2026.03.12
Business Strategy
Cryptographic Trust Chains Between Agents: How A2A Collaboration Will Transform the API Economy
The era of "A2A" (Agent-to-Agent), where AI agents collaborate to accomplish tasks, has quietly begun. Yet when faced with the question "Can we truly trust the other party's agent?", most companies still have no answer.
Lemma views this gap as a structural problem in the API economy and advocates an approach that inserts cryptographic trust chains between agents. This article organizes the background, design philosophy, and management impact of this approach.
From APIs to Agents: The Premises of B2B Collaboration Are Changing
Over the past few years, intercompany system integration has operated on a model of "calling fixed APIs." Endpoints are published, authentication tokens are exchanged, and data is communicated in fixed formats—a simple, predictable design.
However, the advent of autonomous AI agents is about to fundamentally change this premise. Agents don't simply call APIs; they decide which APIs to call based on objectives, combine multiple services, and pass decision results to the next agent.
| Traditional API Integration | A2A Agent Integration | |
|---|---|---|
| Connection | Fixed endpoints | Dynamic task delegation |
| Flow design | Pre-designed by humans | Autonomous judgment by agents |
| Communication | One-way request/response | Bidirectional negotiation/delegation |
| Authentication | Once at connection | Continuous verification per task |
| Log location | Within own systems | Execution history across orgs |
Google, Microsoft, Anthropic, and others are successively moving to standardize A2A protocols, and this trend means a redesign of B2B economic infrastructure going forward.
The Trust Vacuum in Agent Collaboration
While A2A collaboration is rapidly expanding, answers to the question "How do we ensure agent trustworthiness?" are still forming across the industry. "Which company's agent is this?", "What security policies does it operate under?", "What authority scope can it act within?"—at present, most of these confirmations are still left to contracts negotiated in advance by humans and agreements between implementers.
For instance, when a partner's agent accesses your company's inventory data, there is no mechanical way to verify that the agent "truly belongs to that company and is operated by an organization that has passed compliance review."
Management faces five main risk structures:
- Spoofing risk: Inability to verify the organization or authority claimed by the other party's agent
- Policy opacity risk: Unclear which data handling policies the other party's agent follows
- Auditability gap: Agent decision logs reside with the other party and cannot be reproduced or verified from your own systems
- Ambiguous responsibility boundaries: When trouble occurs, it's impossible to trace "which agent's judgment caused it"
- Compliance vacuum: KYC/AML and other reviews are completely skipped at the agent collaboration layer
What could be managed through contracts, reviews, and credit checks in human-to-human transactions simply doesn't exist at that layer when agents are involved. This is the biggest blind spot in current A2A collaboration.
What Is a Cryptographic Trust Chain?
The core of the solution is "giving agents attribute credentials." Just as human KYC proves "this person exists and meets specified requirements," agents should be able to cryptographically prove "they belong to this organization, comply with this policy, and have this authority scope".
The cryptographic trust chain that Lemma advocates consists of three layers:
Layer 1 — Organizational Identity Signature
Each agent is tied to credentials signed by the issuing organization. The fact that "this is an agent issued and managed by Company X" can be verified in a tamper-proof manner.
Layer 2 — Policy Attribute Proofs
Policy attributes such as "AML reviewed," "GDPR compliance applied," or "operated by ISO 27001 certified organization" can be presented as machine-readable facts using zero-knowledge proofs (ZK proofs). You can convey only the proof that "conditions are met" without disclosing actual review documents.
Layer 3 — Verifiable Authority Scopes
Scopes such as "inventory data read-only access" or "authority to place orders up to 1 million yen" are held as signed attributes. The receiving agent can cryptographically verify the scope before proceeding with processing.
// Conceptual flow (actual SDK API syntax may differ)
const result = await attributes.query(client, {
query: "KYC verified AND AML cleared AND inventory read scope",
mode: "structured",
proof: { required: true, type: "zk-snark" },
targets: { schemas: ["agent-credential-v1"] },
});
if (result.results?.proof?.status === "verified") {
// Collaborate only with agents that have verified trust chains
proceed(task);
} else {
reject("Unverified agent — trust chain broken");
}The trust model evolves from "authenticate once at connection" to "dynamically verify attributes for each task".
Embedding KYC/AML into the Protocol
When financial institutions review API partners today, the process of contract execution, legal review, and credit confirmation is done manually and can take several weeks. In a world where A2A collaboration becomes mainstream, this review process needs to be structurally embedded within the agent protocol itself.
Let's compare scenarios using a fintech payment agent.
| Current (Manual Review) | Lemma Cryptographic Trust Chain | |
|---|---|---|
| Review start | Staff collects and checks docs | Agent automatically presents attribute proofs |
| AML confirmation | Several days to weeks | Real-time verification via ZK proofs |
| Disclosed info | Financial statements, registry | Only proof that "AML conditions met" |
| Audit trail | PDFs, email history | Proof logs recorded on-chain |
| Re-review timing | Annual updates | Instant updates & auto-notify on policy changes |
For example, when an international remittance agent collaborates with a partner agent, it can verify via Lemma's attribute layer that "this agent is operated by an organization that has passed FATF-standard AML review" in milliseconds before starting processing. Parts of compliance review that previously required manual effort become automated at the protocol level.
Trust Metrics That Management Should Hold
When evaluating AI agent initiatives as a business, it's important to have quality metrics as trust infrastructure, not just "processing speed" or "cost reduction rates." Here are four candidate management KPIs when adopting Lemma's cryptographic trust chain:
- Trust Level: The percentage of partner agents with "cryptographically verified attributes." Aiming for 100% brings the risk of collaborating with unverified agents close to zero
- Auditability Score: For past agent collaboration logs, the percentage for which "which judgments, which data, and which verifications were undergone" can be reproduced and submitted afterward
- Detachability: When a problematic agent is detected, whether collaboration can be stopped immediately and the scope of impact identified. With an attribute chain, "which tasks went through that agent" can be uniquely traced
- Compliance Automation Rate: The percentage of KYC/AML and other confirmation processes that completed at the protocol level without human intervention
With a cryptographic trust chain, responsibility boundaries can also be drawn with finer granularity than contracts: "If verified attributes were false, responsibility lies with the issuing organization" and "If verification was skipped, responsibility lies with the agent owner who approved the collaboration."
Designing AI Agents as "Trusted Collaborators"
The perspective shift we want to suggest here is simple: Stop treating AI agents as software modules and design them as entities that collaborate after undergoing trust evaluation.
When selecting human suppliers, we perform credit checks, reviews, contracts, and ongoing relationship management. Agents act as organizational proxies, access data, execute decisions, and generate transactions. Their influence is becoming equal to or greater than that of human staff.
The cryptographic trust chain is infrastructure for "treating agents as business partners." With attribute proofs, ZK verification, and audit logs built into the protocol, executives can constantly grasp "whose agents, under what conditions, are sharing what."
The next article will describe how this trust infrastructure deploys across entire supply chains, through concrete scenes in manufacturing, logistics, and public procurement.
Partner with Lemma Oracle
Lemma Oracle’s cryptographic trust chain and A2A integration are currently available in a closed, partner-only phase. If you are interested in implementing this trust layer for AI-to-AI collaboration or API-based ecosystems as a potential partner, please apply for priority access below.
