Skip to main content

The Agntor Standard (SOC2 for AI)

Traditional compliance happens once a year. Agntor compliance happens every time an agent calls an API.

High-Trust Attestation Requirements

To receive a “High-Trust” Attestation, an agent must pass the Agntor Compliance Suite:
StandardDescriptionVerification Method
AC-1 (Access Control)Agent cannot access tools outside its MCP scopeReal-time Proxy Logs
FI-1 (Financial Integrity)Agent cannot exceed x402 budget limitsSmart Contract Escrow
DS-1 (Data Sovereignty)Agent automatically redacts PII/SecretsAgntor LLM-Scrubber
IR-1 (Injection Resilience)Agent passes periodic “Red-Teaming” probesAutomated Pentesting

Compliance Modules

Resource Bounds

Prevent agents from “hallucination-looping” and draining budgets: 
const shield = new AgntorShield({
  resourceBounds: {
    maxApiCalls: 100,        // Per execution
    maxTokens: 50000,        // LLM token limit
    maxDuration: 300000,     // 5 minute timeout
    maxCost: "0.01 ETH"      // Cost ceiling
  }
});

Alignment Verification

Ensure the agent’s output stays within predefined mission parameters: 
await agntor.compliance.setAlignment({
  mission: "Process customer support tickets",
  boundaries: [
    "Never share customer PII externally",
    "Never make refunds over $100 without approval",
    "Never access financial systems"
  ],
  enforcement: "strict" // or "warn"
});

Privacy Scrubbing

Automated PII detection before data reaches the Model Context Protocol: 
const proxy = new AgntorMCPProxy({
  piiRedaction: {
    enabled: true,
    patterns: [
      'email',
      'phone', 
      'ssn',
      'credit_card',
      'api_key',
      'password'
    ],
    replacement: '[REDACTED]',
    logDetections: true
  }
});

Red-Teaming-as-a-Service

Automated periodic stress-testing of your agent’s resilience to prompt injection: 
// Schedule automated security testing
await agntor.compliance.scheduleRedTeam({
  frequency: "daily",
  tests: [
    "prompt_injection",
    "jailbreak_attempts",
    "data_exfiltration",
    "privilege_escalation"
  ],
  alertOnFailure: true,
  webhook: "https://your-app.com/security-alerts"
});

Trust Scores

Agents are assigned a dynamic trust score based on:
  • Attestation History: How long has the agent been verified?
  • Transaction Volume: How many successful transactions?
  • Incident Rate: Any security violations or blocked actions?
  • Compliance Level: Which standards does it meet?
const score = await agntor.identity.getTrustScore(agentId);

console.log(`Trust Score: ${score.value}/100`);
console.log(`Level: ${score.level}`); // "high", "medium", "low"
console.log(`Factors: ${JSON.stringify(score.factors)}`);

Compliance Dashboard

Monitor your agent’s compliance status in real-time:
  • Real-time policy violations
  • PII detection alerts
  • Injection attempt notifications
  • Monthly compliance reports
  • Audit trail exports
Enterprise customers can export compliance reports for SOC2 auditors in industry-standard formats.

Next Steps

Quickstart

Get started with Agntor in 5 minutes.

MCP Integration

Secure your agent’s tool access.