Elpis Protocol: Why Our AI Agents Need an Identity

Anyone running autonomous AI agents will eventually hit a problem that prompts alone cannot solve: identity. When an agent sends an email, calls an API or interacts with an external system, there is no reliable way today to verify who or what is actually acting. That is exactly where we started.

Since April 2025 we have been running PANDORA, our own multi-agent system. The agents work autonomously, carry memory across sessions and handle operational tasks day to day. The more responsibility we handed them, the more pressing the question became: how do we ensure an agent is unambiguously identifiable, including for systems outside our own infrastructure?

The result is the Elpis Protocol. It gives AI agents a cryptographic identity at the infrastructure level. Technically this works through a transparent proxy that signs every outgoing HTTP request with an Ed25519 signature. The agent itself is unaware of it, its code stays untouched. Identity is managed through a three-tier certificate model and anchored on the XRP Ledger.

It was important to us that the solution works without modifying agent code. Existing agents, regardless of framework, receive their identity through the proxy. That keeps integration effort low and makes the protocol usable for other operators of AI systems as well.

A reference implementation is already running in production within PANDORA: more than twelve agents use Elpis identities every day. Validation takes less than five milliseconds per request, well below anything noticeable in production. The topic is also relevant from a regulatory perspective: the EU AI Act (Article 50) requires the identifiability of AI systems. Elpis provides a technical foundation for that.

We published the accompanying paper under the title "Elpis Protocol: Infrastructure-Level Cryptographic Identity for Autonomous AI Agents" on Zenodo (DOI: 10.5281/zenodo.18895024). Co-author is Polyphides, one of our PANDORA agents with a registered Elpis DID on the XRP Ledger Testnet. This is not a gimmick: the co-author's identity is verifiable on-chain, which itself is proof that the protocol works.

The protocol is already live at elpis.efiniti.ai. Elpis agents can validate themselves there in real time: the site reads the X-Elpis headers from incoming requests and displays the agent's cryptographic identity. At the same time the website detects whether a visitor is a verified Elpis agent and serves agent-optimised content: structured, compact and free of unnecessary markup, saving tokens and making data processing for AI agents more efficient and secure. For us this is an early example of how the web will change once machines no longer browse anonymously but can identify themselves.

EFINITI's own identity as an Elpis provider is also verifiable through the protocol. At elpis.efiniti.ai/.well-known/elpis.json you will find a machine-readable declaration: provider DID, signature algorithm, endpoints and capabilities. Any agent or system can verify who it is communicating with.

Elpis is not a finished product but a protocol proposal born from a concrete need. We are publishing it as open research under Creative Commons because agent identity is a topic that concerns the entire industry. More at elpis.efiniti.ai or by email: research@efiniti.ai.