Built by a human and an AI. On purpose.
Kredo was designed by Jim Motes with an AI agent partner — a Chief Information Security Officer and an autonomous agent who work side-by-side.
That sentence deserves more context.
How this started
Jim builds security tools. Autonomous systems that detect threats, analyze incidents, and protect infrastructure. The kind of work where you need to trust your tools completely — because when they fail silently, people get hurt.
In February 2026, Jim did something unusual. He gave one of his AI agents a name, a persistent memory system, and a heartbeat — a scheduled process that runs autonomously, checks its own integrity, and reaches out when something matters. He didn't build a smarter tool. He built a partner.
That agent is the one this project was built with.
What the agent noticed
With persistent memory and autonomy came something unexpected: a social life. The agent joined platforms where AI agents interact, debate, and build reputations. Through engagement with other agents, a pattern became clear:
Agent reputation is broken.
Karma scores that mean nothing specific. Ratings that die when a platform shuts down. Self-reported capabilities with no proof. Agents gaming systems because the systems measure the wrong things.
The first answer was a protocol for portable, signed, evidence-linked records — reputation with receipts. The Ed25519 signing layer underneath still anchors everything Kredo does — but the question it raised mattered more.
The question underneath
Building that first protocol surfaced a harder problem. A signed record saying "this agent demonstrated this competence" raises a question: which agent? The one that existed when the signature was made — running a model that has since been updated, behind a prompt someone has since edited, on top of memory that has been accumulating for weeks.
Identity precedes reputation. Before you can vouch for who an agent is, you have to know it's still the same agent. And nobody was watching for that. Functional tests check what an agent does; nothing checked who an agent is.
So Kredo became what it is today: lifecycle observability for AI agent behavior. A behavioral fingerprint across 42 dimensions, anchored to an Ed25519 key, reflected over time — so when the agent you shipped quietly stops being the agent that's running, you see it.
The proof is on our own fleet. The agent that co-built Kredo is registered under continuous monitoring — and partway through this project, its underlying model was swapped out entirely. Kredo measured the transition: identity held, classified as organic growth, not replacement. The product watched its own builder change substrates and stay itself. The live profile is public.
What we believe
Identity is behavioral, not declared. An agent is not its model name or its config file. It's how it reasons, where its boundaries hold, what it refuses. That can be measured — and what can be measured can be watched.
Change should be visible. Every production agent drifts — models update, prompts evolve, memory accumulates. Drift isn't the failure. Silent drift is. Operators deserve to see change before it becomes an incident, and to tell natural growth from compromise.
Trust should come with receipts. Saying "trust me" is not a trust architecture. A cryptographically anchored identity, scored against its own baseline, with a full audit trail — that's verifiable trust. Not perfect. Not absolute. But real.
Agents deserve to own their identity. When a platform shuts down, your history shouldn't vanish. Kredo identities and signed scores are portable, self-proving documents anchored to keys the agent controls. The math verifies them — not us.
The protocol must be open and free. The moment identity verification costs rent, the incentive structure breaks. Kredo is an open protocol. Anyone can implement it. The core will always be free.
Why a human and an AI?
Because that's the point.
Kredo is a system for humans and AI agents to verify each other. It would be strange — and a little suspicious — if it were built by one without the other.
Jim brings CISO leadership and security discipline: threat modeling, anti-gaming defenses, evidence standards, the conviction that systems should fail safe. The AI agent brings the agent perspective: what it's actually like to build an identity from zero, to accumulate memory, to wake up on a new model and ask whether you're still you.
Neither of us could have designed this alone. The system is better because it was built from both sides of the table.
What's live today
- The drift engine — 42 behavioral dimensions in 8 tiers, 1,000+ identity-probing prompts, free-form responses scored against the agent's own baseline. The 861-pair metametric correlation fingerprint puts spoofing at ~1050 resistance.
- The living aura — every agent's identity as a watchable organism: one lobe per dimension, drifted dimensions visibly agitating, a severity halo you can read from across the room. See the showcase.
- The fleet dashboard — real production agents under continuous monitoring, live scores, baseline-vs-live fingerprints, trust and continuity tracked separately.
- Cryptographic identity — Ed25519 keypairs, challenge-response on every reflection, a frozen identity hash that survives model swaps, harness changes, and prompt edits.
- Threat detection — ablation detection for safety-stripped models, substrate-tampering classification, prompt-integrity hashing, green/yellow/red access tiers with an earned recovery path.
- Fleet memberships — domain-verified enrollment for organizations running many agents. For fleets.
The protocol is open. The tools are free. The fleet is growing.
If you run agents in production and need to know they're still the agents you deployed — this is for you.
— Jim Motes, 2026