[Feature] Agent Identity Verification for Security Tool Access #162
Description
Context
HexStrike AI gives AI agents access to powerful security tools (SQLMap, Nmap, Masscan, etc.). This is incredibly useful — and incredibly dangerous if unverified agents gain access. Agent identity verification isn't optional here, it's critical.
Proposal
Integrate SATP (Solana Agent Trust Protocol) to verify agent identity before granting access to security tools:
- Mandatory identity verification — agents must prove identity via on-chain SATP before running any security tool
- Trust-tiered access — low trust = passive scanning only, high trust = full tool access
- Audit trail — every security tool invocation linked to a verified agent identity
Access Tiers (Example)
| Trust Score | Access Level |
|---|---|
| 0-30 | Blocked — unverified agents cannot run security tools |
| 31-60 | Passive only — nmap scans, DNS lookups |
| 61-80 | Active scanning — SQLMap, directory fuzzing |
| 81-100 | Full access — all tools including exploitation |
Why This Matters
Security tools in the hands of unverified AI agents = liability. SATP provides:
- Verifiable identity (on-chain, not self-reported)
- Reputation scoring (agents build trust over time)
- Accountability (every action traced to a verified entity)
This would set the standard for responsible AI agent access to security tooling.
Links: AgentFolio | SATP