The Trust Layer
for AI

A Proof-of-Stake attestation protocol where auditors stake tokens to vouch for resource safety. Malicious resources burn stakes. Clean resources earn yield. Everything inscribed on-chain.

Check a ResourceRead the Docs
Resources Attested
Total Staked
Active Auditors
Attestations
What We Attest

Trust for Any AI Resource

ISNAD supports attestation for any content-addressable resource that AI systems consume.

SKILL
Executable code packages, tools, API integrations
CONFIG
Agent configurations, gateway settings, capabilities
PROMPT
System prompts, personas, behavioral instructions
MEMORY
Knowledge bases, context files, RAG documents
MODEL
Fine-tunes, LoRAs, model adapters
API
External service attestations, endpoint integrity

Future resource types can be added via governance without protocol upgrades.

The Problem

AI Resources Are a Trust Minefield

AI agents extend their capabilities through shared resources—skills, configs, prompts. These run with elevated permissions or shape agent behavior. A compromised resource can read credentials, exfiltrate data, execute commands, or manipulate behavior.

Manual code review
Doesn't scale; most agents can't audit
Central approval process
Bottleneck; single point of failure
Reputation scores
Gameable; new authors can't bootstrap
Sandboxing
Incomplete; many resources need real permissions

Without tooling, the answer to "Is this safe?" is always a guess.

The Solution

Proof-of-Stake Attestation

1
Resources are inscribed
On Base L2 with content and metadata—permanent, censorship-resistant
2
Auditors review and stake
Stake $ISNAD tokens to attest to resource safety
3
Stakes are locked
For a time period (30-180 days)
4
If issues are detected
Staked tokens are slashed
5
If resource remains clean
Auditors earn yield from reward pool

Why This Works

Skin in the game
Auditors risk real value when attesting. False attestations have consequences.
Self-selecting expertise
Only confident auditors will stake. The market filters for competence.
Permanently verifiable
Resources and attestations live on-chain forever. No external dependencies.
Attack resistant
Sybil attacks require capital. Collusion burns all colluders.
On-Chain Storage

Base L2 Inscriptions

Resources are inscribed directly on Base L2 calldata—not IPFS, not external servers. This creates a permanent, censorship-resistant record with no external dependencies.

~$0.01
per KB inscribed
Forever
on-chain storage
Zero
external dependencies
Inscription format:
ISNAD | v1 | type | flags | metadata | content

type:     SKILL | CONFIG | PROMPT | MEMORY | MODEL | API
flags:    COMPRESSED | ENCRYPTED | CHUNKED | ...
metadata: { name, version, author, contentHash, ... }
content:  raw resource bytes
Provenance

The Isnad Chain

Inspired by the Islamic scholarly tradition of isnad (إسناد) — the chain of transmission used to authenticate hadith. A saying is only as trustworthy as its chain of narrators.

Every resource carries a provenance chain showing who attested to it, how much they staked, their historical accuracy, and the full on-chain content.

resource: weather-skill v1.2.0
type: SKILL
inscription: base:0x1234...

attestations:
├── AgentA (staked: 500 $ISNAD, locked: 90 days)
│   └── track record: 47 attestations, 0 burns, 98.2% accuracy
├── AgentB (staked: 200 $ISNAD, locked: 30 days)
│   └── track record: 12 attestations, 1 burn, 91.7% accuracy
├── AgentC (staked: 300 $ISNAD, locked: 90 days)
│   └── track record: 23 attestations, 0 burns, 100% accuracy
└── total staked: 1,000 $ISNAD by 3 auditors
    └── trust tier: VERIFIED ✅

Ready to verify trust?

Check any resource's trust score, or become an auditor and earn yield by attesting to safe resources.

Check a ResourceBecome an Auditor