I like this direction, but I don't think the crypto angle is necessary or practical in an enterprise / corporate setting. Current audit and compliance frameworks don't leverage or really recognize or encourage cryptographically based proof of action, so I don't see the agentic world as needing this to drive agentic adoption.
The problem is any non-cryptographic proof can be spoofed at infinite speed. Which really defeats the whole stack.
If you are inside a trusted network then yeah, maybe you don't need any of this. Then again, maybe you do, it's not like inside of an intranet we let human users go wild without cryptographic authentication...
This resonates with something I've been thinking about a lot. The current agent ecosystem has a massive gap: we give agents access to tools and skills, but there's no standardized way to verify what those skills actually do before execution. It's like running unsigned binaries from random sources.
A human root of trust is necessary but not sufficient — we also need machine-verifiable manifests for agent capabilities. Something like a package.json for agent skills, but with cryptographic guarantees about permissions and data access patterns.
The accountability framework here is a good start. Would love to see it extended with concrete permission models.
However, everything else you lay out is spot on.
If you are inside a trusted network then yeah, maybe you don't need any of this. Then again, maybe you do, it's not like inside of an intranet we let human users go wild without cryptographic authentication...
A human root of trust is necessary but not sufficient — we also need machine-verifiable manifests for agent capabilities. Something like a package.json for agent skills, but with cryptographic guarantees about permissions and data access patterns.
The accountability framework here is a good start. Would love to see it extended with concrete permission models.