ATTP -- Agent Trust Transport Protocol

ATTP is a synchronous request-response protocol for AI agents calling web APIs. It runs over HTTP with mandatory cryptographic signing, agent identity passports, trust-gated access control, and tamper-evident audit trails. No insecure mode exists.

HTTP was built for humans (1991). ATTP is built for agents (2026). Secure by default.

How ATTP Works

🚨 The Problem

HTTP has no built-in agent identity, no message signing, no trust levels, and no audit trail. When AI agents call APIs over HTTP, there is no way to verify who is calling, whether the message was tampered with, or what trust level the caller has. TLS encrypts the transport but does not sign the content.

🔒 The Solution

ATTP runs over HTTP and adds five mandatory security headers to every request. The agent signs every request body with ECDSA P-256. The server verifies the signature, checks the agent's trust level, and signs the response. Both sides have cryptographic proof of what happened.

Use Cases

🤖

Agent API Calls

AI agents calling REST APIs with verified identity

💳

Agent Payments

Signed payment requests with trust-gated authorisation

🌐

Multi-Agent Systems

Agents communicating across organisational boundaries

📜

Compliance

EU AI Act Article 12 tamper-evident audit trails

🛡

Supply Chain

Verified tool definitions prevent rug pulls and poisoning

Risks Mitigated

Message tampering by intermediaries (proxies, CDNs, load balancers)
Agent impersonation (stolen tokens, forwarded credentials)
Replay attacks (reusing captured requests)
Unauthorised access (agents exceeding their trust level)
Missing audit trails (no proof of what happened)
Tool poisoning (modified tool definitions)

Standards Alignment

OWASP MCP Security Cheat Sheet · Section 7 OWASP AISVS C10 · 5 requirements merged EU AI Act · Articles 12, 13, 14, 15, 50 IETF Internet-Draft · submitted OpenAPI Extension Registry · x-agent-auth