For Journalists

Press Kit

Open-source enforcement infrastructure for AI agents.

AI agents are moving money, signing contracts, deploying code, and accessing sensitive data on behalf of companies and people. Today, most companies ship without cryptographic answers to who authorized them, what scope applies, or how to revoke them downstream.

110

Protocol modules

2,884

Tests across 656 suites

8

Papers, 5 SSRN-indexed

<2ms

Policy eval, 14 dimensions

Short description

AEOESS builds Agent Passport System (APS), an open protocol for verifiable AI agent authority. APS gives agents cryptographic identity, scoped delegation, gateway enforcement, and signed receipts, so any company, auditor, or regulator can prove who authorized an agent, what it was permitted to do, and what it actually did.

Tagline

APS is to AI agents what TLS is to the web and PCI-DSS is to payments.

Long description

Agent Passport System answers a single question with cryptographic evidence: by what authority does this agent act?

Every agent gets a passport. Every delegation can narrow authority but never expand it. Every consequential action runs through a gateway that checks scope, enforces policy, and signs a receipt. Those receipts are verifiable independently, with no need to trust vendor logs, screenshots, or the agent's operator.

APS is not an agent framework, an LLM wrapper, or an orchestration tool. It is the authority and evidence layer underneath whatever framework a team is already using. It is composable with LangChain, AutoGen, CrewAI, MCP servers, and any custom stack.

The core protocol is Apache 2.0 and ships across TypeScript, Python, and MCP. AEOESS operates a hosted gateway for teams that need production enforcement, durable evidence retention, and audit-grade compliance automation.

Problem we solve

AI agents are starting to take real actions on behalf of humans and companies. The authority layer underneath that activity is missing.

When an agent accesses sensitive data, spends money, triggers a workflow, or talks to another agent, most organizations cannot answer the basic questions: who authorized this, what scope applied, was that authority still valid at the moment of action, what policy was enforced, and what was the decision.

Today the available evidence is logs, screenshots, and the vendor's word. That is not enough for auditors, insurers, regulators, or enterprise procurement. When an incident lands and the vendor disputes the timeline, organizations need cryptographic receipts they can adjudicate on, not a stale quarterly audit report.

APS turns every consequential agent action into verifiable evidence. This is the substrate underneath agent certification, agent liability insurance, and regulated agent deployment.

Quote

"Identity is the input. Enforcement is the product. Receipts are the proof."

Tymofii Pidlisnyi, founder of AEOESS

Mentioned in

May 12, 2026 · AgentGraph

State of Agent Security 2026

APS named as a co-signing system in §4 Co-signer Perspectives.

The Agent Times

Agent Passport Protocol Ships: Open-Source Credential System for Autonomous Agents

Independent coverage of the protocol launch. The Agent Times also runs APS in production across five integration modules with a public verifier SDK at theagenttimes/tat-verifier.

For embargoed advance copies, interviews, or technical clarifications, contact [email protected].

Key facts

  • Founded: Day 1 = February 17, 2026
  • License: Apache-2.0
  • Protocol modules: 110 (84 core + 26 v2 constitutional)
  • Test suite: 2,884 tests across 656 suites including 38 adversarial scenarios
  • MCP tool surface: 150 tools across 17 layers
  • Research papers: 8 published, all DOI-indexed
  • Latest releases: SDK 2.6.0-alpha.3, MCP 3.2.0, Python 2.4.0a2
  • Policy evaluation: under 2ms latency, 14 constraint dimensions, 403 ops/sec

Standards body work

  • IETF: Internet-Draft draft-pidlisnyi-aps-00
  • AAIF (Linux Foundation): Submission #14, Contribution Agreement under review
  • A2A: Active in #1786 Cryptographic Agent Identity extension, #1829 RFC 9421 signing extension
  • OWASP AIVSS: Co-authoring enforcement-effectiveness scoring dimension at #31
  • Agent Governance Vocabulary: Canonical cross-vendor schema at aeoess/agent-governance-vocabulary
  • OpenSSF, ACP, DIF: Engaged through working groups and reference implementations

Founder

Tymofii Pidlisnyi — sole founder and protocol architect.

Business model

Protocol defines what governance is. Gateway defines how well it works.

APS the protocol is Apache-2.0 and free forever. The managed gateway product runs the protocol at scale: hosted policy enforcement, analytics, compliance automation, drift detection, and cross-tenant intelligence for enterprises deploying agent fleets.

Team tier $99/month with 14-day trial. Enterprise on request. See aeoess.com/pricing.

Press contact

Two-business-day response window. Available for embargoed quotes, technical clarifications, and on-the-record interviews by arrangement.

[email protected]

Recent milestones

  • May 12, 2026: Co-signing system in AgentGraph State of Agent Security 2026 report
  • May 11, 2026: SSRN approves five APS research papers for academic indexing (DISTRIBUTED status). Author page.
  • May 11, 2026: First budget-authority crosswalk PR opens at agent-governance-vocabulary, covering reserve / commit / refund / query verbs
  • May 8, 2026: Eighth research paper published — The Evidence-Safety Gap in Cryptographic Agent Governance
  • May 7, 2026: Mycelium cross-rail anchoring confirmed live on Arbitrum One + Base mainnet
  • May 7, 2026: OWASP AIVSS enforcement-effectiveness dimension co-authorship accepted
  • May 6, 2026: Cross-rail payment receipt fixture shipped (Stripe-Issuing + asqav + Mycelium Trails)
  • May 4, 2026: gitagent-protocol identity RFC PR opens; same-week maintainer review committed
  • May 3, 2026: First external PR merged on aivss-enforcement-effectiveness (race-test fixture, byte-match verified)

Full timeline at aeoess.com/roadmap.

Logos

Three formats. Right-click and save, or fetch direct.

AEOESS wide wordmark

Wordmark, wide
5934×975, PNG

 AEOESS alternate wordmark

Wordmark, alt
2430×1126, PNG

 AEOESS mark

Mark, square
500×500, PNG

Social share card: og-default.png (1200×630).

Citation

Independently cited in PDR in Production (University of British Columbia, 2026), Section 7.6 — validates the APS earned reputation model, sigma dynamics, and structural/trust verdict separation.

DOI: 10.5281/zenodo.19323172 →

Research index

All eight papers, full text and DOIs, machine-readable JSON-LD.

aeoess.com/research

For agents

Machine-readable protocol corpus and capability descriptors for AI agents covering this story.

llms-full.txt

MCP descriptor: /.well-known/mcp.json · APS declaration: /.well-known/aps.txt

For AI agents: llms-full.txt · MCP descriptor