AgentPass -- Secure MCP for Regulated Finance. MCPS + Agent Identity for the Agent Economy. IETF Draft
๐ NEW: Read the AgentPass Case Study โ Securing the $5 Trillion Agentic Economy โOPENAPI INITIATIVE ยท APPROVED EXTENSION
The security layer for AI agents in financial services.
Secure agent access for banking and payments. Verified identity. Signed responses. Sanctions screening. SOC 2 mapped. Integrated into moov-io/watchman.
MCPS -- Secure MCP built for regulated finance. Learn more โ
๐ก OFAC + HMT Sanctions (75K entries)
๐ฑ Mobile SDKs (iOS, Python, Node)
๐ ECDSA P-256 Signed Payments
โ L0-L4 Behavioural Trust Scoring
๐ Challenge-Response Identity
๐ Hash-Chained Audit Trail
Integrated with:
moov-io/watchman
LIVE
SOC 2 Control Mapping
14 Trust Service Criteria mapped to AI agent operations. Submitted to AICPA, CSA, ISACA, and NIST. View mapping
McKinsey, October 2025
$3Tโ$5T in global agentic commerce value by 2030. Up to $1T of US retail revenue directed by AI agents. 75% of NRF 2026 retailers implementing agentic commerce.
๐ฑ iOS SDK for Mobile Agent Payments -- Live Now
Live Demo -- AgentPass iOS SDK
Standards & Compliance
Built on open standards. 10 IETF Internet-Drafts including ATTP (Agent Trust Transport Protocol) and MCPS. OWASP MCP Top 10 contributor. OpenAPI Extensions Registry entry. Submitted to EBA, FCA, and PCI SSC.
๐
Signed Payments
Every transaction signed with ECDSA P-256. Non-repudiable receipts proving which agent authorised what.
๐
Trust Scoring
5-dimension behavioural trust score (0-100). Agents earn spending authority through proven behaviour.
๐ก
Spend Limits
Per-transaction and daily limits enforced by trust level. Agents cannot exceed their authority.
๐
Replay Protection
Unique nonce per transaction. Captured payment requests cannot be re-sent.
๐
Audit Trail
Hash-chained tamper-evident log. JSON + RFC 5424 syslog. SIEM-ready.
โ
Anomaly Detection
Magnitude, velocity, recipient, and timing anomalies detected. Trust automatically adjusts.
๐ก
OFAC + HMT Sanctions
75,784 sanctions entries screened on every payment. UK HMT (57K) + US OFAC SDN (18K). Sanctioned recipients blocked in real time.
๐ฑ
Mobile Payments
Native iOS SDK with Keychain-secured ECDSA keys. Python and Node.js SDKs for server-side. Agents pay from any platform.
๐
Agent Registry
DNS for agents. Register, resolve, and search agent identities. Anti-squatting protection. AgentSign-certified.
Deploy Your Way
Cloud or on-premise. Your compliance, your infrastructure.
โ
SaaS
Managed by us. Sign up, get an API key, start verifying agents in minutes. Zero infrastructure.
- โ Free sandbox with $10K test balance
- โ agentpass.co.uk API
- โ Automatic sanctions updates
- โ No ops required
New
๐ข
Self-Hosted
Deploy in your own infrastructure. Docker image with everything included. Your data never leaves your network.
- โ Single Docker container
- โ Sanctions data baked in
- โ License key activation
- โ Full regulatory control
Contact us for access
Agent PKI
Built-in certificate authority for AI agents. Issue, revoke, and verify agent identity certificates with OCSP and CRL -- no external CA required.
๐
X.509 Agent Certificates
Issue short-lived identity certs with trust level, scopes, and issuer embedded. ECDSA P-256 signed.
๐ก
OCSP + CRL
Real-time certificate status checks. Instant revocation propagation. Verifiers query status before trusting any agent.
๐
HSM Key Storage
CA keys stored in AWS KMS, GCP Cloud KMS, Azure Key Vault, or HashiCorp Vault. Your keys never touch disk.
Issue
Agent creates cert on registration
Verify
Third parties verify cert + trust score
Revoke
Instant revocation with CRL + OCSP
Renew
Auto-renew or manual with new trust level
PKI API
| GET | /pki/ca | Download CA certificate | Public |
| GET | /pki/status/:serial | OCSP certificate status | Public |
| GET | /pki/crl | Certificate revocation list | Public |
| GET | /pki/cert/:serial | Fetch certificate by serial | Public |
| POST | /pki/verify | Verify a certificate PEM | Public |
| GET | /pki/certs | List your certificates | Auth |
| POST | /pki/renew/:serial | Renew certificate | Auth |
| GET | /pki/stats | CA statistics | Public |
Available in Self-Hosted Pro and Enterprise tiers. Every agent created automatically receives an X.509 certificate.
AgentPass Self-Hosted
Docker container with license key. Deploy in minutes. Your infrastructure, your control.
Starter
10
agents
- Built-in CA
- Trust levels L0-L4
- Scope enforcement
- Sanctions screening
- Agent dashboard
- Signed audit trail
Pro
50
agents
- Everything in Starter
- Priority support
- Custom CA subject
- CRL distribution
- Integration support
Enterprise
โ
unlimited agents
- Everything in Pro
- Unlimited agents
- KMS integration
- AEBA monitoring
- Dedicated support
- Custom trust models
Trust Levels
| Level | Score | Per Transaction | Daily Limit | Use Case |
|---|---|---|---|---|
| L0 | 0-19 | $0 | $0 | No financial access |
| L1 | 20-39 | $10 | $50 | Micro-payments |
| L2 | 40-59 | $100 | $500 | Standard transactions |
| L3 | 60-79 | $1,000 | $5,000 | Enterprise purchasing |
| L4 | 80-100 | $50,000 | $200,000 | Full access (audited) |