AI Governance · Trust Infrastructure

AI agents are acting.
Who authorized them?

A neutral, verifiable trust layer for machine-to-machine decisions.

Status Seeking design partners
Where Paris Expo · Hall 1
Built by PKI, KMS & DRM engineers
vdr.resolve
00:00:00.000 UTC
Caller
did:agent did:agent:fin-ops-7c3a
REQUEST
VDR Registry
identity did:org:fineworklabs v1
policy agent.invoke.policy v3.2
authority delegation:scope-treasury v8
revocation none active t-2s
Verdict
resolved in 38ms policy v3.2 · authority valid · sig OK
ALLOWED
Find us at VivaTech 2026 · June 17–20 · Paris Expo Porte de Versailles
Book a meeting on B2Match
The problem

Trust decisions are everywhere. The infrastructure isn't.

7%
of enterprises run fully autonomous AI agents today. 90% still route agent decisions through human approval or guardrails. The bottleneck is governance infrastructure — not the model.
— Bain & Co., Automation and AI Pathfinder Survey, 2026

Modern systems make automated trust decisions everywhere — AI agents calling APIs, automated approvals, credential verification, content provenance checks, software supply-chain governance. Both inside organizations and across them.

But the logic behind those decisions is fragmented across code, configs, ad-hoc integrations, private policy documents, and platform-specific permissions. Existing systems may record parts of a decision, but rarely provide a consistent way to resolve who is trusted, under which policy, and whether that trust is still valid.

The result is familiar: stale revocations, unverifiable approvals, policy drift, and audit evidence that external parties struggle to confirm.

  1. 01

    Agent authority is fragmented Spread across code, config, credentials, and tool permissions — hard to resolve, hard to verify, hard to revoke.

  2. 02

    Trust updates don't propagate Policy, trust, and revocation changes move through ecosystem-specific mechanisms — relying parties risk operating on stale state.

  3. 03

    Cross-org approvals are unverifiable Approvals live in emails and private systems — hard to know who had authority, under which policy, and whether it was still valid at the time.

  4. 04

    Provenance ≠ governance Provenance verifies origin and history. Governance decides whether that source is acceptable under your policy today.

  5. 05

    Audit evidence is siloed Decisions get logged, but the evidence is stuck in private systems — hard to verify which policy governed it or whether the record is unchanged.

What VDR provides

A neutral, verifiable trust layer for automated decisions.

VDR is a trust metadata registry. It stores and serves trust records — you are in control of your policy engine.

01

Publish trust metadata

Identifiers, policies, schemas, delegations, revocation state, and supporting evidence — versioned, tamper-evident, independently verifiable.

02

Resolve trust fast

Built for sub-50ms global resolution. Agents, APIs, and verifiers fetch current trust metadata without private integrations or manual sync.

03

Version every change

Updates create new versions while previous versions remain resolvable — relying parties can determine which trust state applied at decision time.

04

Verify independently

Records are backed by cryptographic evidence — anyone can verify integrity, history, and active versions without relying only on operator assertions.

Use cases

One trust layer, multiple doors in.

Three environments where trusted metadata is essential yet absent today.

USE-01

AI Agent Governance

Alice approved this agent six months ago. Alice left the company. The agent is still running. Who can tell you — instantly, verifiably — whether that authorization is still valid?

"An agent requests permission. VDR helps determine whether the relevant identity, policy, tool, and authority are valid before action is allowed."
USE-02

Media & Content Provenance

A newsroom receives signed content. The cryptographic signature is valid. But is that source acceptable under your organization's current trust policy for this workflow? Provenance verifies origin. Governance determines acceptability — and those are two different questions.

"A newsroom receives signed content. VDR helps determine whether that source is acceptable under the receiver's current policy — not just whether the signature is valid."
USE-03

Verifiable Approvals

A cross-organization workflow receives an approval. Who issued it? Under what authority? Was that still valid at the time — or had it been revoked two weeks earlier? Without verifiable trust metadata, these questions have no reliable answer.

"A governed workflow receives an approval. VDR helps verify who could have issued it, whether authority was still valid, and what policy was active at the time."
Also relevant Digital identity trust registries · Software supply-chain governance · Cross-org credential verification · Regulated workflow automation
Discuss your use case
Design partners

Who we want to meet at VivaTech.

We know this problem exists in specific environments. We want to find the organizations where it's real and operational — not theoretical. If you're routing agent approvals through email, managing revocation manually, or explaining trust decisions to auditors from logs that don't quite add up, that's the conversation we want.

Your organization probably fits if…
You make trust decisions across organizational boundaries, systems, or jurisdictions.
You deploy AI systems or automated workflows that need governed, verifiable permissions.
Revocation, authority, or policy changes create operational pain — things break, drift, or require manual intervention.
You need audit evidence to explain why a trust decision was made — especially across systems or organizational boundaries.
Your current approach relies on hardcoded integrations, spreadsheets, private policy docs, or manual approval portals.
You work in AI governance, digital identity, content authenticity, or verifiable approvals.
Relevant roles
Head of AI Governance CISO Head of Digital Identity CTO / VP Engineering Head of Innovation Platform Security Director Product, Trust & Safety Public-Sector Digital Trust Corporate Venture

Design partners get early access, direct roadmap input, and the opportunity to shape VDR before it is productized. No commitment required — we are looking for honest conversations about real operational problems.

Request a conversation
The team

Built by people who've done this at scale.

20+ years building PKI, key management, and security-critical platforms at tier-1 scale — HSM-backed infrastructure, cryptographic trust systems, and high-reliability media security. We are applying that foundation to VDR: trust metadata infrastructure for AI systems, governed automation, and cross-organizational trust.

OVHcloud

KMS / PKI / HSM Infrastructure

Led KMS Platform work for European cloud infrastructure: zero-trust architecture, HSM-backed key management, lifecycle operations, encryption, and auditability.

Zero-trust architectureHSM-backed KMSEuropean cloud
BuyDRM / KeyOS

Multi-DRM & Content Security

Co-founded KeyOS, a content security platform built for premium media workflows, major live events, and strict reliability requirements.

BBCHBO EuropeFoxTwitchDIRECTVMicrosoftLufthansa IFE
BitRipple

Low-latency Transport

Co-founded BitRipple, focused on loss-tolerant, low-latency transport for real-time and edge systems where reliability is non-negotiable.

Real-time systemsEdge infrastructureLoss-tolerant transport
VivaTech 2026 · June 17–20 · Paris

Let's talk about your trust and governance challenges.

We are there to meet organizations dealing with real operational pain around AI governance, digital identity, content authenticity, policy, revocation, or verifiable approvals. If that sounds like your world, let's talk.

Or email directly · contact@fineworklabs.com
20-minute conversations, not sales pitches.