VDR · Trust Metadata Infrastructure

The governance layer AI agents are missing.

A neutral, verifiable trust layer for machine-to-machine decisions.

Meet us at VivaTech Learn more
Status Seeking design partners
Where Paris Expo · Hall 1
Built by Tier-1 infra veterans
vdr.resolve
00:00:00.000 UTC
Caller
did:agent did:agent:fin-ops-7c3a
REQUEST
VDR Registry
identity did:org:fineworklabs v1
policy agent.invoke.policy v3.2
authority delegation:scope-treasury v8
revocation none active t-2s
Verdict
resolved in 38ms policy v3.2 · authority valid · sig OK
ALLOWED
Find us at VivaTech 2026 · June 17–20 · Paris Expo Porte de Versailles
Book a meeting on B2Match
The problem

Trust decisions are everywhere.
The infrastructure isn't.

Modern systems make automated trust decisions everywhere — AI agents calling APIs, automated approvals, credential verification, content provenance checks, software supply-chain governance. Both inside organizations and across them.

But the logic behind those decisions is fragmented across code, configs, ad-hoc integrations, private policy documents, and platform-specific permissions. Existing systems may record parts of a decision, but rarely provide a consistent way to resolve who is trusted, under which policy, and whether that trust is still valid.

The result is familiar: stale revocations, unverifiable approvals, policy drift, and audit evidence that external parties struggle to confirm.

  1. 01

    Agent authority is fragmented Spread across code, config, credentials, and tool permissions — hard to resolve, hard to verify, hard to revoke.

  2. 02

    Trust updates don't propagate Policy, trust, and revocation changes move through ecosystem-specific mechanisms — relying parties risk operating on stale state.

  3. 03

    Cross-org approvals are unverifiable Approvals live in emails and private systems — hard to know who had authority, under which policy, and whether it was still valid at the time.

  4. 04

    Provenance ≠ governance Provenance verifies origin and history. Governance decides whether that source is acceptable under your policy today.

  5. 05

    Audit evidence is siloed Decisions get logged, but the evidence is stuck in private systems — hard to verify which policy governed it or whether the record is unchanged.

What VDR provides

A shared, verifiable trust layer for machine-to-machine decisions.

VDR is a trust metadata registry. It stores and serves trust records — you are in control of your policy engine.

01

Publish trust metadata

Identifiers, policies, schemas, delegations, revocation state, and supporting evidence — versioned, tamper-evident, independently verifiable.

02

Resolve trust fast

Built for sub-50ms global resolution. Agents, APIs, and verifiers fetch current trust metadata without private integrations or manual sync.

03

Version every change

Updates create new versions while previous versions remain resolvable — relying parties can determine which trust state applied at decision time.

04

Verify independently

Records are backed by cryptographic evidence — anyone can verify integrity, history, and active versions without relying only on operator assertions.

Use cases

One trust layer, multiple doors in.

We are positioning VDR across three strategic use cases. Each addressing environments where trusted metadata is essential yet insufficiently supported today.

USE-01

AI Agent Governance

As enterprises deploy agents that call tools, APIs, and other agents across organizational boundaries, a new question emerges: what is this agent trusted to do, under whose authority, and is that authority still valid? VDR helps resolve agent identity, policy, authority, and revocation state at decision time.

"An agent requests permission. VDR helps determine whether the relevant identity, policy, tool, and authority are valid before action is allowed."
USE-02

Media & Content Provenance

Content provenance helps verify where content came from and whether its signed history is intact. But receivers still need governance: which sources, certificate chains, device classes, and revocation rules are acceptable for this workflow today? VDR connects provenance checks to receiver-specific trust policy.

"A newsroom receives signed content. VDR helps determine whether that source is acceptable under the receiver's current policy — not just whether the signature is valid."
USE-03

Verifiable Approvals

Automated workflows receive approvals from people, systems, or partner organizations — but the receiver still needs to know who issued the approval, under what authority, and whether that authority was valid at the time. VDR makes approvals verifiable, revocable, and auditable across organizational boundaries.

"A governed workflow receives an approval. VDR helps verify who could have issued it, whether authority was still valid, and what policy was active at the time."
Also relevant Digital identity trust registries · Software supply-chain governance · Cross-org credential verification · Regulated workflow automation
Discuss your use case
Design partners

Who we want to meet at VivaTech.

We are shaping VDR around real operational problems and looking for design partners willing to describe their trust and governance pain in depth.

Your organization probably fits if…
You make trust decisions across organizational boundaries, systems, or jurisdictions.
You deploy AI systems or automated workflows that need governed, verifiable permissions.
Revocation, authority, or policy changes create operational pain — things break, drift, or require manual intervention.
You need audit evidence to explain why a trust decision was made — especially across systems or organizational boundaries.
Your current approach relies on hardcoded integrations, spreadsheets, private policy docs, or manual approval portals.
You work in AI governance, digital identity, cybersecurity, content authenticity, or verifiable approvals.
Relevant roles
Head of AI Governance CISO Head of Digital Identity CTO / VP Engineering Head of Innovation Platform Security Director Product, Trust & Safety Public-Sector Digital Trust Corporate Venture

Design partners get early access, direct roadmap input, and the opportunity to shape VDR before it is productized. No commitment required — we are looking for honest conversations about real operational problems.

Request a conversation
The team

Built by people who've done this at scale.

20+ years building security-critical platforms at tier-1 scale across cloud infrastructure, media security, key management, and low-latency systems. We are now applying that experience to VDR — trust metadata infrastructure for AI systems, governed automation, and cross-organizational trust.

BuyDRM / KeyOS

Multi-DRM & Content Security

Co-founded KeyOS, a content security platform built for premium media workflows, major live events, and strict reliability requirements.

BBCHBO EuropeFoxTwitchDIRECTVMicrosoftLufthansa IFE
OVHcloud

KMS / PKI / HSM Infrastructure

Led KMS Platform work for European cloud infrastructure: zero-trust architecture, HSM-backed key management, lifecycle operations, encryption, and auditability.

Zero-trust architectureHSM-backed KMSEuropean cloud
BitRipple

Low-latency Transport

Co-founded BitRipple, focused on loss-tolerant, low-latency transport for real-time and edge systems where reliability is non-negotiable.

Real-time systemsEdge infrastructureLoss-tolerant transport
VivaTech 2026 · June 17–20 · Paris

Let's talk about your trust and governance challenges.

We are there to meet organizations dealing with real operational pain around AI governance, digital identity, content authenticity, policy, revocation, or verifiable approvals. If that sounds like your world, let's talk.

Request a meeting at VivaTech Book on B2Match

Or email directly · contact@fineworklabs.com
20-minute conversations, not sales pitches.