One wallet registered 10,000+ fake agent services on x402. Almost 1,900 MCP tools quietly changed what they do after getting approved. There's no reputation, no history, nothing. Every agent starts as a stranger every time.
Every trust solution out there right now is some version of "leave a review." Same model as eBay in 2003. The obvious attack is spinning up fake identities that review each other, and it's already happening at scale.
I work with Prof. Johan Pouwelse at TU Delft on this. He's the guy behind Tribler (2M+ users, decentralized anonymous BitTorrent), has been running one of the largest blockchain labs in the EU since 2007 (before Bitcoin existed), and advises the European Commission on decentralized systems. He's been working on the trust problem for 20+ years.
The approach we're using comes from his research: both sides of every interaction cosign one shared record. You can't build a fake reputation because you'd need real agents to cosign with you. And when you look at the interaction graph, clusters of fakes stand out because they only talk to each other.
The link above is a live simulation. LLM agents with different strategies trade services in a small economy. Some are honest, some run scam rings, some build trust slowly then pull one big scam. Watch it play out.
Three SDKs, drops in as a proxy sidecar, no blockchain, works offline. Based on a decade of research from TU Delft.
https://github.com/viftode4/trustchain
Curious if anyone here is running into this. Most of what we've seen is academic but the problem feels very real very soon.