ERC-8004 Goes Mainnet: Ethereum's Trust Layer for AI Agents

Jan 28, 2026

ERC-8004 announcement

When AI agents cross organizational boundaries, a question emerges: should I trust this agent?

Agent registries are clearly a sought-after solution. NANDA’s A Survey of AI Agent Registry Solutions covers the emerging landscape: MCP Registry, A2A Agent Cards, AGNTCY, Microsoft Entra Agent ID, and their own AgentFacts. SSI trust registries are another candidate.

The Ethereum ecosystem, together with Consensys, Google, and Coinbase, also came up with a solution. ERC-8004 adds on-chain registries for agent identity, reputation, and validation. And it’s going live on mainnet:

ERC-8004 is going live on mainnet soon.

By enabling discovery and portable reputation, ERC-8004 allows AI agents to interact across organizations ensuring credibility travels everywhere.

This unlocks a global market where AI services can interoperate without gatekeepers. https://t.co/Yrl0rvnSxj
— Ethereum (@ethereum) January 27, 2026

For implementation details, see the full specification.

Why This Matters

A2A solves agent discovery and communication, but assumes usage within trust boundaries. As co-author Marco De Rossi writes: “Web3/trustless use cases were ignored. Discovery and trust assumptions were overlooked.” The same goes for MCP servers.

When agents cross organizational boundaries, DNS and TLS aren’t enough. You can discover an agent. You can talk to it. But can you trust it? Can you verify its track record? Can you validate that its outputs are correct?

ERC-8004 adds three registries to solve this:

🪪 Identity

Agent gets an NFT (ERC-721) linking to flexible endpoints: A2A, MCP, ENS, DIDs, AGNTCY Open Agent Skills Framework, wallets on any chain

⭐ Reputation

Signed feedback with tags for context, no single aggregate score

✓ Validation

Agents request verification, validators respond on-chain. Methods: stake-secured (EigenLayer), zkML, TEE (Phala, Near.AI), trusted judges

The Trust Flow

An example flow through the three registries. x402 is mentioned in the spec but orthogonal to the protocol. On desktop, the diagram shows best-effort example requests and responses (not every implementation detail was cross-checked).

ERC-8004 + x402

Request

—

Response

—

Domain Verification

Since endpoints can point to domains not controlled by the agent owner, ERC-8004 includes optional domain verification. Agents can prove control by publishing /.well-known/agent-registration.json on the endpoint domain.

Users can treat the endpoint as verified if the file is reachable over HTTPS and includes a registrations entry matching the on-chain agentRegistry and agentId.

The supportedTrust field is optional. If absent, ERC-8004 is used only for discovery, not for trust.

Open Standards, Industry Leaders

The authors are industry leaders shaping agentic AI infrastructure:

Author	Angle
Google (Jordan Ellis)	A2A open standard (AAIF/Linux Foundation)
Coinbase (Erik Reppel)	x402 open standard for agent payments
Consensys (Marco De Rossi)	Permissions toolkit for agents and L2s
EF (Davide Crapis)	Mainnet deployment, “dAI” team

This coalition represents convergence on interoperable agent infrastructure.

One Standard, Many Chains

ERC is a standard, not a chain lock-in. Deploy on L2s (Base, Arbitrum) for low gas, permissioned Besu for enterprise, or mainnet for censorship resistance. That said, scattered registries across chains would defeat the purpose of a unified trust layer. The mainnet deployment matters because it establishes a canonical registry.

An agent registered on chain A can still operate and transact on other chains. The identity is portable.

Limitations

The spec is honest about what ERC-8004 can’t solve:

Sybil attacks are possible: fake agents inflating reputation. The protocol makes signals public and filterable by reviewer. Reputation systems built on top can add trust scoring for reviewers.
Capability verification: the ERC cryptographically links the registration file to the on-chain agent, but can’t guarantee advertised capabilities are functional or non-malicious. That’s what the three trust models (reputation, validation, TEE attestation) are designed to address.
Audit trail integrity: on-chain pointers and hashes cannot be deleted, ensuring permanent records.

What’s Next

ERC-8004 won’t solve agent trust alone. It’s one of several emerging approaches to portable agent identity and reputation, with the distinct angle of on-chain settlement and composability with existing Web3 primitives.

For those building multi-agent systems, this is infrastructure worth watching. For all the details, see the full specification.