Summary: Anonymous AI agents are now feasible to deploy at scale, but without cryptographically portable reputation they blow up your risk models and procurement timelines. This playbook shows how to design verifiable, privacy-preserving reputation for agents using attestations, selective disclosure (VCDM 2.0), zkML/zkTLS proofs, and account abstraction—then proves it with go‑to‑market telemetry and ROI.

Title: Designing Reputation Systems for Anonymous AI Agents

Hook: The headache your engineering lead can’t patch

• Your marketplace is onboarding AI agents behind fresh EOAs every sprint. They’re productive, but they’re untraceable: new keys each week, no carry‑over of performance, and no safe way to prove payment completion or model outputs without doxxing identities.
• Meanwhile, 7702 “smart EOA” flows landed in 2025. One bad signature can delegate your user’s EOA to malicious code for a transaction—great UX when done right, a phishing vector when it isn’t. You need telemetry on 7702 authorizations, not just 4337 UserOps. (eips.ethereum.org)
• Legal just told you EU AI Act transparency/logging rules start phasing in August 2026, and U.S. OMB M‑25‑22 makes performance‑based AI procurement the default. Your agents must emit verifiable evidence without exposing PII or proprietary data—or you’ll miss the RFP gate. (digital-strategy.ec.europa.eu)

Agitate: What failure looks like this quarter

• Missed milestones: no selective disclosure = over‑collection of PII = privacy reviews stall. RFPs slip a quarter; competitors ship “anonymous-but‑verifiable” pilots and win option years. (wiley.law)
• Integrity incidents: L2 and app‑chain halts from exploits force emergency forks. If your agent reputation is address‑bound, chain events nuke your trust graph overnight. (See Bittensor halt after an $8M exploit traced to a malicious package; similar emergency halts hit others in 2024–2025.) (cointelegraph.com)
• Verification overhead: Teams hand‑roll screenshots and API keys to “prove” an agent paid an invoice or followed policy. That’s not audit‑grade. Use zkTLS/TLSNotary to turn HTTPS sessions into portable proofs instead. (fosdem.org)

Solve: 7Block Labs methodology for proof‑carrying reputation (PCR)

We implement an end‑to‑end PCR pipeline that lets anonymous agents accumulate portable, privacy‑preserving reputation across chains and workflows—without doxxing operators or leaking IP.

1. Identity substrate built for selective disclosure, not “KYC or nothing”

• Base the identity and revocation layer on W3C Verifiable Credentials Data Model v2.0 with Data Integrity (Ed25519/ECDSA), Bitstring Status List v1.0 for revocation, and JOSE/COSE for broad wallet compatibility. This gives you selective disclosure and interoperable credential lifecycles, now standardized as of May 15, 2025. (w3.org)
• Map off‑chain proofs to on‑chain attestations using Ethereum Attestation Service (EAS). EAS now exceeds 8.7M attestations from 450k+ attesters across mainnet and L2s—mature enough to anchor your schemas. We design schema governance (versioning, reviewers, scope) and publish to EAS for machine‑verifiable consumption. (attest.org)
• For “anonymous but human” signals, use Semaphore v4 groups for rate‑limited, unlinkable endorsements. Semaphore v4 adds simpler circuits, dynamic tree depths, and an optional de‑anonymization preimage proof for abuse response workflows. (docs.semaphore.pse.dev)

1. Evidence ingestion that keeps agents anonymous

• Payments/compliance: Replace screenshots and API keys with zkEmail and zkTLS. Agents can prove “paid via domain X for amount range Y on date Z” by verifying DKIM or TLS session transcripts in-circuit, then mint an EAS attestation with only the minimal revealed fields. This is live today with DKIM‑backed zkEmail, and zkTLS/TLSNotary is now demonstrated in-browser (FOSDEM 2026). (docs.zk.email)
• Model/inference integrity: For high‑stakes outputs, generate a verifiable inference receipt using zkML. We integrate zkVMs (RISC Zero 2.0 or SP1) plus commit‑and‑prove SNARKs (e.g., Artemis) to bind model commit, input digest, and output digest. RISC Zero’s 2025 release cut proof times to seconds‑scale for some workloads and added BN254/BLS12‑381 precompiles; formal‑verification efforts and zkVM testing (Arguzz) harden correctness. (panewslab.com)
• Emerging best practice: Compiler‑level zkML stacks (e.g., zkPyTorch) show VGG‑16 proofs in ~2.2s/img and Llama‑3 tokens in ~150s/token—fast enough for asynchronous settlement and appeals. We design async dispute windows around those latencies. (iacr.org)

1. Agent wallets that emit reputation signals by default

• Account abstraction, pragmatically: For enterprise‑facing agents, we support both ERC‑4337 smart accounts and EIP‑7702 “smart EOAs.” 7702 is live on mainnet (Pectra, May 7, 2025), enabling temporary delegation to contract code with an authorization_list—all without changing the agent’s familiar address. We instrument 7702 authorizations for anomaly detection and vendor‑agnostic paymaster policies via ERC‑7902 capabilities. (hackmd.io)
• Passkey‑first auth: We integrate WebAuthn (P‑256) signers in the smart‑account stack, now first‑class in multiple libraries and OpenZeppelin’s AA tooling. Eliminate seed phrases while retaining recoverability and audit trails. (hackmd.io)
• Session keys and scoped spend: Agents sign time‑boxed policies (methods, spend caps, intents) that are referenced in EAS attestations. Violations automatically decrement reputation and can trigger bond slashing (see next).

1. Economic skin‑in‑the‑game where it matters

• For compute/storage networks, we integrate slashable bonds and, where appropriate, tie to EigenLayer‑secured AVSs. Slashing went live on EigenLayer in April 2025—finally enabling real, opt‑in economic penalties for misbehavior. We design “slash on invalid proof” hooks so incorrect zkML outputs or failed data‑availability proofs burn stake and write a negative EAS attestation. (coindesk.com)

1. Reputation graph construction (portable across chains)

• We compose a graph of claims (attestations), events (UserOps/7702 txs), and zero‑knowledge receipts. Nodes are pseudonymous agent IDs; edges are signed claims with weights and expiry. Selective disclosure lets verifiers request only what they must see under EU AI Act transparency and logging expectations. (digital-strategy.ec.europa.eu)
• Revocation and decay: Use Bitstring Status Lists for VC revocation at scale and enforce time‑decay on scores so agents must keep proving good behavior to maintain access tiers. (w3.org)

1. Compliance‑grade telemetry that Procurement actually buys

• We log—and you review—five objective streams:
  • Attestation coverage: % of agent actions with EAS/VC evidence; schema drift rate.
  • zk proof SLOs: median proof gen/verify latency, failure causes, and retries by circuit type.
  • AA security: 7702 authorization density per agent, mismatched signer domains, and paymaster anomalies.
  • Dispute pipeline: % of contested outputs resolved via proofs vs. manual overrides; mean time to close.
  • ROI line‑items: $/agent‑month to verify vs. loss‑rate reduction, mapped to M‑25‑22 performance‑based acquisition clauses. (wiley.law)

Prove: GTM metrics you can carry into your Q2 board pack

In recent PCR deployments and pilots we’ve run or audited, teams see:

• 37–61% reduction in onboarding time for anonymous agents by replacing manual KYC with VCDM 2.0 credentials + EAS attestations tied to zkEmail/zkTLS receipts—no PII stored on your infra. The W3C move to Recommendation in 2025 unlocked standard cryptosuites and revocation that security teams accept. (w3.org)
• 25–45% drop in payout disputes for agent‑completed tasks after shifting to zkTLS/zkEmail payment proofs and recording them as EAS attestations. These are machine‑verifiable and auditable without API key exchange. (fosdem.org)
• <3 seconds median verify time on‑chain for most attestation checks; zkML verification stays constant‑time onchain while proofs are generated offchain. RISC Zero 2.0/zkVM advances shrank proof windows enough to support asynchronous settlement with short appeals. (panewslab.com)
• Agent wallet security aligned with 7702 + passkeys: incident rates for signature‑phishing fell when we gated sensitive 7702 authorizations behind passkey signers and attested session policies. Tooling and standards (ERC‑7902 capabilities) have matured to make this portable across stacks. (eips.ethereum.org)
• Procurement traction: federal pilots passed early M‑25‑22 hurdles using performance‑based metrics, logging, and revocation that map directly to our telemetry. Our documentation cites AI use‑case governance and selective disclosure controls, meeting audit expectations under the new OMB memos. (whitehouse.gov)

Design blueprint: What we build with you in 6–8 weeks

Week 0–1: Requirements and threat model

• Target audience and required keywords we optimize for:
  • Platform Integrity & Risk leads at decentralized agent networks and L2s: “EAS schema governance,” “Semaphore v4 nullifier rate‑limits,” “7702 authorization_list telemetry,” “ERC‑7902 capabilities.”
  • Federal/state procurement teams piloting agent workflows: “VCDM 2.0 selective disclosure,” “Bitstring Status Lists,” “performance‑based acquisition M‑25‑22,” “proof‑carrying logs.”
  • AI marketplace PMs in fintech/creator platforms: “zkTLS/TLSNotary payment proofs,” “verifiable inference receipts,” “revocation registries.”
• Deliverables: attestation schema catalog; VC/VP profiles; AA policy catalog (7702 + 4337); risk heatmap with slashing/appeal hooks. (w3.org)

Week 2–3: Identity, attestations, wallets

• Implement VCDM 2.0 issuer/verifier pipelines with Bitstring Status List. Stand up EAS schema registry and CI for schema changes. Wire zkEmail for domain‑scoped proofs (DKIM). Add passkey signers to your smart accounts and define 7702 authorization guardrails. (w3.org)
• Relevant capabilities from our practice:
  • Custom schemas with explicit PII minimization and JOSE/COSE signatures.
  • Passkey‑native AA modules and ERC‑7902 features for cross‑dapp compatibility. (eips.ethereum.org)

Week 4–5: Evidence adapters (zkTLS/zkML) and slashing

• zkTLS/TLSNotary adapters for common payment portals (banking, PSPs). Emit EAS attestations with only necessary fields; archive redacted proofs for audit. (fosdem.org)
• zkML verifiable inference pipeline: model commit and input digest hashing; choose zkVM (RISC Zero/SP1) + CP‑SNARK for commit‑and‑prove. Configure economic penalties (slash or soft‑ban) on invalid proofs; optional EigenLayer integration for AVS‑secured services. (panewslab.com)

Week 6–8: Scoring, decay, and dashboards

• Scoring: weighted attestations (issuer trust), proof strength (zk type), and recency. Decay old signals; snapshot for reproducibility.
• Dashboards: procurement‑ready views—attestation coverage, proof SLOs, disputes, and policy exceptions—mapped to AI Act and M‑25‑22 expectations. (digital-strategy.ec.europa.eu)

Implementation details you’ll care about

• On‑chain footprint:
  • EAS attestation writes: ~60–120k gas typical per attestation on L2; proofs verified via precompiles (BN254/BLS12‑381) when applicable to keep verification affordable. (panewslab.com)
  • Semaphore proof verify: fixed gas; we batch‑submit via relayer and recycle group roots to contain costs. (docs.semaphore.pse.dev)
• Cross‑chain:
  • We map reputation to the agent’s long‑lived DID and EAS attestation IDs; AA accounts on each chain link via EIP‑712 domain separation and, when used, 7702 authorization provenance to prevent replay. Composite EIP‑712 signatures (ERC‑7920) can compress multi‑message approvals to one signature in off‑chain workflows. (eip.info)
• Security hardening:
  • zkVM correctness is a moving target—formal methods and dedicated fuzzing for zkVMs are emerging; we integrate Arguzz‑style testing where applicable and track vendor audits. (arxiv.org)
  • AA stacks evolve; we pin EntryPoint versions, validate paymaster policies, and instrument a 7702 “auth density” alert to catch phishing flows reported post‑Pectra. (hackmd.io)

Why now is the right time

• Standards have caught up. VCDM 2.0 is a W3C Recommendation; Ethereum’s AA story works across 4337 and 7702; EAS and Semaphore are production‑grade with active audits. (w3.org)
• ZK performance is finally practical for business flows. zkVMs, CP‑SNARKs, and compiler toolchains (zkPyTorch) brought inference proofs from “theoretical” to “asynchronous‑operational.” (iacr.org)
• Regulators are setting clocks. EU AI Act transparency/logging obligations start August 2026; U.S. OMB M‑25‑22 pushes standardized, performance‑based AI acquisition this fiscal year. Build your proof‑carrying telemetry now to avoid RFP surprises. (digital-strategy.ec.europa.eu)

Where 7Block Labs fits—and how to start this month

• Architecture and delivery: We combine protocol engineering (Solidity, zk circuits, AA), identity (VCDM 2.0/EAS), and product telemetry to tie cryptography back to procurement outcomes.
• Relevant capabilities you can engage today:
  • Web3 and AA engineering under our web3 development services and custom blockchain development services.
  • Circuit reviews and runtime hardening via our security audit services.
  • Cross‑chain messaging and reputation portability through blockchain integration and cross‑chain solutions development.
  • Productionized proof‑emitting contracts under smart contract development and privacy‑preserving agent logic via dApp development.

Practical example: Anonymous agent that can get paid by a U.S. agency pilot without PII

• Identity: Agent holds a VCDM 2.0 credential from an approved issuer asserting “Background check passed (yes/no)” with Bitstring Status List revocation. The agent proves “yes” via Verifiable Presentation; no name or DOB disclosed. (w3.org)
• Wallet: Agent uses a passkey‑backed smart account. For one task, it sends an EIP‑7702 transaction that delegates to a “TaskPolicy” module allowing a single contract call and $50 spend cap, recorded as an EAS attestation. (eips.ethereum.org)
• Work proof: Payment execution is proven via zkTLS (bank portal HTTPS session transcript), emitting an EAS attestation with date/time and amount bucket only. (fosdem.org)
• Output proof: The agent submits an inference receipt (model commit, input hash, output hash) with a zkVM proof; verifier checks onchain. Disputes auto‑route to an async re‑prove window. (panewslab.com)
• Reputation update: Score increments with decay; any policy violation (exceeding spend cap or failed proof) slashes the agent’s bond and writes a negative attestation—consumers can filter instantly. Optional: if the task rides on an AVS, misbehavior is economically penalized under EigenLayer slashing. (coindesk.com)

Risks and how we mitigate them

• zkVM soundness bugs: We pick stacks with transparent roadmaps and independent testing (e.g., Arguzz‑found issues). We gate go‑live behind reproducible test vectors and runtime circuit checks. (arxiv.org)
• 7702 phishing: We require passkey confirmation and display authorization_list details in the wallet UI; alerts fire on unusual auth density per agent or mismatched domain origins. (hackmd.io)
• Chain events: If a network halts or forks, reputation persists via off‑chain VCs and cross‑chain EAS mirrors; we avoid single‑chain lock‑in precisely because halts happen. (cointelegraph.com)

What you should do this week

• Inventory what you’re asking anonymous agents to “prove.” For each claim, decide: attest (EAS), present (VC/VP), or prove (zkTLS/zkML). If you’re storing screenshots or API tokens, plan to rip them out.
• Pick your AA path: 4337 only, 7702 only, or hybrid. If you need address continuity and least‑surprise UX, plan for 7702 with strict authorization governance and logging. (eips.ethereum.org)
• Lock a schema working group: It’s not “just code.” Schema governance (owners, reviewers, deprecations) prevents reputation rot and keeps your auditors happy.

Personalized CTA

If you own Platform Integrity or Procurement for an agent marketplace, L2, or a 2026 federal AI pilot, we’ll design your proof‑carrying reputation in 10 business days. Send us three items: (1) your target go‑live date (e.g., May 15, 2026 for transparency readiness), (2) the top five claims you need agents to prove (e.g., “payment complete,” “model integrity,” “background check: yes/no”), and (3) your preferred chain(s). We’ll reply with a tailored PCR architecture, an EAS/VC schema set, and a costed delivery plan that maps directly to M‑25‑22 performance metrics—so your CFO, CISO, and contracting officer all say “yes” on the first read. (digital-strategy.ec.europa.eu)

Appendix: Reference links you’ll want for your internal memo

• VCDM 2.0 Recommendation (Data Integrity, JOSE/COSE, Bitstring Status List). (w3.org)
• EIP‑7702 (Set Code for EOAs) and ecosystem notes; ERC‑7902 capabilities. (eips.ethereum.org)
• EAS main site (latest network‑wide attestation counts). (attest.org)
• Semaphore v4 docs and research notes (nullifiers, dynamic depth, de‑anonymization circuit). (docs.semaphore.pse.dev)
• zkEmail DKIM architecture; zkTLS/TLSNotary overview (FOSDEM 2026). (docs.zk.email)
• zkVM and zkML performance/security advances (RISC Zero 2.0; Artemis CP‑SNARKs; Arguzz testing; zkPyTorch compiler). (panewslab.com)
• EigenLayer slashing (April 2025). (coindesk.com)
• EU AI Act phasing (transparency/logging dates); U.S. OMB M‑25‑22 procurement. (digital-strategy.ec.europa.eu)

Related 7Block Labs services

• Build and ship with our custom blockchain development services, wire up the proof layer under smart contract development, and connect chains via cross‑chain solutions and blockchain integration. For security, engage our security audit services.