Decision trust protocol

Building the trust layer for the next generation of commerce

AI agents will initiate trillions in transactions. We build the real-time decision verification infrastructure between autonomous agents and the financial system.

Book a demo Read the documentation View our research

When an AI agent decides to spend $2,400 on cloud infrastructure, who verifies the reasoning is sound? When it processes its 500th transaction in an hour, who detects behavioral drift? When it encounters a merchant it has never seen, who checks intent against mandate?

We do. In 23 milliseconds.

See it work

One API call. Seven decision gates.

Send an authorization request and watch the Decision Trust Protocol evaluate it in real time — every gate, every score, every millisecond.

                        authorization_request.py
                    
import mandate

response = mandate.authorizations.create(
    agent_id="agent_procurement_01",
    amount="2400.00",
    currency="USD",
    merchant="mch_aws_7291",
    intent_context={
        "intent_type": "PURCHASE",
        "task_reference": "TASK-2847",
        "reasoning_summary": "Scaling GPU
  instances for Q3 training run.
  Compared 3 providers on cost,
  latency. AWS optimal at $2,400.",
        "confidence": 0.94,
        "alternatives_considered": 3
    }
)

Authorization Pipeline 0.0ms

Agent Resolve 1.2ms

Intent Verification 3.8ms

Anomaly Gate (EDQS) 7.2ms

Mandate Enforcement 9.6ms

Behavioral Overlay 12.4ms

Risk Scoring 16.1ms

KYA Decision 19.5ms

Persist + Webhooks 21.8ms

Async Post-Decision post-resp.

APPROVED

KYA: 0.87 Zone: GREEN

Platform

Nine modules. One trust layer.

Everything an issuer needs to authorize, monitor, and govern AI agents operating on existing payment rails — from real-time authorization to compliance reporting.

Agent Authorization

Seven-gate verification pipeline processes every transaction in 23ms. Intent evaluation, budget enforcement, sanctions screening, and behavioral checks.

Trust Scoring (KYA)

Agent Behavioral Fingerprint — 42 features, six per signal class across seven classes — with progressive trust levels. Drift detection catches compromised agents before fraud occurs.

Transaction Monitoring

Live feed of every authorization decision with KYA scores, risk signals, and one-click investigation. Full pipeline trace on every decision.

Compliance Reporting

SAR/STR narrative generation in FinCEN BSA and Panama UAF Law 23 format. Compliance calendar with regulatory deadline tracking.

Agent Registry

Complete lifecycle management for every AI agent. Trust levels, behavioral baselines, drift alerts, and multi-tenant isolation.

Ivy, the Compliance Agent

Natural language investigation and insights grounded in your transaction data. Draft SAR narratives, investigate declines, get proactive alerts.

Fraud Analytics

Agent-specific fraud detection: prompt injection, credential replay, behavioral drift attacks, and cross-agent correlation.

Risk Rules Engine

Visual rule builder with dual-approval governance, backtesting, and gap analysis that finds coverage holes before attackers do.

Case Management

Structured investigation workflows from alert to resolution. Auto-created cases, SLA tracking, and one-click SAR filing.

Explore the full platform

Built for compliance teams

The tools your compliance, risk, and fraud teams need

Agent commerce introduces new operational challenges for compliance, risk, and fraud departments. Every authorization decision made by the protocol is fully explainable — your team can trace exactly why an agent was approved, declined, or escalated, what behavioral signals were active, and what the behavioral trust state was at the moment of decision. No black boxes. Every score has a reason. Every reason has an audit trail.

Transaction monitoring

Live feed of every authorization decision with KYA scores, risk signals, and one-click investigation. Filter by agent, merchant, amount, status, or time range. Drill into any transaction to see the full pipeline trace — which gates passed, which flagged, and the reasoning behind each score. Flag suspicious patterns and escalate directly from the monitoring view.

Agent registry & behavioral profiles

Complete visibility into every AI agent operating under your program. Track trust levels (REGISTERED through TRUSTED), behavioral risk zone (GREEN to CRITICAL), transaction history, decline rates, and behavioral baselines. Promote, throttle, or suspend agents with full audit trail. Understand how each agent's decision quality evolves over time.

Compliance reporting & regulatory export

Generate SAR narratives and STR reports in FinCEN BSA format (US) and Panama UAF Law 23 format (LatAm). Automated compliance calendar with regulatory deadline tracking. Export authorization logs in CSV or JSON for external auditors. Every report includes the complete decision context — intent type, reasoning summary, risk signals, and KYA score at the time of transaction.

Fraud analytics & case management

Identify anomalous patterns across agents, merchants, and time periods. The dashboard surfaces eight signal categories drawn from the protocol’s seventeen-type risk taxonomy — velocity spikes, geographic anomalies, amount outliers, behavioral drift, and more. Flag cases directly from the dashboard, assign to investigators, and track disposition through resolution. Chargeback management with evidence collection and Mastercard dispute lifecycle tracking.

Illustrative dashboard — sample data

Total authorizations

14,287

+12.3% vs last period

Approval rate

97.2%

+0.8% vs last period

Avg latency

23ms

-2ms vs last period

Active agents

+6 this week

Authorization volume (7d)

Recent decisions

agent_procurement_01 0.92 Approved

agent_travel_03 0.87 Approved

agent_marketing_02 0.41 Declined

agent_ops_07 0.95 Approved

agent_finance_01 0.78 Approved

The protocol

Seven decision gates. Two system steps. Twenty-three milliseconds.

Every authorization traverses the full Decision Trust Protocol pipeline — from agent resolution to post-decision analysis.

Agent resolve

Identify the agent, load its mandate, trust tier, and behavioral profile from the registry.

Intent verification

Parse the intent context and validate reasoning quality, confidence calibration, and task alignment.

Anomaly gate

Run six-dimensional anomaly detection against the agent's behavioral baseline using EDQS scoring.

Mandate enforcement

Verify the transaction falls within the agent's spending limits, merchant allowlists, and time-of-day policies.

Behavioral overlay

Assess the agent's current behavioral state — detect reasoning degradation, drift, and prompt injection before they reach the network.

Risk scoring

Compute composite risk across merchant reputation, transaction patterns, velocity, and geographic signals.

KYA decision

Generate the final Know Your Agent trust score and map to GREEN, AMBER, RED, or CRITICAL trust zone.

Persist + webhooks (system)

Write the full decision record to the audit log. Fire webhooks for downstream systems and compliance tools.

Async post-decision (system)

Enqueue behavioral model updates, regulatory checks, and cross-agent correlation analysis.

Research

Advancing the science of agent trust

We believe AI agents will become the primary participants in global commerce. Our research mission is to accelerate this transition on the safest possible path — building the verification frameworks, behavioral models, and trust protocols that make autonomous financial participation reliable at scale. Every model we train, every anomaly detector we design, and every standard we propose exists to solve one question: how do you trust a machine to spend money?

EDQS Framework · New Paper

Economic Decision Quality Score

A six-dimension composite metric for evaluating the quality of AI agent economic reasoning, grounded in process-based supervision, Constitutional AI, and behavioral economics. Introduces a dual-audience architecture with pre-registered research hypotheses.

Behavioral Telemetry

Session fingerprinting & prompt injection detection

Continuous behavioral monitoring that builds behavioral profiles for each agent within a single task session. Detects prompt injection attempts, reasoning degradation, and context manipulation in real time — catching behavioral shifts at the first anomalous transaction, before mandate enforcement even runs.

EDQS Research Framework → Decision Trust Protocol →

View all publications →

Deployment

Where Mandate Labs sits in the flow

Two integration modes, one protocol. Both return the same enriched decision — the difference is when DTP is consulted.

ISSUER-SIDE

Inside the authorization window

Your processor calls DTP during authorization decisioning. The enriched, advisory response — KYA score, risk signals, reason codes — returns inside the auth window and feeds your decision engine.

Agent txn → Network → Processor → DTP → Decision

Issuer integration guide →

PLATFORM-SIDE

Before the transaction exists

Your agent platform calls DTP pre-presentment — the agent declares intent, DTP evaluates, and only approved actions become card transactions.

Agent intent → DTP → Approved → Card txn

Platform quickstart →

Sandbox access is self-serve. Production issuer deployments are sales-led and gated by Mandate Certified Integration — book a demo.

Standards alignment

Built on payment industry foundations

The networks are building the identity and consent layer — Visa Intelligent Commerce and Trusted Agent Protocol, Mastercard Agent Pay’s Agentic Tokens, Google AP2 mandates, agentic checkout protocols. DTP consumes those identity signals and scores what no token scheme provides: the quality of the decision behind the transaction. Identity and consent travel with the token; decision trust travels with DTP.

ISO 8583 / 20022

Card-rail native messages

Card rails run ISO 8583 — decision payloads map to ISO 8583 authorization data elements for inline issuer integration, with ISO 20022 alignment for reporting and account-to-account flows.

3D Secure 2.0

Issuer RBA enrichment

KYA scores can enrich an issuer’s own risk-based authentication decisioning (ACS) for agent-initiated transactions — consumed issuer-side, alongside EMV 3-D Secure data.

MC DE 48.75

DE 48.75 compatibility

Decision payloads — risk score, up to four reason codes, condition codes — are structured to map onto Mastercard DE 48.75 fraud-scoring conventions, and designed to coexist with network agent-identity standards as they ratify.

Enterprise readiness

Production infrastructure, not a proof of concept

Built for the reliability, compliance, and support requirements of financial institutions.

99.95%+

Availability SLA

Multi-region deployment with automatic failover. Target 99.99% for enterprise tier.

Multi-tenant

Isolation architecture

Fully isolated tenant environments with dedicated encryption keys and data residency controls.

SAR/STR

Compliance export

Automated suspicious activity reporting in FinCEN BSA and Panama UAF Law 23 formats.

Dedicated

Support & success

Slack Connect channel, named account manager, and quarterly business reviews.

SLA credits

Financial guarantees

Contractual uptime commitments with automatic service credits for latency or availability misses.

Versioned

API stability

Semantic versioning with 12-month deprecation windows. No breaking changes without migration support.

The infrastructure for agent commerce is being built now

Join the institutions shaping the trust layer for autonomous transactions.

Get started