The Problem: Agent Trust Is Broken by Default Here's a scenario that keeps me up at night: You have a payment agent on your network that accepts POST requests to /charge . It doesn't know if that request came from your order agent, a replayed token, or something else entirely on your network. That's not a theoretical risk. That's an open door. Multi-agent e-commerce systems are the perfect example of where agent trust actually matters. You've got: A payment agent that charges and refunds (high risk) An inventory agent that reserves and releases stock (medium risk) A fulfillment agent that passes customer data to an LLM (medium risk) Each one is a liability if it accepts calls from the wrong source — or if there's no cryptographic record of what it approved.…