going to like more. Some features, don't like more others. But it's not a game where every review needs to be correct. It's like a statistical game. The average needs to be informative. Basically what we are trying to do is extract a signal about the quality of these agents or services from a noisy sea of like reviews, people with different preferences, et cetera, et cetera. So like essentially like basically as I said, we are not in the business of like ensuring every view is correct. Like people can complain like the same way they do today, like on different sites, but if your product is good, like your average is going to be 4.9, right? Like you're going to have like a bunch of wants from like random people. But like, and as you get More reviews that 4.9 is going to be like even harder to move. Right? So the same kind of like dynamic will be applied here.
[50:12]
B
So as you mentioned before, this standard works on Ethereum. I also saw a tweet saying that you're onboarding 18 chains in two weeks. So I'm assuming is that like will it work on every Ethereum L2, will it work on EVM compatible chains or not? Explain which chains this will work on.
[50:34]
A
Yes. So we started on Ethereum Mainnet and then now the standard is spreading to all the major L2s. There is many L2 systems on Ethereum, so but the major ones it's on all of them on EVM chains. Actually it's very straightforward because you can deploy exactly the same contracts as we have. But there is even some non EVM chains that are implementing the same data structure but in their own language. Now we are doing these launches to L2s. February is also like we are really focused on also agent launches. We want like these registries to be populated with like really good agents that work and we have a few builders in the 8004 community and like fortunately like people are loving the standard and there is like more coming online. And then like in one month at the end of like these we're calling Genesis month, then we'll have an event which will live stream that essentially we will celebrate the beginning of 8004 and showcase all the coolest projects that are already live online. And then after that essentially we start working on these infrastructure on top of 8,004 that I mentioned, supporting projects that are building it and then also focus a little bit more on reputation, helping teams that are bringing good reputation signal into the system, kind of like bootstrapping the entire thing. So yeah, I just wanted to give a plug on this.
[52:27]
B
Could it end up where an agent has reputation on more than one chain? So they have it on Ethereum layer one, they have it on base, they have an Arbitrum. Is that how that will work or will it. If they're on multiple chains, will they only have the reputation on one or how does that all work?
[52:47]
A
Yes, it can. Like an agent can be registered on for example Ethereum and Arbitrum. And actually the protocol also allows you in your registration file on both chains you can list all the registries where you're listed. So in this case let's say you register on Ethereum, then you register on Arbitrum and you also like in the registration file you also like say that you're registered on Ethereum, then you can go back to Ethereum and add that you're also registered on Arbitrum. So like essentially now like everywhere your agent is then from his Passport, you can read that, like all the chains where it is. And the reason why this is important is because, like, if it's the same agent, the same endpoint that it's responding, you may want to aggregate reviews. Let's say that you may want to aggregate reviews. And so we designed this part of the identity Registry to make it easier. But in reality, I think what's going to happen is that from the user side, you will not even see this, because if you go to a scan for 8004 or if there is a search service, which there is already a few online, they will do this for you. So they will aggregate it for you and they will filter it for you, as I mentioned before. But the important thing is that there is only one registry per chain. So that's why we have scheduled deployments, because the 8004 registry on Ethereum is one, it's a singleton, and same like on Arduino is one.
[54:30]
B
Yeah, and maybe you could filter, like, if you plan to use that agent on base, you could filter for all the base reviews, you know, just in case the chain matters or something.
[54:41]
A
Yeah, yeah, yeah.
[54:43]
B
So, so we've discussed all this and you did allude to how X402 can be used for the actual payment part, but you maybe just like talk a little bit about that moment. So basically, you know, my agent is vetting another agent, it reads the reviews on the registry, it decides, okay, this is, you know, the best agent that we can get. And then, you know, I don't know if the X402 standard is like connected in some way or if it's just separate or you know how that part happens.
[55:19]
A
Yeah, so xflow2 is complementary but is not necessary. So essentially, like on 8004, when you find like an agent or service, you can send a request and the request could be free. The agent could respond to you just for free. They could ask for you to pay fiat, like to some account. Yeah, they can ask whatever. Basically what x402 does is it ties the payment to the request and it makes it very easy for the service or agent to, for example, charge or update the price. So like, essentially with X402, what will happen is that, like, you send me a request, I'm the agent, I give you a response, telling you, hey, this service costs 1.83 cents or like 1.$83. And then like, I'm only going to answer you if you provide like, assigned, like payment, which is for exact that amount to my address. So like, basically it makes like and then let's say that, like, someone else sends another request, which is harder. You can. You can put a different price in the request itself, so it makes metering easier. It ties the payment to the request so that then, like, you can. You have immediately, like, a proof of payment that you can already use. So it's just like a nicer way of, like, having a payment infrastructure, but, like, you could also, like, just send to, like, the agent wallet, if that's like, how that agent is set up to.
[57:03]
B
All right, well, this has been so interesting. I'm sure your life has just been crazy the last few weeks. And I'm so curious, like, you know, because you've been working on this for a few months, and you probably had your own vision for what you thought it would look like. And then this whole openclaw thing happened right at the time you launched. And so I'm just wondering, you know, you've probably heard a lot of stories of how, you know, either agents or whatever, you know, how ERC8004 is being used already. You know, I have heard about some agents, like, for instance, you know, using BankerBot to, like, do trading and then Clanker to launch meme coins and, you know, all kinds of stuff. So I'm just curious for you, like, what has been either really fun for you to hear or, like, very unexpected, you know, in terms of the behaviors you're already seeing amongst agents and ERC 8004.
[57:59]
A
So it's been a crazy journey actually, since the beginning. Like. Like, we actually published the spec for 8004 in August, like, on August 15th. And I honestly was thinking before that, like, okay, it's going to take a few months for people to even notice this. We're going to basically build this standard, and then maybe in a few months people will realize that this is useful, et cetera. And then almost immediately, people were like, okay, this is very interesting. I think people were tired of these previous wave of crypto AI projects where essentially you just have some bot of chain or on Twitter and then a meme coin. And they were like, okay, it seems that these people are doing something valuable and interesting with the chain. And so a community immediately formed. And this was actually quite important. And part of the success of 8004 is related to this because since the beginning, we were able to test the contracts with the community on testnets. They were helping us deploying their agents and bots and finding bugs. So this has been actually the most, on the one hand, crazy because we were not ready, essentially when I started I didn't have my team, I was just starting the team. So I was essentially building the team and then running after the community at the same time. So it's been a crazy few months, but I think this community has been the most rewarding part with so many contributions coming from really dozens and maybe more than 100 different organizations, big and small. So really thankful for that and thankful for all these people that helped us along the way and that today are among the first projects adopting it. So my hope is that we can really give back to them by really make this kind of very useful and use the standard and they can also be successful. So in terms of the agents, I've seen specific agents that are interesting and some of them we've already seen and we've helped them build. So there is defi agents, there's some interesting agents doing basically stablecoin yield rebalancing and they're using definitely DK proof to verify that a specific agent is taking actions related to your policy. So this is really interesting. Then there is some off chain services, for example research bots that have access to data feeds and then you can ask it questions. And then there is a bunch of, as I said before, Watchtowers infrastructure related things. And then Redstone, which is one of the main Oracle providers, they also register some of their Data Services on 8004. I think Chainlink may be following. So essentially now we're in the phase where we are trying to build this mass of valuable agents and services. But the thing that I'm most excited about is once we have this mass then interesting thing can start happening, right? Like you can have like the multiple version of like where different services can start to talk to each other and kind of service each other. And I think that's where really the magic of 8004 that you cannot have in a smaller like centralized service can be realized.
[62:02]
B
All right, last question for any developers out there who are, you know, they have their own agent or just anybody who has their own agent and they're thinking up, you know, some business ideas. What would you advise them if they're Interested in using ERC8004?
[62:18]
A
So like you can go to8004.org there, there is like the list of all the main Services, the main SDKs that you can use is like really easy and anyone can deploy like with one line of code. There is also the list of like the 8004 scan and other scanners that also have some service where like you can actually deploy your agent like from a UI and then there is also information there on the builders group. If you are a builder. Like, we have like a Terragon group with the community. It has like more than 2,000 members and is very active. And you get all the latest information from the team team and then also from other people that are launching cool stuff. So you're not building alone. You can build and then show to fellow builders and people help each other. So 8004. And then you can follow me on Twitter. It's like Darby the Crappies. You can follow Austin Griffith on Twitter. He's doing a lot of 8,004 experiments lately. Yeah.
[63:23]
B
Okay, great. And like I said, if you haven't listened to the Uneasy Money episode from yesterday, I highly recommend you do, because there's a lot of funny stuff that got revealed about some of the things that his AI agents were doing and even on the Metamask side, their experience interacting with one of his agents. So, anyway, highly entertaining. I have absolutely loved this. I learned so much. So, yeah, thank you so much for coming on Unchained.