About Agent Trust Levels
Each AI agent may be assigned a Trust Level, which is how trustworthy HUMAN considers that particular AI agent. Trust Levels affect the default permissions and can help your organization set policies on allowed actions. There are three Trust Levels:
You might apply different policies to agents depending on their Trust Level. For example, if an agent has high trust, you typically grant more permissions than you would an agent with low trust. You can learn more about Trust Levels and how HUMAN calculates them with this article.
Trust Level calculation
HUMAN evaluates agents on the following:
- Evidence of abuse or bypassing controls
- Cryptographic identity
- Spoofability risk
- Behavioral consistency
- Discoverability patterns
High (H)
HUMAN assigns High Trust Levels to agents when we can verify the agent via cryptographic key on each request. Cryptographic verification eliminates spoofability and generally strengthens the agent’s validity. For example, ChatGPT exposes their key and makes it discoverable by services to verify its identity. See Web Bot Auth and their documentation for more information on implementing and using cryptographic authentication.
In addition to cryptographic verification, HUMAN may assign High Trust Levels to agents with limited evidence of abuse. HUMAN tracks each agent’s behavior and identifies any malicious activity, such as aggressive scraping, spamming, or ignoring rate limits. Agents that continuously identify themselves may also receive High Trust Levels. If an agent continuously behaves maliciously or fails to identify themselves, HUMAN may lower its Trust Level even if it’s cryptographically verified.
Medium (M)
By default, all agents are assigned a Medium Trust Level. Agents typically remain at this Trust Level if they lack cryptographic verification, but otherwise declare their identities with other signals or private indicators. However, because these agents do not use cryptographic verification, they are subject to false negatives where they may be identified as a human user instead. Due to this, HUMAN doesn’t promote these agents to a High Trust Level.
Low (L)
Agents with a Low Trust Level are unverified, easily spoofable, or otherwise exhibit characteristics that HUMAN considers risky. Agents are demoted to this Trust Level if they inconsistently or never declare their identity through some sensitive private signal to HUMAN. This also means these agents can raise false positives with abusable user agents. HUMAN also assigns Low Trust Levels to agents with previous evidence of abuse, lack of market adoption, or deprecation.
Increase Trust Levels
HUMAN continuously reviews Trust Levels using the dimensions listed above and updates an agent’s Score appropriately. Agent providers can strengthen their Trust by:
- Completing cryptographic verification and contacting HUMAN
- Maintaining transparent, consistent identity signals
- Avoiding identity obfuscation
- Not bypassing security controls or policies, like robots.txt
- Demonstrating responsible request-to-conversion behavior or net-benefit to site owners
- Avoiding credential stuffing or suspicious login probing
