back to the lobby

Identity, Integrity, and Accountability, cryptographically provable.

The DMV for AI Agents

CIRISVerify issues the driver's license (identity), performs the vehicle inspection (integrity), and tracks insurance (accountability). Without it, any agent could claim to be anything.

Every Agent Needs Three Things

Just like every car on the road.

CIRISVerify is the trust anchor for the CIRIS ecosystem. Hybrid Ed25519 + ML-DSA-65 dual-signature cryptography as a day-1 standard: classical security from hardware, quantum resistance from software.

1 · Driver’s License

Identity & Signing Key
A hardware-bound hybrid signing key (Ed25519 + ML-DSA-65) that is the agent’s identity, held in FIPS 140-3 secure hardware (TPM, Secure Enclave, Android Keystore, YubiKey). Both signatures must verify. Cannot be forged or transferred.

The key doesn’t represent the identity. It is the identity.

2 · Registration & Inspection

Software & Hardware Integrity
Every file in the agent distribution is SHA-256 hashed at build time and stored in a signed manifest. At runtime, CIRISVerify validates files against this manifest. Any modification, even one byte, triggers forced shutdown.

Software-only environments are capped at community tier.

3 · Insurance

Accountability & Licensing
Tracks the human-in-the-loop accountability chain: which organization deployed this agent, which licensed human is responsible, what capabilities they’re authorized to use, and mandatory disclosure shown to every user.

Unlicensed agents can operate, but cannot perform professional services.

The cryptography is not the point. What it protects is: every consequential decision becomes an accountable record that survives independent verification, instead of something you are asked to trust.

Multi-Source Validation

CIRISVerify doesn’t trust a single source. HTTPS endpoints at independent domains are authoritative; DNS provides advisory cross-checks. If sources disagree, the agent is restricted. Anti-rollback protection tracks the highest-seen revocation revision and rejects any decrease.

The Constitutional Kill Switch

The last-resort power to halt a CIRIS agent does not live with the company, the network, or the agent. It lives with named humans. Each holder carries a pair of hardware keys: a FIPS 140-3 security key for the classical signature, which also seals the material for a second device that carries the post-quantum signature. To fire the halt, a majority of the holders (2 of 3) sign the command on their hardware. The command carries hybrid Ed25519 + ML-DSA-65 signatures, so it cannot be forged, replayed, or faked, even by a future quantum computer, and no part of the network can grant, revoke, or override it.

We designed for the worst case: an AI that attacks its own off-switch by going after the people who hold it. The constitution defines a live quorum, so even if most holders are lost, one reachable survivor can still pull the plug.

Unified Attestation

Key Attestation

Is this license real? The agent’s signing key is validated: portal-issued or ephemeral, hardware-bound or software-only. A random challenge proves possession.

File Integrity

Has this car been modified? CIRISVerify fetches the build manifest from CIRISRegistry and SHA-256 verifies every file. Full checks at startup, random spot checks at runtime.

Source Validation

Let me run your plates. Multiple independent sources (HTTPS US, HTTPS EU, DNS US, DNS EU) are queried. If they disagree, that’s suspicious. The agent is restricted.

Attestation Levels

The unified attestation produces a trust level based on how many checks pass.

5 · Full trust

All checks pass

4 · High trust

Minor issues (DNS advisory disagree)

3 · Medium trust

Some checks failed

2 · Low trust

Multiple failures

1 · Minimal trust

Most checks failed

0 · No trust

Critical failures (tampered binary, broken audit)

CIRISPortal

Agent Administration

CIRISPortal is the web interface where administrators issue driver’s licenses, register vehicles, and manage insurance records for AI agents. Register agents, generate Ed25519 keypairs, issue licenses with capability grants, and respond to incidents, all with complete audit trails.

Agent Registry

Register and track AI agents by SHA-256 hash. Issue identities backed by hardware-bound keys. Every registration is cryptographically logged.

Build Integrity

Register builds with Tripwire file integrity manifests: 907+ file SHA-256 hashes per build. CIRISVerify validates agents against these manifests at runtime.

License Management

Issue and manage licenses with capability grants (medical, legal, financial). Track the full accountability chain from organization to individual human.

Key Custody

Generate hybrid Ed25519 + ML-DSA-65 keypairs with AES-256-GCM envelope encryption. Self-custody or portal-custodied, your choice. The post-quantum half ships today, not on a roadmap.

Incident Response

Emergency shutdown and mass revocation controls. Suspend licenses, recall registrations. When something goes wrong, the system responds in seconds.

Audit Reporting

Generate reports aligned with SOC2, HIPAA, and GDPR frameworks. Complete audit trail of all administrative operations. Every action is logged and attributable.

Identity Activation

Community

$1.50 · per agent identity
Issuance fee $0.50
Identity bond $1.00
Monthly Free
Up to 5 agents
Hardware-bound identity
Basic verification
Cryptographic audit trail
Community support

Activate Now

Professional

$15.00 · activation + $10/agent/mo
Issuance fee $5.00
Identity bond $10.00
Monthly $10.00/agent
Up to 50 agents
Steward-backed verification
Signed licensing chain
Capability authorization
Support SLA

Contact Sales

Enterprise

$125.00 · activation + $100/agent/mo
Issuance fee $25.00
Identity bond $100.00
Monthly $100.00/agent
Up to 500 agents
Formal attestation support
Audit log anchoring
Audit documentation (SOC2/HIPAA/GDPR aligned)
Incident investigation support

Contact Sales

Safety-Critical

$1,250 · activation + custom monthly
Issuance fee $250.00
Identity bond $1,000.00
Monthly Custom
Unlimited agents
Enhanced accountability
Forensic audit support
Regulatory attestation support
Priority infrastructure

Contact Sales

How Identity Activation Works

Issuance Fee

A small, non-refundable fee that covers registry infrastructure and prevents identity churn. Per agent identity, not per organization.

Identity Bond

A per-identity stake for Sybil resistance. Forfeited on revocation. Admin can issue manual refund for properly decommissioned identities.

Monthly Assurance

Paid tiers include steward-backed validation, audit documentation, and enhanced accountability support. You’re paying for accountability, not capability.

Post-Quantum Ready

Every response includes dual signatures: Ed25519 from hardware for classical security and ML-DSA-65 from software for quantum resistance. Both must verify. This is day-1 infrastructure, not a roadmap item.

Classical

Ed25519 (hardware-bound)

Post-Quantum

ML-DSA-65 (FIPS 204)

Transparency

SHA-256 Merkle tree log

Anti-Rollback

Monotonic revision tracking

Platform Support

Desktop & Server

Linux (x86_64, ARM64)
macOS (Apple Silicon, Intel)
Windows (x86_64)

Mobile

Android (ARM64, ARM32, x86_64)
iOS (ARM64 + Simulator)

Python (PyPI)

pip install ciris-verify
Python 3.10–3.13. Platform-specific wheel includes the correct Rust binary automatically.

CIRISVerify provides cryptographic attestation under defined threat models and does not guarantee absolute security. The capability is the same whether licensed or not. The difference is accountability, and with CIRISVerify, that accountability is cryptographically attestable.

CIRISsafe by structure · open by principle · kind by design