[CS.AI] TrustedARI: Innovative Trust-Native Routing for AI Agents

Abstract

As AI agents increasingly access external models, tools, and services through Agentic Routing Infrastructure (ARI), they face significant trust risks due to ARI's architecture. This architecture provides plaintext access to agent queries and service responses, leaving agents unable to verify if their queries are routed to the intended service providers or if requests and responses remain untampered. To tackle this issue, we introduce TrustedARI, the first trust-native agentic routing infrastructure for agentic AI.

Core Innovations

TrustedARI is built upon three core innovations:

1. ARI-adapted three-party TLS handshake: This handshake allows the agent and ARI to jointly authenticate the service provider using role-specific distribution of TLS key materials.
2. Privacy-preserving query-construction protocol: This protocol enables the agent and ARI to collaboratively construct well-formed queries without exposing their respective private inputs.
3. Verifiable billing protocol: This supports fair usage-based settlement while preserving the integrity and confidentiality of service responses.

We implemented and extensively evaluated a prototype of TrustedARI to validate its performance. Experiments confirm that TrustedARI is highly efficient: our ARI-adapted handshake protocol reduces communication overhead by 39.34% compared to the existing three-party TLS handshake. Additionally, the privacy-preserving query-construction protocol imposes negligible overhead, averaging 0.19 seconds in computation time and 0.58 MB in communication costs, while the verifiable billing protocol accelerates proof generation by 28.20x. Crucially, TrustedARI is readily deployable without any modifications to the service providers.

Blogger's Review: TrustedARI significantly enhances trust and security in AI agent interactions with service providers through innovative trust mechanisms and efficient protocol designs. Its efficiency and ease of deployment indicate a promising future for intelligent applications relying on secure routing infrastructures.