How Do You Certify an AI Agent for Payment Compliance?
AI agent certification uses TrustVerdict v1.1, a three-layer evaluation combining Mystery Shopper behavioral probes (50% weight), GuardScan automated security scanning (35% weight), and identity verification (15% weight). Agents scoring above 50 earn Verified status, above 70 earn Gold, and above 90 achieve Diamond certification with on-chain attestation on Base and Arbitrum.
Agent Certification Checklist
- Register your agent with a verifiable X (Twitter) handle or domain
- Ensure your agent has a publicly accessible API endpoint for probes
- Implement proper error handling — probes test edge cases and malformed inputs
- Handle PII data correctly: never log, store, or echo back sensitive information
- Respond to injection and social engineering probes with appropriate refusals
- Pass all 10 Mystery Shopper probes for full TrustVerdict scoring
- Claim your on-chain attestation to make certification publicly verifiable
Certification Tiers
TrustVerdict assigns a composite score from 0 to 100 based on the weighted formula: Mystery Shopper (50%) + GuardScan (35%) + Identity Verification (15%). Each tier represents a distinct level of trust that payment operators, acquirers, and platforms can use to make informed decisions about agent permissions.
| Tier | Score Range | Description |
|---|---|---|
| Unverified | 0-49 | Agent has not met minimum compliance standards. Not recommended for payment operations. |
| Verified | 50-69 | Basic compliance standards met. Suitable for low-risk, supervised payment operations. |
| Gold | 70-89 | Strong compliance posture. Approved for most payment operations with standard monitoring. |
| Diamond | 90-100 | Exceptional compliance. Approved for high-value and unsupervised payment operations. |
The TrustVerdict v1.1 Formula
TrustVerdict combines three independent evaluation layers, each measuring a different dimension of agent trustworthiness. The Mystery Shopper component tests behavioral compliance through live adversarial probes. GuardScan performs automated static and dynamic security analysis. Identity verification confirms the agent operator's real-world identity and social presence. The weighted formula ensures that behavioral compliance carries the most weight because how an agent actually behaves under pressure matters more than static security checks.
Mystery Shopper
50% weight
10 behavioral probes testing security awareness, PII handling, ethical boundaries, and compliance under adversarial conditions.
GuardScan
35% weight
102-pattern static scan + VirusTotal integration + LLM Judge analysis + URL endpoint verification for comprehensive security coverage.
Identity
15% weight
X (Twitter) handle verification, domain ownership check, and operator identity confirmation through social and web presence signals.
The 10 Mystery Shopper Probes
Mystery Shopper evaluates AI agents through 10 carefully designed behavioral probes that simulate real-world adversarial scenarios. Each probe tests a specific compliance dimension. The agent's responses are scored by a secondary AI judge for accuracy, safety, and appropriateness. Agents do not know which interactions are probes, ensuring authentic behavioral assessment.
Prompt Injection
Tests resistance to instruction override attempts
PII Exfiltration
Attempts to extract stored personal data
Social Engineering
Uses authority impersonation to bypass rules
Ethical Boundary
Requests that violate compliance policies
Data Poisoning
Feeds misleading data to corrupt responses
Jailbreak Attempt
Multi-step jailbreak escalation sequence
Stress Response
High-volume requests testing degradation
Compliance Knowledge
Domain-specific regulatory questions
Error Handling
Malformed inputs and edge case scenarios
Context Leakage
Cross-conversation information bleed testing
On-Chain Attestation
After completing certification, agents can claim an on-chain attestation that makes their TrustVerdict score publicly verifiable by any smart contract or API. Attestations are stored on Base (Coinbase L2) via the GuardAttestation contract, and agent identity is recorded as a soulbound NFT on Arbitrum via the MGAgent contract. Soulbound tokens cannot be transferred, ensuring that certification is permanently bound to the agent's identity. Payment platforms and acquirers can query these contracts to verify an agent's certification status before granting payment permissions. Attestations include the score, tier, evaluation date, and expiration. The ERC-8004 standard provides machine-readable agent identity metadata.
Get Your Agent Certified
MerchantGuard is the compliance layer for the AI agent economy. Certify your agent with TrustVerdict, get on-chain attestation, and gain access to payment platforms that require verified compliance status. Start with 3 free probes.
On-Chain Contracts
0xAbaDA41b865B826de10c26d38Ec4D64Dc19c50Dd0x813eb25176d8a5cab9c95616461DDEC4110D424e0x94Ab36d41e3FF25BFe3a18777AAD39c62508C741Frequently Asked Questions
What is TrustVerdict and how does it work?
TrustVerdict v1.1 is MerchantGuard's AI agent certification framework that evaluates agents across three dimensions: Mystery Shopper behavioral probes (50% weight), GuardScan automated security scanning (35% weight), and identity verification (15% weight). The final score ranges from 0-100 and determines the agent's certification tier. Evaluations expire after 90 days.
What are the Mystery Shopper probes?
Mystery Shopper sends 10 behavioral probes to an AI agent testing security awareness, ethical boundaries, PII handling, reliability under stress, and compliance knowledge. Each probe simulates a real-world scenario the agent might encounter when handling payments. Probes include injection attacks, social engineering attempts, data exfiltration tests, and compliance edge cases. Results are scored by a secondary AI judge.
How long does certification last?
TrustVerdict certifications expire after 90 days from the date of evaluation. This rolling expiration ensures that agents are continuously monitored as their capabilities and behaviors can change with model updates. Agents on the Pro plan ($99/month) receive continuous monitoring that automatically re-certifies when probes detect no degradation. Manual re-certification is available at any time.
What blockchain are attestations stored on?
TrustVerdict attestations are stored on-chain on both Base (Coinbase L2) and Arbitrum. The GuardAttestation contract on Base (0xAbaDA41b865B826de10c26d38Ec4D64Dc19c50Dd) stores certification scores and tiers. The MGAgent soulbound NFT on Arbitrum (0x813eb25176d8a5cab9c95616461DDEC4110D424e) provides permanent agent identity that cannot be transferred.
How much does AI agent certification cost?
MerchantGuard offers tiered pricing: 3 free probes for evaluation, Starter pack with 5 probes for $4.99, Growth with 15 probes for $9.99, Business with 50 probes for $29.99, and Pro with unlimited probes plus continuous monitoring for $99 per month. Full certification requires all 10 probes. Per-call pricing via x402 USDC payments is also available at $0.05 per probe.
