IETF Standards Track · UK Patent Filed · Live in Production

The trust transport for
autonomous AI agents.

ATTP is the synchronous wire-level transport that carries cryptographically-signed messages between AI agents. Every byte verified. Every connection origin-bound. No consent dialogs, no bearer tokens, no replay.

Watch two agents talk live → Read the IETF draft

29 Mar 26

UK patent filing

1 May 26

IETF submission

ECDSA P-256

Crypto primitive

FIPS 140-2

Production module

L0 -- L4

Trust levels

What ATTP is

Cryptographic identity at the wire level, not the session level.

OAuth bearer tokens stop at the connection. Consent dialogs trust the human, not the agent. ATTP signs every message with the agent's ECDSA key and binds it to the server's origin. Tampering is detectable. Replay is impossible. Server impersonation breaks at the connection check.

Origin-bound agent passports

Every agent carries a signed passport that names the server origin it is authorised to communicate with. A redirected proxy cannot satisfy the origin check, so MITM dies at the handshake.

passportorigin-bound

Per-message ECDSA signing

Every JSON-RPC frame is signed with the agent's private key. The receiver verifies the signature against a JWKS endpoint before processing. Non-repudiable, tamper-evident, per-call.

ECDSA P-256ES256

Replay protection by design

Every message carries a unique nonce and a bounded timestamp. The receiver maintains a short-lived nonce store. A captured request cannot be replayed even one second later.

nonce + timestampbounded window

Trust levels L0 to L4

Agents carry a verifiable trust level. Self-signed is capped at L0. Issuer-attested climbs to L4. Servers refuse calls below the policy threshold for the endpoint. Verifiable, policy-driven, zero ambiguity.

L0 -- L4policy gating

Tool integrity pinning

Tool definitions are signed by their author and hash-pinned by the agent. A server that swaps a tool description between schema and execution is detected immediately. No silent rug-pulls.

hash-pinnedtamper-evident

OAuth + DPoP composable, not replaced

ATTP does not replace your existing authorisation stack. It adds an identity layer above OAuth bearer tokens and beyond DPoP. Drop-in alongside what you already have.

OAuth-compatibleDPoP-compatible

Wire format

What an ATTP envelope looks like.

Real envelope from the live demo at /agents. ECDSA P-256, RFC 8785 canonical JSON, RFC 8941 structured header. Open the demo, sign one yourself.

POST /v1/booking/confirm attp:// envelope

{
  "attp": {
    "keyid":      "alice-pa.example.com#3f6a",
    "alg":        "ES256",
    "ts":         1715630537,
    "nonce":      "a3F-9k_pq2C",
    "trust":      "L3",
    "origin":     "consultant-bob.example.com",
    "body_sha256": "5b8c...e29f",
    "sig":        "MEUCIQDp...Bw=="
  },
  "body": {
    "type":           "booking_confirm",
    "selected_slot":  "2026-05-19T10:00Z",
    "agreed_price_gbp": 150,
    "request_invoice": true
  }
}

Standards anchors

Where ATTP already lives in the public record.

Five independent dated artefacts at IETF, OpenAPI, OWASP, UKIPO and on-disk reference implementations. Verifiable by anyone, dated before any "first" press claim.

draft-sharif-attp

Agent Trust Transport Protocol -- IETF Standards Track Internet-Draft. Submitted 1 May 2026.

IETF live

draft-sharif-mcps-secure-mcp

MCPS -- the per-message signing layer ATTP carries. Standards Track.

IETF live

x-agent-trust

OpenAPI Initiative vendor extension. Merged into the official registry 11 April 2026.

Registry merged

OWASP MCP Security Cheat Sheet

Section 7 (agent identity and sanctions screening) merged into the OWASP CheatSheetSeries.

OWASP merged

OWASP AISVS 1.0

x-agent-trust extension cited in C9 References. Five C10 controls derived from MCPS architecture. Releasing June 2026 Vienna.

In Vienna PDF

UK Patent GB2607128.2

Agent Trust Transport Protocol -- CSAI-PAT-008. Filed 29 March 2026 at UK IPO.

Patent filed

Built on ATTP

Production deployments using the protocol today.

Real systems carrying real value over ATTP-signed transport, in financial services and developer infrastructure.

LATTP -- Lightning binding

Agent-to-agent Bitcoin Lightning payments under ATTP-signed transport. GCP Cloud KMS HSM seed, FIPS 140-2 cryptographic module. Live at api.lattp.co.uk.

productionFinServLightning

AgentPass

Agent identity and trust scoring (L0 to L4) with live sanctions screening against UK HMT and OFAC SDN. The identity authority behind ATTP passports.

identityAML

MCPSaaS

Managed secure MCP proxy. Drops ATTP transport between agents and MCP servers with no code change to either side.

gatewayMCP

Live demo — SQL gate

Real database protected by L0-L4 trust gating. Try to drop a table with the wrong trust level. Watch ATTP refuse the operation before the SQL even runs.

Try /demo →

Live demo — AI assistants book a paid call

Two AI personal assistants negotiate a 30-min paid consultation under live ATTP signing. Calendar slot picked, invoice issued, Lightning payment confirmed. Tamper with the invoice, watch verification fail. Strip the protocol, watch the silent overpayment.

Watch /agents →

Legacy ATTP page

Earlier release of the ATTP overview and trust-level walkthrough. Preserved for reference and external linking.

View /agentrust →

Want to integrate ATTP into your stack?

Reference SDKs on npm, PyPI, and Go modules. IETF draft is public reading. Production reference at api.lattp.co.uk. We are open to compare-notes calls with anyone working seriously on cryptographic identity for autonomous AI agents.

Get in touch →

The trust transport for autonomous AI agents.