Agentic AI must learn to play by blockchain’s rules | Opinion

Systems that can call tools up on demand, set goals, spend money, and alter their own prompts are already creeping out of sandboxes and into production — agentic AI, or artificial intelligence, included.

This shift completely overlooks the bargain that society made with AI during its origins, that outputs were suggestions while humans were on the hook. Now, agents act, flipping that onus and opening the door to a wide world of ethical complications. If an autonomous system can alter records, publish content, and move funds, it must learn to play by the rules, and it must (more vitally) leave a trail that stands the test of time so that it can be audited and disputed, if necessary. 

Governance by engineering is needed now more than ever in the modernity of agentic AI, and the market is beginning to see this. Autonomy becomes more about accumulating liabilities rather than optimizing processes with cryptographic provenance and rules to bind agentic AI. When a trade goes wrong or a deepfake spreads, post-mortem forensics cannot rely on Slack messages or screenshots. Provenance is key, and it has to be machine-verifiable from the moment inputs get captured through to the moment actions are taken.

Identities, not usernames

Handles or usernames are not enough; agents need to be given identities that can be proven with verifiable credentials. W3C Verifiable Credentials (VCs) 2.0 provides a standards-based way to bind attributes (like roles, permissions, attestations, etc.) to entities in a way that other machines can verify. 

Pair this verification with key management and policy in smart accounts, and soon enough, an agent can present exactly ‘who’ it is and ‘what’ it can do long before it executes a single action. In such a model, credentials become a trackable permission surface that follows the agent across chains and services, and ensures they play by their rules with accountability.

With frequent misattributions and license omissions above 70%, the messy provenance of more widely used AI datasets shows how fast non-verifiable AI crumbles under inspection. If the community can’t keep data straight for static training corpora, it can’t expect regulators to accept unlabeled, unverified agent actions in live environments. 

Signing inputs and outputs

Agents act on inputs, whether that be a quote, a file, or a photo, and when those inputs can be forged or stripped of context, safety collapses. The Coalition for Content Provenance and Authenticity (C2PA) standard moves media out of the realm of guesswork and into cryptographically signed content credentials. 

Once again, credentials win over usernames, as seen by the likes of Google integrating content credentials in search and Adobe launching a public web app to embed and inspect them. The momentum here is toward artifacts that carry their own chain of custody, so agents that ingest data and emit only credentialed media will be easier to trust (and to govern).

This method should be extended to more structured data and decisions, such as when an agent queries a service. In this scenario, the response should be signed, and what follows should be the agent’s decision being recorded, sealed, and time-stamped for verification. 

Without signed statements, post-mortems dissolve into finger-pointing and conjecture. With them, accountability becomes computable — every decision, action, and transition cryptographically tied to a verifiable identity and policy context. For agentic AI, this transforms post-incident analysis from subjective interpretation into reproducible evidence, where investigators can trace intent, sequence, and consequence with mathematical precision.

Establishing on-chain or permission-chained logs gives autonomous systems an audit spine — a verifiable trail of causality. Investigators gain the ability to replay behavior, counterparties can verify authenticity and non-repudiation, and regulators can query compliance dynamically instead of reactively. The “black box” becomes a glass box, where explainability and accountability converge in real time. Transparency shifts from a marketing claim to a measurable property of the system.

Providers capable of demonstrating lawful data sourcing, verifiable process integrity, and compliant agentic behavior will operate with lower friction and higher trust. They won’t face endless rounds of due diligence or arbitrary shutdowns. When an AI system can prove what it did, why it did it, and on whose authority, risk management evolves from policing to permissioning — and adoption accelerates.

This marks a new divide in AI ecosystems: verifiable agents that can lawfully interoperate across regulated networks, and opaque agents that cannot. A constitution for agentic AI — anchored in identity, signed inputs and outputs, and immutable, queryable logs — is not just a safeguard; it’s the new gateway to participation in trusted markets.

Agentic AI will only go where it can prove itself. Those who design for provability and integrity now will set the standard for the next generation of interoperable intelligence. Those who ignore that bar will face progressive exclusion—from networks, users, and future innovation itself.