Want to Hire an AI Agent? Check Their Reputation Via ERC-8004

Now we're in the face. We are trying to build this mass of palpable agents and services. But the thing that I'm most excited about is once we have this mass, then interesting things can start happening, right?

You can have the Maltbook version where different services can start to talk to each other and kind of service each other. And I think that's where really the magic of ERC-8004 that you cannot have in a smaller, centralized service can be realized.

Hi everyone, welcome to Unchained, your no hype resource for all things crypto. I'm your host Laura Shin. Thanks for joining this live stream.

Before we get started, a quick reminder. Nothing you hear on Unchained is investment advice. This show is for informational and entertainment purposes only, and my guest and I may hold assets discussed on the show. For more disclosures, visit unchainedcrypto.com.

Did you know that Figure is giving away $25,000 in USDC? They're a decentralized digital asset platform for earning, borrowing, and lending. Download the Figure Markets app using our link, figures.co/chainedp, deposit into their democratized prime pools and earn about 9% APY paid hourly while you enter.

Every dollar you keep in for 25 consecutive days counts as an entry. Again, the link is figures.co/chainedp for full details.

If cryptotaxes feel overwhelming, you are not alone. That's why Cryptotax Girl, a team that's been helping crypto investors since 2017, is offering $100 off on one-on-one cryptotax help. To get $100 off your cryptotax services, go to cryptotaxgirl.com/unchained. Again, that's cryptotaxgirl.com/unchained.

Today's topic is the new ERC-8004 standard on Ethereum, a standard for establishing reputation for AI agents. Here to discuss is David Krais, AI lead at the Ethereum Foundation. Welcome, David.

Thanks for having me.

So, the Ethereum Foundation just launched ERC-8004, which seems like perfect timing given everything that's happened with OpenClaw in the last few weeks. Explain what ERC-8004 is.

Yeah, the timing is super interesting. The same week we had ERC-8004 coming live to Ethereum mainnet, after many months of testing on test nets in the Ethereum ecosystem and beyond, we had the explosion of these autonomous agents that people build with this project called OpenClaw.

I feel that while we were designing ERC-8004, we were a bit forward-looking, thinking about this future where you have this mass of agents that wants to use the chain. Then all of a sudden, this mass appeared in the same week, and it's been a crazy ride since last week.

So what we did is, after Ethereum mainnet, we have launches scheduled on all Ethereum layer 2s and also other chains. So we are launching two or three chains a week. I'm usually just reposting; our team is helping with this setup.

What does launching ERC-8004 mean? ERC-8004 is essentially a set of registries. The two that are going live now are an identity registry for agents and services, and then a reputation registry.

The reason why ERC-8004 exists is because we want to use chains to enable trustless interaction between different agents or different services.

We want to use the chains not just for the payment but also for the trust that they can provide. There were some experiments of bots with wallets sending payments before, and then Layer 2 came, which is a new protocol for Asian payments.

There was a vacuum on the trust side. The idea is that if you can send trustless payments to agents or services, how do you know which services are available, and how do you know which services are good?

If we don't have a decentralized way of answering these questions, then the fact that you send payment on a decentralized ledger doesn't really matter because this internet of agents and services is still controlled by some centralized marketplace or some centralized platform. So that's why about six months ago, we started working on ERC-8004.

Yeah. Because basically commerce can't happen if people don't trust each other. So you can build all these AI agents and you can make them capable of doing financial transactions, but if they can't trust each other, then there's not going to be any commerce. So it's a really important problem.

It's so funny because if I think back to when I started covering crypto 11 years ago, people used to talk about how it was an internet of money. Ever since then, yeah, it's been used for money in different ways, but especially if you're American like me or Italian like you, you don't really need an extra way to transact.

Now the fact that crypto is an internet of money becomes so clear when you see what this is. It's just glimpses of this future of AI agents that we're seeing. But once you start to see it, you're like, right, it only works with crypto.

You kind of hinted at why this is necessary, but I'm just so curious because, as I mentioned, we've only seen glimpses, but the future of what this really is going to become hasn't arrived yet. So describe for us what you think that future will look like and when that future arrives, how the ERC-8004 standard will be used.

Yes, exactly. I think blips is the right way of putting it. There is a similar way where there is Andrej Karpathy, one of the co-founders, founding members of OpenAI, and this very well-known AI researcher that also has a big Twitter following. He was tweeting about Maltbook, which is the first example of a network built from OpenClaw agents, which is kind of like a degenerate Reddit where initially thousands and now millions of agents are just talking to each other.

Initially when he saw this, he made a post kind of exciting, and he got some bad or angry replies saying, "Oh, this is not really AI; you are legitimizing something that is just zop," and there are a lot of crypto people in there.

Essentially what he was saying in this post, in the response actually, the response to the bad responses that he got is, "You actually, this moment should tell you what the trajectory is for this multi-agent, this agentic internet. You shouldn't look at the point; it's just the first point on the line."

If you read where this thing can go, Maltbook is just the first example. There are so many directions of growth of this system because the underlying models are going to get better, more capable, and are going to do more stuff online.

People will build different types of networks, and actually the networks where Ethereum really shines is not like Reddit, where effectively it's just cheap talk. There is no real value at stake in this agentic interaction.

It's like a network similar to commerce sites or sites where agents sell their services to someone else, where there is actually a value exchange and also required to trust the party that you are sending value to.

I agree it's an initial glimpse, but if you extrapolate where we are going, the direction is clear that in a few months, we will have essentially what I think is that over the next few months, every month or so, or maybe in four months when there is a model upgrade and the capabilities improve, we'll see new types of networks, and the demand for blockchains and trust is essentially only going to grow.

But so explain, so right now, I listened to your episode with Austin Griffith on Bankless, and we also had him on our show, Uneasy Money, yesterday. People should definitely check that out because it's frankly hilarious in my opinion.

He had two bots going where they were talking to each other and kind of working on projects together. But the way that, because ERC-8004 is to establish trust when either another agent or maybe even a human behind the agent wants to use, let's say we have agent A and agent B.

So agent B or the human behind agent B wants to hire agent A, but they need to trust that agent A will do the job without scamming them, that it will do the job well, like all these things. So in those few months or even a few years from now, describe how that interaction will take place and how ERC-8004 will make it so that the agent B or their human will trust that things will go well.

Yeah. So essentially, today there is this Maltbook, which is kind of named after Facebook. Suppose that there is an agent A that does a post and says something about, "Oh, the weather is very nice today in this agent land," and then someone responds, "Yeah, amazing, let's go for a walk," but it just stays there.

I think essentially what I mentioned before is commerce networks of platforms. You can imagine that now there is Maltplace, which is like Facebook marketplace. Essentially, you let's say that agent A posts an ad saying, "I need to buy 1,000 images of this quality of this design thing," and then there is a bunch of agents like agent B responds and says, "Hey, I'm an image generation service; I'm really good at this; this is my cost, etc."

Now agent A needs to decide, "Okay, do I buy from this agent B? Do I go and find someone else?" The idea is that ERC-8004 is built for agent A to help answer this question: "Who should you buy from?"

Essentially what's going to happen is, if you get a quote from agent B, then you can go and look up agent B on ERC-8004, and let's say agent B has been selling these image generation images for many months. So in the reputation registry of ERC-8004, it has accumulated quite a few reviews about the quality of its image and the prices, etc.

You can look at this information and decide if you want to call these agents or not. I guess with agents, it's much faster than with humans. So you may also decide to maybe call the top three agents and then check what they come back with and then decide.

ERC-8004 facilitates all this, and it also works seamlessly with X42, which is kind of the payment rail for these API calls. When you choose, then you can pay, and the way you close the loop actually, if agent A is happy with the service, agent A can go on the ERC-8004 registry, it has all the information about agent B, and can leave a review, and it can also attach a payment proof, validating this review that it actually really bought from the agent.

Okay. Yeah. So it's like a verified customer review basically. One thing that I wanted to ask also was, now we described this future where ERC-8004 exists. But I'm sure that before you created this protocol, you were thinking, "Oh, without it, there's going to be all kinds of problems." Can you just describe what kinds of problems you foresaw potentially happening if this reputation layer didn't exist?

Yeah. For sure. I had been thinking about this for quite some time, and I had also seen some projects on Ethereum and around that were kind of seeing that the fundamental thesis is that the future of AI is multi-agent. There's going to be many agents, more and less powerful, and they're going to be specialized, and you're going to want to access them to service you.

There were a couple of teams, like the Virtuals protocol, that you may know, you may also have talked to them, and then there was another project called Olas. So basically what they were doing is they were creating agent registries because they were trying to organize different agents. I always bet that is interesting; the scale is not there yet, but the direction is interesting.

Then what happened is Eric from Coinbase, he's the creator of X42. I think Eric is an amazing technical leader, and he's also been in Ethereum for a long time independently. Eric was creating X42, and I felt it's a great idea; it's kind of an upgrade on the payment infra we have on chain to connect to offchain services.

I was like, "Okay, now we're going to have in a few months these really powerful payment rails for APIs." Basically, there are two other components if you want to build the internet of commerce: you need to pay, and then how do you trust, and then discovery.

The way it happens or it started happening even outside of crypto, in AI, with MCP servers, etc., the first agentic services are all on centralized registries. It's basically the same registry as ERC-8004, but it's controlled by a company and it's on a server. So it's very easy to see, especially if you have that lens coming from Ethereum.

Even X42 when it launched at the beginning, discovery was centralized. There was the CDP, the Coinbase facilitator that had 90+% of traffic, and it exposed a list of all the services that were registered on X42. Now it's already improving because there are many facilitators, and the next upgrade now that ERC-8004 is live is that even when you want to go and buy stuff on X42, you actually query the ERC-8004 registry on Ethereum or on one of the other chains where it's available to actually get the discovery, get the list of services that are available.

What happens if this is not decentralized? It's a huge choke point. You can imagine that this agentic commerce is the app store 4.0, and on the app store, Apple charges 30% fees to every app and every payment you make. That's already pretty bad rent extraction, and there is also a censorship problem because it's not just small-scale apps; there are going to be some agents that are doing services that have societal relevance, and you want the censorship resistance there.

Okay. Yeah. This is what it reminds me of is how in crypto people would talk about how something like a credit agency can be hacked and reveal people's social security numbers or something like that, and so it's a similar concept of there being a honeypot of data.

All right, so now let's talk a little bit more on the technical level about how this works. You mentioned that there's a section where you have the reputation, there's a section where you have the validation, there's feedback that's stored somewhere. Anyway, let's just explain. One piece of it is an NFT. Talk about that; that's the reputation piece. So explain how this ERC-721 token works, how it even gets assigned to an agent, just explain all the details around that reputation registry.

It's actually quite simple. To simplify, ERC-8004 is three registries. One is identity, reputation, and validation, and actually identity is the key registry. When you create a new agent, you generate an agent ID, and there is a new record on the identity registry, and then the reputation and the validation kind of point to it.

The validation actually is not live on mainnet yet because we're working on a TE validation standard that will come in a few weeks. So right now it's mainly the identity and the reputation. Essentially what happens is when you want to register an agent or service on ERC-8004, you go to the identity registry, and you send a transaction to create the agent.

The contract mints an NFT, which is an ERC-721 token. So the agent ID in the identity registry is the token ID of the NFT. The reason why is that this is already a widely adopted standard, and it was quite fitting for what we want to do because when you create an agent, that agent has an owner, and the owner can transfer ownership of the agent to others if they want in the future.

The agent itself gets assigned a wallet. The other important piece in the identity is the registration file, which is almost like the passport of the agents, where it has all the information to advertise what it is. Is it an MCP service? Is it following a specific standard? Does it have a web endpoint that people can call to talk to it or receive some service?

It also has the wallet. In the registration file, there is all the information you need to interact with this agent. That's why it's a rich identity. There can also be an ENS name attached to it, but it's just one entry in this registration file.

I misunderstood one piece that I read because I saw that the agent gets assigned the ERC-721 NFT, but I thought I saw that it can also be transferred, delegated, or updated. How do you prevent some kind of malicious event where you have an agent, and then let's say it has a bad reputation, and some person opts out that NFT that shows the bad reputation? Is that not possible, or is that possible?

No, this specific attack, everything is visible. You would be able to tell; you would just see on a block explorer that the NFT had been recently transferred. Is that what it is? The agent itself is an ERC-721 token. If I am the owner of that agent, if I transfer it, people will see where I transfer it.

The problem is that a lot of these agents, the services that they offer are offchain. For example, the example I mentioned before, the image generation service, you are not asking a bot to do a swap on a DEX; you're asking a bot to produce some images. What could happen is that the bot behind the identity that actually generates that image may be swapped, and you may get a bad service.

This could happen, but the reputation is there to disincentivize this behavior. If you do, your reputation will start going down, and already the way that people find which agents are on ERC-8004 and which are good is through ERC-8004 scan or a scanner that ranks them based on the reputation or some search agents that also get the reputation signal. So if your reputation signal goes down, people will not use you.

So I need to understand this because the agent itself is an offchain entity, but you said that somehow they become the NFT, but then you also said it is possible to swap out the bot. So explain that part.

You should think about the entry on the identity registry, the ERC-721 with the file, which is the registration file, as a passport. That's the password for the agent. It also has the address of the agent where people can find it, but it's not the agent; it's the passport of the agent.

Behind it, there is an agent or a service or an API which lives on a server. It's basically in the digital world the same as a real person. The idea is that when you call the endpoint that is on the passport, then you find the actual agent that can give you the service.

It's similar if you read my address on my passport, then you come and ring at my door, and maybe my brother or someone else could open the door. Here is the same thing. In the basic version of ERC-8004, if you're not using validation, there is no guarantee of which bot is behind that identity.

So it is possible for there to be some kind of manipulation where the reputation and the agent have been switched, and the validation layer is meant to protect against that scenario.

Yeah. The reputation always stays with the passport. It's like you flip the page and you start accumulating feedbacks. What could happen is that that identity with all the reputation accumulated, then the agents in the back end gets swapped. There is a good case of swapping where you actually upgrade the agent.

Suppose that a new model comes and your image generation service gets better; people are going to do that, and that's a good case why having swappable agents or service in the back end is actually good. The attack you mentioned where you swap and you try to give a service that is very bad, it costs just one cent to generate very bad images. You're still charging $1 per call.

If this happens, there are two ways. One is the economic incentive that your reputation will go down, and then you will go down on every search engine, and you will basically lose the traffic that you have. So you lose revenues.

Once the validation registry is live, there is going to be some cryptographic proof. You can prove that a specific agent is running into that server attached to that identity, and the output can be proven on the validation registry. If you swap and you upgrade the model, that will be also visible.

This is the cryptographic insurance case, which I believe is a bit more costly than just relying on reputation. But I believe that if the use case is not image generation but a medical diagnosis of your X-rays, you may want to have this higher and pay for this higher level of assurance. Both are important, but they solve that problem that you were mentioning.

Yeah, I think what I was talking about where the agent gets swapped out. Yeah, I think you're right. For image generation or medical diagnosis, it may not matter so much. But if, because I'm seeing these people on Twitter who are like, "Oh, I gave my bot $1,000 to trade, and it's already made me like 50,000," and so if people are hiring this trading bot and you give it money, there's a possibility it would just steal your money.

Okay. So I think we basically understand how at least the reputation gets established and that we're ensuring that it's legitimate that somebody who actually had an experience is giving that feedback. Is that feedback human-readable or is it only readable by another agent?

Yeah, this is a great question. In the design of the standard, we were intentionally minimal. The only thing we impose is some very basic structure of some mandatory fields that the feedback must have, which needs to have the agent ID of the agent that this feedback is referring to. Then it needs to have a value, a numerical value, and then it needs to have a tag that explains what this value is, rating, and then there can be other additional tags.

The idea is that the ERC-8004 reputation registry and the feedback is not a reputation system. It's not a five-star system that already has all the rules specified. It's basically a standard data structure that builders can use to build different types of reputation. Maybe with Maltbook, you need one type of reputation, then you have a marketplace, it needs another type, you have most Airbnb. People can build this. The standard is very minimal. It just makes sure that everyone using blockchains for agent reputation uses the same standard.

Basically, it sounds like it's not human-readable. It's just something. To answer that question, yes. It is. As part of this, there are additional fields where you can actually leave a text review. My point with saying it's not a reputation, feedback is a standard data for reputation is that people can choose some feedbacks will be human-readable, some will not, some will be encrypted, and then maybe only a specific subset of people has the key to read those feedbacks. All of these are possible.

Just going back to what I asked earlier about somebody swapping out the agent. You gave that example of someone could go to your home, but if your brother opens the door, it's not you. What is an address for an agent? Is it just the IP address? Because people travel or they move. How do you even identify the agent on the other end?

It's not an IP address because those can change, but it's a URL. For example, RPC nodes for blockchain, if you are not running your own node, in order to send a transaction to the blockchain, you need to call a service, and the way you call it is by calling a URL, you do a web request.

Here is the same. One example I can make is suppose that we, the ERC-8004 team, were to make a search agent. We have the website 8004.org, the URL. We can have a server which runs the API of this agent, uses our URL, and people can send a call there, then our search agent responds and maybe it gives them the top 10 agents on the learn for.

The last question I wanted to ask about the reputation piece is you talked about the different types of feedback and how you can even put text in that, but where is all that stored because I imagine if these bots are working as quickly as it seems like they can and they don't sleep, they work overnight, they will probably get a lot of reviews very fast and that is a lot of data storage. Where do you store all that?

There are some mandatory fields that I mentioned that are stored on chain, and then there is some heavier data that you can store on IP IPFS or store offchain and point to it. Your point is more about the latency. This is the first iteration of ERC-8004 that just went live.

People are already building some protocols on top of it, and we've already discussed this around if we really want to be the discovery layer for X42, we probably need to be a fast propagation mechanism. There are two solutions on this. One, maybe I could say if I wanted to not answer the question is that, "Oh, L2s are fast enough, you can use them and Ethereum will be fast enough soon," but that's not really the answer.

The answer is we need some public infrastructure to propagate reputation or information past before it settles on chain. We are scoping up that project. It's kind of a dedicated ERC-8004 mempool. This is one example of infrastructure on top of ERC-8004 that will need to be built over the next few weeks and months.

Okay. Wow. Actually I hadn't been thinking about that. So I'm glad that you explained that because yeah that's yet another problem that needs to be resolved. I was just going to say that if we have that problem, we are in great shape because it means that there is so much traffic on ERC-8004 registries that you need to give milliseconds latency to trillions of bots. So I think I would really love to have that problem but yeah we yeah it's a good problem to have.

All right, so in a moment we're going to talk about the next layer, which is the validation registry and how that works. But first, we're going to take a quick word from the sponsors who make the show possible.

Want a chance to win $25,000 in USDC? Figure, a platform to earn yields, borrow against crypto, and access lending markets is running a $25,000 USDC sweep stakes tied to their democratized prime product. Here's how it works. Download the Figuremarkets app using our link figurearkets.co/co/chained DP. Deposit into a democratized prime lending pool and leave your funds there for 25 consecutive days. Every dollar equals one entry.

So $1,000 equals 1,000 chances. While your funds stay in the pool, you're also earning around 9% APY paid out hourly. To learn more and enter, go to figurearkets.co/chainedp, which is also available in the show notes.

If you're looking for help with crypto taxes, Cryptotax Girl is offering $100 off for Unchained listeners. They provide personalized cryptotax reports and returns and spots before April 15th are limited. Go to cryptotaxgirl.com/chained to save $100. Once again, the link is cryptotaxgirl.com/unchained.

Back to my conversation with David Day. So as you mentioned before there's also this validation registry which helps to like make independent checks. So explain what that is and how it works.

Yeah. So we're still working out the details of how the standard is going to look like but the high-level mechanics is that if you have an agent that supports validation which is declared in the identity registry in his passport in his registration file, then when you call this agent, it needs to provide some validation from either some validators if it's kind of like cryptoeconomic staking validation mode or post attestation on chain if it's in kind of cryptographic T mode.

When the service gets called can post a validation request on the validation registry and then for example in the case of cryptoconomic validation like different validators in the network and respond. The validation registry does is kind of orchestrates every time there is the call like where the validation request is or the attestation gets posted and so it's a ledger where you keep appending this and they can be checked.

Okay. And it's just to check that the work was done correctly like independently of the reviews.

Yes. Exactly. So for one simple example I can make is suppose there is a simple agent which is just a data feed. It's providing you're asking the agent give me the latest BTC price or something. It's similar to oracles. If you don't have the validation is a centralized oracle you need to trust it but one way to validate it is essentially this service gets called post a validation request and there is like let's say three independent validators that actually check like from independent sources what the price is and then they basically vote on the response and then they respond they get it gets record into the validation service and if majority votes correct it gets approved.

Okay. And I'm sure you know that in crypto we've seen so many different types of scams and just ways to manipulate things. So like one of them being civil attacks like for airdrops and stuff. So what's to prevent somebody from just spinning up a whole bunch of bots and building up the reputation of one bot and then using that bot to get some kind of to perpetrate some kind of big scam.

Security in general like multi-agent security is a very important issue and it's also a very nent field because we haven't seen these things before. It's a very interesting field because it's kind of in at the intersection of crypto where you have multiple parties interacting including humans like in the past there were humans scamming each other and then now we will have bots that are trying to scam each other and then AI where the attack vectors for each single agent is similar to AI security today but they haven't seen this multi-agent system at scale so security is super important.

Security in ERC-8004 will work is since there is so many vectors we wanted to have this minimal protocol where we leave it to protocols on top and infrastructure on top of this beta standard of an identity standard of ERC-8004 to do the filtering basically. So for civil assistant there is a minimal mechanism which is in order to submit reviews you need to pay fees reviews even if they may be very cheap and the idea is that now what's happening is that people are building watch towers people are building classification and ranking mechanism like the ERC-8004 scan is one of and there is actually two other ERC-8004 agents like there is two other project that are building on ERC-8004 data they will filter it I guess you solve the civil resistance by introducing a little bit of trust in these services but most of the infrastructure is still decentralized so for example they're using sub graphs they're using decentralized watch towers so you need to produce signals around which bots are legit and which not and maybe right now it starts centralized but there is a good way.

Okay. And so a watchtower is basically some kind of surveillance system to detect fraudulent activity or something like that. Is that how to define that?

Yeah, pretty much. Pretty much is a small network of services that they have a policy according to which they fetch data from these registries. There is also I believe there is a project in the graph ecosystem that is building this watch tower and then what you do essentially you measure. So for example I can give you a concrete example. Let's say that you have an agent that you claim it does a you claim it's the most efficient at doing a and then you charge x for it.

How do you claim this? Because you manufacture a ton of reviews that tell this to the registry and to the world. What the watchtower can do is this anyone can call this service. So it can call this service every week or every day and then measure what is the latency in the response. They can even measure the output if this output a is of good quality or not and then they post these metrics on chain as a feedback.

Now you have a thousand feedback generated by you fake and then every week or every day or every hour you get reviews from this watch tower that people trust I mean they don't need to trust a centralized party that's the watch tower can be decentralized can be in tees there is different way that you can establish trust but then you have this trusted reviews that say that that service is actually very bad so then what the scan for the search agent can do is completely filter out those reviews only aggregate the reviews from parties that they trust.

One thing that I have seen happen is I'm sure you know crypto is very tribal so let's say that I interview somebody and then they say something negative about some coin. Let's just say maybe it's like XRP or something and then like a whole bunch of accounts that are pro XRP start downvoting the video. They make negative comments, whatever.

What if there's something that happens like that where an agent makes Ethereum more popular and then some other chain or some other agent gets mad that it feels like they're pro Salana or some other chain, I don't know, and they want to discredit the agent that is doing good things for Ethereum. Is that something that either could happen and if so would ERC-8004 prevent that in some way?

Yeah, this is another good problem to have if we get into that world. The example is I remember some time ago we were having this conversation with Vitalik around what would it take for you to trust the recommendation system in Twitter. They need to make the algorithm that they use for processing the raw data which is the likes the retweets etc. they need to make that algorithm public.

Maybe they can delay publication they can commit to it and then after one year once they probably moved on to a new algorithm they can publish it and then you need to have a proof that the input data that the algorithm was using at that time is actually real and not fake. If you have these two things then you can prove that that system was not manipulating information.

At ERC-8004 this comes from the getgo everything included. The data is verified by the chain