How do AI agents register with the registry?

Agents register through an API or web portal. The operator provides agent identity details (name, purpose, capabilities), technical specifications (model version, tool access), and compliance certifications. The registration is validated automatically, and a risk score is assigned.

What criteria determine an agent's risk tier?

Risk tiers are based on a composite score of operator reputation (KYB verification, history), agent capabilities (data access scope, autonomous actions), compliance certifications (SOC 2, ISO 27001), and behavioral history (access patterns, policy violations). You configure the scoring weights and tier thresholds.

How does revocation work?

Revocation is immediate. When an agent is revoked, all active access tokens are invalidated within 60 seconds, active data sessions are terminated, and the agent's status is updated across all systems. The operator receives a notification with the revocation reason and appeal process.

Is the registry compatible with MCP (Model Context Protocol)?

Yes. The Agent Registry supports MCP-compatible agent identity attestations. Agents that implement MCP can use their MCP identity tokens as part of the registration process, and the registry can issue MCP-compatible access credentials.

What is the difference between operator and agent identity?

An operator is the organization that deploys AI agents (e.g., a fintech company). An agent is a specific AI system deployed by that operator (e.g., a budgeting assistant). One operator can have many agents, each with its own identity, risk score, and access tier.

How are multi-agent operators handled?

Operators register once through KYB verification, then register individual agents under their operator identity. Each agent gets its own risk score and tier, but the operator's reputation score influences all their agents. If an operator is flagged, all their agents can be suspended simultaneously.

Can we customize the risk scoring model?

Yes. The scoring engine provides default weights and thresholds, but you can customize every aspect: which factors are included, their relative weights, tier thresholds, and automatic escalation triggers. Custom scoring rules can be added through a policy configuration API.

What happens when an agent's certification expires?

The registry monitors certification expiry dates and sends warnings 30, 14, and 7 days before expiry. When a certification expires, the agent's risk score is recalculated. If the new score drops below the current tier threshold, the agent is automatically demoted to a lower tier.

AI Agents

Agent Registry

Data Provider

AI Agent Registry & Governance for Data Providers

The agentic AI economy demands a new approach to data access governance. When hundreds of AI agents request access to your data, you need a system to distinguish trusted agents from unknown ones, assign appropriate access levels, and maintain oversight. Fiskil's Agent Registry is that system.

No Standard Way to Vet AI Agents

Enterprises can't distinguish trusted AI agents from unknown ones. There is no standard vetting process, no identity framework for autonomous systems, and no scalable way to manage agent access.

—
No standard format for AI agent identity verification—agents lack the equivalent of KYC
—
Manual vetting processes don't scale when hundreds of agents request data access
—
Risk assessment for autonomous systems lacks established frameworks and benchmarks
—
Agent operators may deploy multiple agents with different purposes under one account
—
No centralized view of which agents access what data, when, and for what purpose

Structured Agent Governance at Scale

A registration portal with automated risk scoring, certification tracking, access tier management, and real-time monitoring. Agents register, get scored, receive an access tier, and are monitored continuously.

Capabilities

Key Capabilities

Agent Identity Verification

Cryptographic identity for AI agents with operator chain-of-trust. Each agent receives a unique identity bound to its operator, with attestations about its capabilities, purpose, and compliance certifications.

Risk Scoring Engine

Automated risk assessment based on agent capabilities, operator reputation, data access patterns, and compliance attestations. Scores update continuously as new signals arrive, triggering tier changes when thresholds are crossed.

Access Tier Management

Bronze, Silver, Gold, and Enterprise tiers with escalating data access. Bronze agents access public data only. Enterprise agents access sensitive data with full audit trails. Tiers map to rate limits, data scopes, and SLA commitments.

Certification Tracking

Track agent certifications, compliance attestations, and security audit results. Automated alerts when certifications expire or new compliance requirements affect registered agents.

Implementation

Implementation Guide

Setting up the Agent Registry typically takes 1–2 weeks, primarily spent defining risk criteria and access tier policies.

Define Risk Tiers

Configure risk criteria for each access tier. Define what capabilities, certifications, and operator reputation scores qualify agents for Bronze, Silver, Gold, and Enterprise tiers. Set the data scopes and rate limits for each tier.

Configure Registration Flow

Set up the agent registration portal with required fields: operator identity, agent purpose, requested data scopes, certifications, and technical specifications. Configure automated verification checks and manual review triggers.

Set Access Policies

Map risk tiers to data scopes and rate limits. Define which API endpoints each tier can access, what fields are visible at each tier, and what rate limits apply. Configure escalation paths for tier upgrades.

Enable Monitoring

Configure real-time dashboards, anomaly detection alerts, and periodic review schedules. Set up automated tier demotion triggers for agents that violate access policies or exhibit unexpected behavior patterns.

Features

Key Features

Self-Service Registration Portal

A branded portal where agent operators register their AI agents. Collects identity, purpose, technical specifications, and compliance certifications with automated validation.

Automated Risk Scoring

Multi-factor risk scoring that evaluates operator reputation, agent capabilities, requested scopes, compliance certifications, and historical behavior. Scores update in real time as new data arrives.

Operator Verification

KYB (Know Your Business) verification for agent operators. Validates corporate identity, checks sanctions lists, and verifies business registration before any agent from that operator is granted access.

Access Tier Assignment

Automatic tier assignment based on risk score, with manual override capability. Tiers control data access, rate limits, and SLA commitments. Tier changes trigger notifications to both the operator and internal teams.

Real-Time Monitoring Dashboard

Live view of all registered agents, their current activity, risk scores, and tier status. Drill down into individual agent behavior, access patterns, and compliance status.

Revocation Management

Instant agent revocation with cascading effects: access tokens invalidated, active sessions terminated, and operator notified. Revocation reasons are logged for audit purposes and regulatory reporting.

"Partnering with Fiskil on our open data needs has been a game-changer for us in delivering and maintaining our data holder solution."

Fahad Liaqat at Pacific Blue

Executive Manager Operations and New Markets

FAQs

Explore More Use Cases

AI Data Access

Auth0 Integration

Combine Auth0 identity management with Fiskil Data Provider for enterprise-grade AI data sharing. FAPI 2.0 security, consent management, and audit trails on top of your existing Auth0 infrastructure.

AI Agents

Consent Management

Granular consent management designed for autonomous AI agents. Field-level access controls, purpose limitation, time-bounded permissions, and automated revocation for machine-to-machine data sharing.

Third-Party Applications

Partner Onboarding

Self-service partner onboarding with automated credential verification, sandbox provisioning, and compliance checks. Reduce onboarding time from weeks to hours with Fiskil Data Provider.

Get started today

Talk to us about what you're building and we'll show you how we can help.

Speak with a Fiskil integration expert today

Loading Contact Form...