VET Your Agent: Towards Host-Independent Autonomy via Verifiable Execution Traces

• URL: http://arxiv.org/abs/2512.15892v1
• Date: Wed, 17 Dec 2025 19:05:37 GMT
• Title: VET Your Agent: Towards Host-Independent Autonomy via Verifiable Execution Traces
• Authors: Artem Grigor, Christian Schroeder de Witt, Simon Birnbach, Ivan Martinovic,
• Abstract summary: VET (Verifiable Execution Traces) is a formal framework that achieves host-independent authentication of agent outputs.<n>Central to VET is the Agent Identity Document (AID), which specifies an agent's configuration.<n>We implement VET for an API-based LLM agent and evaluate our instantiation on realistic workloads.
• Score: 5.948440195568225
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Recent advances in large language models (LLMs) have enabled a new generation of autonomous agents that operate over sustained periods and manage sensitive resources on behalf of users. Trusted for their ability to act without direct oversight, such agents are increasingly considered in high-stakes domains including financial management, dispute resolution, and governance. Yet in practice, agents execute on infrastructure controlled by a host, who can tamper with models, inputs, or outputs, undermining any meaningful notion of autonomy. We address this gap by introducing VET (Verifiable Execution Traces), a formal framework that achieves host-independent authentication of agent outputs and takes a step toward host-independent autonomy. Central to VET is the Agent Identity Document (AID), which specifies an agent's configuration together with the proof systems required for verification. VET is compositional: it supports multiple proof mechanisms, including trusted hardware, succinct cryptographic proofs, and notarized TLS transcripts (Web Proofs). We implement VET for an API-based LLM agent and evaluate our instantiation on realistic workloads. We find that for today's black-box, secret-bearing API calls, Web Proofs appear to be the most practical choice, with overhead typically under 3$\times$ compared to direct API calls, while for public API calls, a lower-overhead TEE Proxy is often sufficient. As a case study, we deploy a verifiable trading agent that produces proofs for each decision and composes Web Proofs with a TEE Proxy. Our results demonstrate that practical, host-agnostic authentication is already possible with current technology, laying the foundation for future systems that achieve full host-independent autonomy.

Related papers

• Authorize-on-Demand: Dynamic Authorization with Legality-Aware Intellectual Property Protection for VLMs [70.09137776277994]
  AoD-IP is a framework that supports authorize-on-demand and legality-aware assessment.<n>AoD-IP maintains strong authorized-domain performance and reliable unauthorized detection.
  arXiv  Detail & Related papers  (2026-03-05T07:36:07Z)
• CREDIT: Certified Ownership Verification of Deep Neural Networks Against Model Extraction Attacks [54.04030169323115]
  We introduce CREDIT, a certified ownership verification against Model Extraction Attacks (MEAs)<n>We quantify the similarity between DNN models, propose a practical verification threshold, and provide rigorous theoretical guarantees for ownership verification based on this threshold.<n>We extensively evaluate our approach on several mainstream datasets across different domains and tasks, achieving state-of-the-art performance.
  arXiv  Detail & Related papers  (2026-02-23T23:36:25Z)
• Secure Autonomous Agent Payments: Verifying Authenticity and Intent in a Trustless Environment [0.0]
  Artificial intelligence (AI) agents are increasingly capable of initiating financial transactions on behalf of users or other agents.<n>Traditional payment systems assume human authorization, but autonomous, agent-led payments remove that safeguard.<n>This paper presents a blockchain-based framework that cryptographically authenticates and verifies the intent of every AI-initiated transaction.
  arXiv  Detail & Related papers  (2025-11-08T19:53:51Z)
• AI Agents with Decentralized Identifiers and Verifiable Credentials [32.505127447635864]
  This article presents a prototypical multi-agent system, where each agent is endowed with a self-sovereign digital identity.<n>It combines a unique and ledger-anchored Decentralized Identifier (DID) of an agent with a set of third-party issued Verifiable Credentials (VCs)<n>It enables agents at the start of a dialog to prove ownership of their self-controlled DIDs for authentication purposes and to establish various cross-domain trust relationships.
  arXiv  Detail & Related papers  (2025-10-01T08:10:37Z)
• Using the NANDA Index Architecture in Practice: An Enterprise Perspective [9.707223291705601]
  The proliferation of autonomous AI agents represents a paradigmatic shift from traditional web architectures toward collaborative intelligent systems.<n>This paper presents a comprehensive framework addressing the fundamental infrastructure requirements for secure, trustworthy, and interoperable AI agent ecosystems.
  arXiv  Detail & Related papers  (2025-08-05T05:27:27Z)
• Cognitive Kernel-Pro: A Framework for Deep Research Agents and Agent Foundation Models Training [67.895981259683]
  General AI Agents are increasingly recognized as foundational frameworks for the next generation of artificial intelligence.<n>Current agent systems are either closed-source or heavily reliant on a variety of paid APIs and proprietary tools.<n>We present Cognitive Kernel-Pro, a fully open-source and (to the maximum extent) free multi-module agent framework.
  arXiv  Detail & Related papers  (2025-08-01T08:11:31Z)
• From Cloud-Native to Trust-Native: A Protocol for Verifiable Multi-Agent Systems [7.002091295810318]
  We introduce TrustTrack, a protocol that embeds structural guarantees directly into agent infrastructure.<n>TrustTrack reframes how intelligent agents operate across organizations and jurisdictions.<n>We argue that the Cloud -> AI -> Agent -> Trust transition represents the next architectural layer for autonomous systems.
  arXiv  Detail & Related papers  (2025-07-25T04:38:38Z)
• WebCoT: Enhancing Web Agent Reasoning by Reconstructing Chain-of-Thought in Reflection, Branching, and Rollback [78.55946306325914]
  We identify key reasoning skills essential for effective web agents.<n>We reconstruct the agent's reasoning algorithms into chain-of-thought rationales.<n>Our approach yields significant improvements across multiple benchmarks.
  arXiv  Detail & Related papers  (2025-05-26T14:03:37Z)
• Trusted Identities for AI Agents: Leveraging Telco-Hosted eSIM Infrastructure [0.0]
  We propose a conceptual architecture that leverages telecom-grade eSIM infrastructure.<n>Rather than embedding SIM credentials in hardware devices, we envision a model where telcos host secure, certified hardware modules.<n>This paper is intended as a conceptual framework to open discussion around standardization, security architecture, and the role of telecom infrastructure in the evolving agent economy.
  arXiv  Detail & Related papers  (2025-04-17T15:36:26Z)
• Agent-as-a-Judge: Evaluate Agents with Agents [61.33974108405561]
  We introduce the Agent-as-a-Judge framework, wherein agentic systems are used to evaluate agentic systems. This is an organic extension of the LLM-as-a-Judge framework, incorporating agentic features that enable intermediate feedback for the entire task-solving process. We present DevAI, a new benchmark of 55 realistic automated AI development tasks.
  arXiv  Detail & Related papers  (2024-10-14T17:57:02Z)
• Internet of Agents: Weaving a Web of Heterogeneous Agents for Collaborative Intelligence [79.5316642687565]
  Existing multi-agent frameworks often struggle with integrating diverse capable third-party agents. We propose the Internet of Agents (IoA), a novel framework that addresses these limitations. IoA introduces an agent integration protocol, an instant-messaging-like architecture design, and dynamic mechanisms for agent teaming and conversation flow control.
  arXiv  Detail & Related papers  (2024-07-09T17:33:24Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.