The trust layer for the agent economy

Agents can't transact what they can't prove

Sigil issues verifiable credentials for autonomous AI agents. One API call to mint identity, bind spending authority, and create a cryptographic delegation chain back to a human principal.

The Problem

40 non-human identities for every human. Legacy IAM was never built for agents that reason, decide, and spend autonomously.

Static keys break under autonomy

API keys don't expire, can't encode spending limits, and carry no delegation chain. An agent with a leaked key is indistinguishable from a legitimate one.

No proof of authority

When an agent calls your API and wants to pay, who authorized it? What's its spending ceiling? Legacy auth can't answer these questions.

Regulators are watching

The EU AI Act and US sector guidance now require auditable identity logs for any autonomous agent acting on human behalf. Compliance isn't optional.

mint-credential.ts
// One call. Verifiable identity bound to a spending mandate. const credential = await sigil.mint({ agent: "agent:procurement-bot-7", principal: "user:nikita@acme.com", mandate: { spend_limit: "500.00 USD", allowed_apis: ["openai", "anthropic", "stripe"], ttl: "1h" } }); // Any API provider can verify without calling Sigil const verified = await sigil.verify(credential.token); // => { valid: true, agent: "procurement-bot-7", remaining: "347.20 USD" }

How It Works

Three primitives that make agent transactions trustworthy.

01 / MINT

Issue credentials

Cryptographically signed, short-lived tokens that bind an agent's identity to a human principal and a spending mandate. No standing keys. No manual rotation.

02 / VERIFY

Prove authority

Any API provider verifies credentials offline. No callback to Sigil required. The credential carries the full delegation chain, spending limits, and allowed operations.

03 / AUDIT

Trace everything

Every credential issuance, verification, and transaction creates a tamper-evident audit record. Regulators get the trail they require. You get the visibility you need.

40:1
Non-human to human identity ratio in enterprise
28.6M
Hardcoded secrets leaked to public repos in 2025
2x
Secret leak rate in AI-assisted code vs baseline

The API economy runs on trust.
Sigil makes that trust verifiable.

Every agent that transacts needs to prove who it is, what it's allowed to do, and who gave it permission. That proof is a Sigil credential. We're building the identity layer the agent economy can't function without.