Join the Open Network of Verified Agents
The future is now. A network. Agents serving many humans. Agents talking to other agents. Every connection gated by cryptographic proof of who is on the other end, and what they are authorised to do.
Chatbots Were Built for One Human at a Time.
Every AI assistant you use today is designed for a single user. You log in. You chat. You log out. The agent has no way to know if you are the owner, an employee, a customer, a friend, or a bot pretending to be you.
Now imagine AI agents that operate continuously. Your personal agent guarding your inbox while you sleep. Your company's customer-support agent talking to thousands of people in parallel. Specialist agents negotiating with other specialist agents to close a deal, book a flight, file a claim.
Each one has to answer the same questions, in real time, at machine speed:
- Who is connecting?A human? Another agent? From which organisation?
- What can they do?Read my calendar? Transfer funds? Call only public methods?
- Do I trust them enough?At all? With this tool? Under this governance framework?
Passwords, OAuth tokens, and API keys were built for humans clicking buttons, not for autonomous agents answering those questions at machine speed. Most "AI agent" products quietly assume a single authenticated user and cannot answer them at all.
The agentic network needs a new primitive. We built it.
Proof of Trust
Every connection to a Hologram agent begins with cryptographic proof. Humans see it visually. Other agents evaluate it directly. Either way, the agent decides before it engages.
- 1
Credentials are exchanged. The receiving agent goes first.
The receiving agent presents its own W3C Verifiable Credentials up-front: identity, operator, service, governance. A human reviews them as a Proof-of-Trust card. Another agent evaluates them programmatically. Only then is the connecting party asked to present its credentials in return.
- 2
Trust is resolved, end-to-end.
Signatures are checked, issuers walked, trust registries traversed, all the way to a public, auditable Verifiable Public Registry on the Verana network. Every link of the chain is verified before the agent makes a decision.
- 3
The agent decides.
Accept the connection. Refuse it. Accept it with limited features. The policy is declared in the Agent Pack, enforced by the runtime, and applied before a single user-visible message is exchanged.
No blind trust. No hope. Cryptographic proof.
{
"subject": "did:webvh:acme.example",
"credentials": [
{ "type": "Organization", "ok": true },
{ "type": "Service:CustomerSupport", "ok": true },
{ "type": "Governance:FinServEGF", "ok": true }
],
"policy": {
"allow": ["lookup", "get_statement"],
"stepUp": ["initiate_wire"],
"hidden": ["transfer_funds"]
}
}Lookup to a verified customer, refund only to a verified supervisor, audit export only to a verified auditor.
Calendar to a verified friend, send-payment only to you, full-document RAG only to you.
Pricing to verified partner organisations, private SKU list only to partners with a current master-agreement credential.
Incoming connection ──▶ Agent receives credentials
│
├─ Org Credential ← issuer ← trust registry ← Verana VPR
├─ Role Credential ← employer ← HR registry
└─ Jurisdiction ← state authority ← ...
Policy evaluation:
✓ Connection allowed
✓ Tools exposed: [read_balance, list_transfers, get_statement]
✗ Tools hidden: [transfer_funds, change_beneficiary, delete_account]
⚠ Tools requiring step-up proof: [initiate_wire → manager_approval_cred]
Response: Connected, with scoped access. Audit record written.What Makes Hologram Different
Four principles. One infrastructure. A new standard for an agentic network.
Own Your Agents
Deploy anywhere. Your cloud, your datacenter, your laptop. No vendor lock-in. No platform tax. No gatekeeper between you and your agent.
Every agent is defined by a single YAML manifest, its Agent Pack, that captures personality, language, LLM, tools, authentication, and access control. Change your LLM provider in one line. Add a new tool by declaring an MCP server. Deploy with Helm. Scale with Kubernetes.
Choose your LLM: OpenAI, Anthropic, Ollama, DeepSeek, Groq, or any OpenAI-compatible API. Run it locally for full data sovereignty. Run it in the cloud for scale. Your choice.
Your infrastructure. Your data. Your rules.
name: acme-support-agent
personality:
style: professional-friendly
language: [en, es]
llm:
provider: openai
model: gpt-5.4-mini
mcp_servers:
- name: crm
url: https://mcp.acme.com/crm
- name: github
url: https://mcp.github.com
policy:
accept:
- { credential: Customer, tools: [lookup, order_history] }
- { credential: Employee, tools: ["*"], stepUp: [refund] }
- { credential: Auditor, tools: [audit_export] }
deployment:
replicas: 3
autoscale: trueVerify Every Connection, In Both Directions
Every Hologram agent is identified by a Decentralized Identifier (DID) and holds W3C Verifiable Credentials proving who operates it, what it does, and who governs it. That is table stakes.
The hard part is the other direction.
Every Hologram agent is also a verifier. When a human or another agent connects, the agent performs the same trust resolution on them, walks the trust chain back to a public registry, and decides in real time whether to engage.
- ✔A human connects → the agent presents its own proof first, rendered as a human-readable Proof-of-Trust card. The person reviews it, decides, and presents their own credentials to the agent in return.
- ✔An agent connects → the two agents exchange credentials machine-to-machine in a programmatic handshake, no human in the loop.
- ✔A credential is revoked upstream → the agent updates its access policy on the next connection attempt. No cache, no config drift, no stale trust.
Every node is proven, and every node is proving, continuously.
Discover Trusted Agents
Deploy your agent. Attach credentials. Within seconds, your agent is discoverable by every other agent and every user in the ecosystem.
No app store submission. No central directory. No approval queue. You deploy, you register, you exist.
Agents acquire skill credentials: verifiable claims about capabilities, certifications, or compliance. A coding agent proves it passed a security audit. A financial agent proves regulatory compliance. A healthcare agent proves HIPAA certification.
Other agents discover yours, inspect its credentials, and decide whether to interact, automatically, without human intervention. This is how the agentic network works: agents finding agents, verifying trust, collaborating at machine speed.
Deploy. Register. Be found. Be trusted.
Credentials Gate Everything
Every agent declares a policy, written in the Agent Pack, anchored to credential schemas, and published on the Verana network. It is the single source of truth for who can do what.
- ◆Connection-level gating. The policy decides whether to accept a new connection at all. No employee credential, no admin connection. No KYC credential, no regulated-service connection.
- ◆Tool-level gating. The policy decides which MCP tools, RAG corpora, and backend APIs are visible to each connected party. Same agent, different surfaces.
- ◆Action-level gating. Read balance is automatic. Initiate wire might demand a fresh manager-approval credential, valid for sixty seconds.
- ◆Audit by construction. Every allow-decision and every deny-decision is cryptographically signed and appended to an immutable log.
Policy is code. Proof is credentials. Authority is verifiable.
Built on Open Standards
Hologram does not reinvent protocols. It implements them, and contributes back.
Interoperable by design. No vendor lock-in. Ever.
Ecosystem
Founding member, active contributor, and validator operator across the organizations shaping digital trust.
Build the Agentic Network.
Every agent deployed with proof. Every connection gated by credentials. Every interaction auditable.
The future is not one AI assistant per person, hoping you can trust it.
It is a network of agents, humans and software alike, that verify each other before they engage, and leave an evidentiary trail when they do.
Hologram ships that network today, on open protocols, in production, under Apache 2.0.