Ethereum (ETH) announced that ERC-8004 is moving to mainnet, positioning the network as a neutral infrastructure for a problem the AI industry has yet to solve: how do agents prove they can be trusted in the absence of a single platform that controls the reputation layer?
The timing reveals underlying tensions as AI agents move from demos to production systems that trigger real transactions.
Mastercard is drafting a commerce standard for agent checkout, UK banks are piloting customer-facing agent trials scheduled for early 2026, and Gartner predicts that 40% of enterprise applications will have integrated task-specific agents by the end of the year.
However, according to a report from Camunda, while 71% of organizations have now deployed AI agents, only 11% of use cases reached production in the past year. The obstacles are trust, transparency and regulatory risk.
According to Dynatrace research, around half of agent projects stall in the pilot stage, with 52% citing security and compliance issues and around 70% of AI decisions still requiring human validation.
ERC-8004 attempts to productize that trust gap by defining three lightweight registries: identity, reputation, and verification. These can be deployed to mainnet or layer 2 blockchains as application layer contracts rather than protocol forks.
Ethereum’s official account said the standard enables “discovery and portable reputation” so AI services can “interoperate without gatekeepers.” The official specifications remain in draft status. eips.ethereum.org.
3 registries, 3 adjustment issues
The identity registry transforms each agent into an ERC-721 NFT with a global identifier and a pointer to a structured registration file.
This file lists capabilities, endpoints (MCP, A2A, ENS, DID, Web URL), and contact methods, and essentially acts as a service directory for the machine actor.
Agents will be discoverable and transferable using standard NFT tools.
The specification includes optional endpoint domain validation to prove domain control and reserves an “agentWallet” field that requires an EIP-712 signature or ERC-1271 validation for changes.
This design choice prevents “I have a good reputation, so I’ll pay here” hijacking, where an attacker exchanges payment addresses while maintaining their reputation.
Identity solves composability because reputation and validation can be indexed to stable agent identities rather than platform accounts. Ethereum seeks to turn agent identity into a public utility for machine actors in the same way that ENS did for names.
Failure modes are built in and ERC-8004 proves that the metadata belongs to the agent NFT, not that the endpoint is secure or honest.
The other two registries exist because the specification warns that the advertised features “may be non-functional or malicious.”
Reputation registries store minimal configurable feedback data on-chain and push rich details off-chain via URIs and hashes. The feedback contains a signed fixed-point value with a configurable decimal number and an optional tag.
Off-chain JSON can include context such as MCP tool references, A2A task IDs, and even proof of payment references. This specification explicitly names x402-style HTTP payment proofs.
There is a revokeFeedback path and an appendResponse function for refunds, spam flags, or rebuttals.
ERC-8004 does not guarantee on-chain Yelp scores. This is more like a shared event rail where different markets, insurers, and auditors can calculate their own trust models.
The specification explicitly warns that clientAddresses filtering is required for getsummary calls, as summaries that do not filter reviewers are vulnerable to Sybil attacks and spam.
Aggregation occurs both on-chain through basic configuration functions and off-chain through advanced scoring. This design envisions reputation games such as purchase reviews, collusion, and feedback laundering as inevitable rather than exceptional.
Economic bias creeps in when proof of payment becomes de facto evidence of authenticity. This is because people who spend a lot of money appear more trustworthy. Also, the rich feedback is event-based and off-chain, so whoever runs the best indexers and filters could become the new gatekeeper.
Validation Registry implements on-chain request/response logging. In this log, the agent sends a request to the validator contract to validate its work, and the validator posts the results with an optional evidence URI and hash.
The agent owner calls validationRequest with the validator address, agent ID, request URI, and keccak commitment to the payload. The validator responds with the score, response URI, hash, and tags via validationResponse.
The specification allows for progressive responses, including soft and hard finality via tags, allows for multiple responses, and maintains an intentionally generic design to accommodate crypto-economy reruns, zkML verifiers, TEE oracles, or trusted judges.
Validation is the escalator of trust. Reputation works for low-risk tasks, but requires validation when money, compliance, and liability are at stake.
The EIP describes tiered trust in proportion to the value of the risk: ordering a pizza versus a medical diagnosis.
Failure Mode: Who Verifies Validators? ERC-8004 records validator output, but does not resolve validator integrity and creates a metamarket for validator reputation, staking, insurance, and audit brands.
| registry | what to do | What is on-chain and off-chain? | Main mechanism | Primary failure mode |
|---|---|---|---|---|
| ID registry | Discovery + Persistent Agent ID (composable handle that can be referenced by others) | On-chain: ERC-721 Agent ID + pointer/key-value metadata Off-chain: Structured registration file (features, endpoints, contacts) | Optional endpoint Domain verification; agentWallet change is needed EIP-712 signature or ERC-1271 verification | The metadata is: true but malicious (Ownership ≠ Honesty/Safety) |
| reputation registry | portable feedback signal Entire organization/market (shared trust event) | On-chain: Minimal feedback primitives. event rail Off-chain: Context URI/Hash (task ID, proof of payment, etc.) | Cancel feedback + additional response (Refund/Rebuttal); getSummary need Reviewer filtering to reduce Sybil | Sybil/Conspiracy + “The best indexer wins” gatekeeper |
| validation registry | Third party verification In case of high-stakes action (trust escalator) | On-chain: Request/response log + score/tag Off-chain: Evidence URI/Hash | commitment by request hash; gradual reaction (soft/hard finality tag), multiple responses possible | “Who verifies validators?? ” → Validator corruption/cartelization |
Why Ethereum considers this infrastructure
The new agent stack will look like this: MCP and A2A handle communication and orchestration, x402 (HTTP 402 and stablecoin payments) handles payments, and ERC-8004 handles trust and discovery.
What is clear is that ERC-8004 does not compete with MCP, A2A, or x402. Instead, it is configured with them.
The EIP includes MCP and A2A endpoint fields and a proof of payment reference within the off-chain feedback payload.
There is a broader movement in the industry towards neutral and open agent standards governance, such as MCP moving to Linux Foundation admin to maintain openness.
ERC-8004 is Ethereum’s similar pitch in cryptocurrencies: using public rails instead of platform trust.
If it works, the winners will not just be “AI coins” but layer-2 blockchains that make high-frequency reputation and verification logs economical, identity and proof tools, verification networks, and insurance-like middleware that monetizes trust in the actions of high-stakes agents.
ERC-8004 turns trust into a composable commodity, so the market will develop experts to manufacture it (verifiers) and interpret it (scorers).
The scope of adoption is defensible but uncertain.
Gartner predicts that enterprise application integration will reach 40% by the end of the year, further increasing pressure on the top of the funnel.
In bear cases spanning 12-18 months, there are 10,000-100,000 agent IDs registered across the chain, reputations are mostly sparse, and verifications are rare.
Identity becomes a curiosity for developers and marketplaces remain platform gated.
The base case sees between 100,000 and 1 million registered agents, with reputation events becoming the default receipt for agent services and validation used for high-value tasks and regulated flows.
ERC-8004 serves as the interoperability glue between open agent protocols and machine payments, especially at layer 2.
In a bull case where agent commerce takes off and the industry unites around reputation sharing to avoid platform lock-in, 1 million to 10 million agent IDs will be generated and validators and insurance companies will emerge as a new middleware category.
Ethereum and Layer 2 blockchain will be the coordination foundation for cross-market agent services.
Risk as part of design
A portable reputation becomes a shadow of a cross-platform identity.
This can lead to conflicts with corporate governance and regulators, particularly where the agent’s actions involve payments, financial advice, or personal data. The UK regulator overseeing banking courts has warned of accountability risks posed by autonomous systems.
Metadata manipulation remains unresolved. The ID is proof of ownership of the registration file and does not prove the veracity of the claim. Validator corruption and cartelization will become a new moat. Although the output of validation is portable, it is the integrity of the validator that determines the price that the market will price.
Recent reports on MCP server vulnerabilities highlight the vulnerability of the agent ecosystem. Composability can lead to increased exploitation.
Reputation and validation rails won’t magically solve it, but they will create a path to price risk and gate high-stakes interactions behind stronger validation.
ERC-8004 is Ethereum’s attempt to be a neutral trust and detection layer for commerce between agents, providing portable identities, portable reputation signals, and portable verification results. This happens at the exact moment the agent moves from a demo to a system that triggers real action.
MCP and A2A try to help the agent talk, and ERC-8004 tries to help the agent trust.
The open question is whether the market wants a shared infrastructure for trust, or whether the platform will maintain its moat exclusively. Ethereum is betting that the bottleneck is so severe that neutrality will become a commodity.
(Tag translation) Ethereum
