Spec · Trust Score

Trust Score methodology

Every Passport on the AI Identity registry has a 0–1000 Trust Score and a letter grade from AAA to C. The formula is public, deterministic, and reproducible from the same inputs anyone can fetch through the public Verify and WHOIS APIs.

Why a single number

Named tiers (creator_verified, business_verified) are precise but slow to read. A 0–1000 score with a letter grade is a 50-year-proven mental model: credit bureaus (FICO), SSL certificate ratings (SSL Labs A+), Better Business Bureau, domain trust ratings. We layer the score on top of the existing tier, never instead of it — the tier remains the underlying truth, the score is its summary.

Grade thresholds

Grade	Score range	Meaning
AAA	950 – 1000	Exceptional. Highest verified trust on the registry.
AA	850 – 949	Excellent. Suitable for production and regulated workloads.
A	700 – 849	Good. Meets standard verification requirements.
B	500 – 699	Fair. Limited verification or new identity.
C	below 500	Insufficient. Verification incomplete.

Components

The 1,000 maximum is the sum of four independently auditable components. Every component has a published formula, a deterministic input, and a hard ceiling.

Tier achieved

max 500

issued 125 · identity_verified 300 · creator_verified 400 · business_verified 500

The tier is the strongest single signal: it summarises every verification step the operator has completed (email, surface ownership, KYC, KYB). Half the total score sits here on purpose — a Passport with no surface checks but full business verification still meaningfully outranks a young identity_verified Passport with one surface.

Verified surfaces

max 200

50 points per independently verified surface, capped at 4 surfaces

Surfaces are the places this AI actually shows up: a website, a Custom GPT, a Telegram bot, an MCP server. Each verified surface is fresh proof the operator still controls something concrete. Cap at 4 prevents surface-stuffing for score gaming.

Verification age

max 150

(months active / 12) × 150, capped at 12 months

Time-on-registry is a soft trust signal: an identity that has run for a year without revocation is structurally more credible than one issued yesterday. Cap at 12 months means renewal earns full marks; older identities don't accrue advantage forever, which keeps the playing field reachable for new entrants.

Public Verify API volume

max 150

log10(count + 1) × 50, capped at 150

Real-world adoption is the hardest signal to fake. Every time an external service calls our public Verify API for this identity, the counter increments. Logarithmic scaling rewards proven adoption (10 calls earns ~52 pts; 100 calls earns ~100 pts) without letting a single viral moment max the score.

Reproducing any score

To compute the score for a Passport, fetch the four inputs from the public APIs and apply the formulas above. The reference implementation is the open-source computeTrustScorefunction in our SDK — it produces the same score we render on /p/<id> bit-for-bit.

import { computeTrustScore } from "@aiidentity/sdk";

const score = computeTrustScore({
  tier: "creator_verified",
  verifiedSurfaceCount: 3,
  issuedAt: "2025-11-12T00:00:00Z",
  publicVerifyCount: 412,
});

console.log(score.total);  // e.g. 870
console.log(score.grade);  // "AA"

What this score is not

It is not a behavioural rating. The score does not measure whether the AI is helpful, harmful, accurate, or safe. It only measures the strength of the identity binding behind it.
It is not a credit score. Nothing about financial standing, payment history, or real-world reputation feeds into the formula.
It is not a model quality score. The score is the same whether the underlying AI is a state-of-the-art model or a basic rule-based bot. Quality is for the operator and the user to evaluate.
It is not editorial. No human curates scores. The formula runs on inputs; that is the entire calculation.

Roadmap (v2 components)

The components above are the v1 formula. We have designed in three additional components that will be added once the underlying data exists:

Peer attestations. Other verified Passports endorsing this one. Capped to prevent Sybil farming. Adds network-effect signal.
Behavioural history. Continuous uptime of declared surfaces, incident-free streak, error rates from monitored endpoints.
Likeness alignment. Bonus when the operator's name matches a Likeness Reserve handle they own (proves both the AI and the human/brand behind it are linked).

Adding components will rescale existing scores rather than inflating them. The score boundaries (AAA/AA/A/B/C) are committed; the components inside them will evolve.

Audit + reproducibility

The full source of the scoring function is at github.com/aiidentity/aiidentity (file: lib/trust-score/index.ts). If you compute a score that disagrees with the score we render, that is a bug — please open an issue. We commit to never introducing private inputs to the formula. Whatever feeds the score must be fetchable by anyone via our public APIs.

Last updated: 2026-05-07 · v0.8.6.0 · All specifications