AI agents are acting.
Who authorized them?
A neutral, verifiable trust layer for machine-to-machine decisions.
Trust decisions are everywhere. The infrastructure isn't.
Modern systems make automated trust decisions everywhere — AI agents calling APIs, automated approvals, credential verification, content provenance checks, software supply-chain governance. Both inside organizations and across them.
But the logic behind those decisions is fragmented across code, configs, ad-hoc integrations, private policy documents, and platform-specific permissions. Existing systems may record parts of a decision, but rarely provide a consistent way to resolve who is trusted, under which policy, and whether that trust is still valid.
The result is familiar: stale revocations, unverifiable approvals, policy drift, and audit evidence that external parties struggle to confirm.
-
01
Agent authority is fragmented Spread across code, config, credentials, and tool permissions — hard to resolve, hard to verify, hard to revoke.
-
02
Trust updates don't propagate Policy, trust, and revocation changes move through ecosystem-specific mechanisms — relying parties risk operating on stale state.
-
03
Cross-org approvals are unverifiable Approvals live in emails and private systems — hard to know who had authority, under which policy, and whether it was still valid at the time.
-
04
Provenance ≠ governance Provenance verifies origin and history. Governance decides whether that source is acceptable under your policy today.
-
05
Audit evidence is siloed Decisions get logged, but the evidence is stuck in private systems — hard to verify which policy governed it or whether the record is unchanged.
A neutral, verifiable trust layer for automated decisions.
VDR is a trust metadata registry. It stores and serves trust records — you are in control of your policy engine.
Publish trust metadata
Identifiers, policies, schemas, delegations, revocation state, and supporting evidence — versioned, tamper-evident, independently verifiable.
Resolve trust fast
Built for sub-50ms global resolution. Agents, APIs, and verifiers fetch current trust metadata without private integrations or manual sync.
Version every change
Updates create new versions while previous versions remain resolvable — relying parties can determine which trust state applied at decision time.
Verify independently
Records are backed by cryptographic evidence — anyone can verify integrity, history, and active versions without relying only on operator assertions.
One trust layer, multiple doors in.
Three environments where trusted metadata is essential yet absent today.
AI Agent Governance
Alice approved this agent six months ago. Alice left the company. The agent is still running. Who can tell you — instantly, verifiably — whether that authorization is still valid?
Media & Content Provenance
A newsroom receives signed content. The cryptographic signature is valid. But is that source acceptable under your organization's current trust policy for this workflow? Provenance verifies origin. Governance determines acceptability — and those are two different questions.
Verifiable Approvals
A cross-organization workflow receives an approval. Who issued it? Under what authority? Was that still valid at the time — or had it been revoked two weeks earlier? Without verifiable trust metadata, these questions have no reliable answer.
Who we want to meet at VivaTech.
We know this problem exists in specific environments. We want to find the organizations where it's real and operational — not theoretical. If you're routing agent approvals through email, managing revocation manually, or explaining trust decisions to auditors from logs that don't quite add up, that's the conversation we want.
Design partners get early access, direct roadmap input, and the opportunity to shape VDR before it is productized. No commitment required — we are looking for honest conversations about real operational problems.
Request a conversationBuilt by people who've done this at scale.
20+ years building PKI, key management, and security-critical platforms at tier-1 scale — HSM-backed infrastructure, cryptographic trust systems, and high-reliability media security. We are applying that foundation to VDR: trust metadata infrastructure for AI systems, governed automation, and cross-organizational trust.
KMS / PKI / HSM Infrastructure
Led KMS Platform work for European cloud infrastructure: zero-trust architecture, HSM-backed key management, lifecycle operations, encryption, and auditability.
Multi-DRM & Content Security
Co-founded KeyOS, a content security platform built for premium media workflows, major live events, and strict reliability requirements.
Low-latency Transport
Co-founded BitRipple, focused on loss-tolerant, low-latency transport for real-time and edge systems where reliability is non-negotiable.
Let's talk about your trust and governance challenges.
We are there to meet organizations dealing with real operational pain around AI governance, digital identity, content authenticity, policy, revocation, or verifiable approvals. If that sounds like your world, let's talk.
Or email directly · contact@fineworklabs.com
20-minute conversations, not sales pitches.