Check AI tools before you trust them. Search the Registry, review live findings, and understand risk before your agents connect.
If you are new here, start with one of these four paths instead of jumping straight into the deeper listings and research pages below.
Search the Registry, review Touchstone research, and understand whether a server is indexed, live verified, certified, or actively monitored.
Use scans, assisted review, certification, badges, and proof exports to make trust visible to users, buyers, and marketplaces.
Move from trust checks to runtime policy, agent identity, traces, approvals, and governance when you need operational control.
Use the Trust Center, procurement materials, signed proof bundles, and partner integration hooks when a public score is not enough.
Touchstone checks MCP servers for common security weaknesses, risky design choices, and operational gaps before those issues turn into production surprises.
Review dependencies, SBOM data, provenance signals, and package hygiene when you need to understand how a server is built, not just how it scores.
Findings are mapped into the frameworks buyers and security teams already use, so technical issues can turn into evidence instead of another translation exercise.
Go deeper with adversarial testing when a simple trust score is not enough and you need to understand how a server behaves under pressure.
Recent work focused on five practical improvements: safer runtime control, clearer agent identity, simpler buyer diligence, portable trust proof, and benchmark-ready validation assets.
Audit is now the Runtime Gateway story: in-path policy, receipts, approvals, quickstarts, and compliance-oriented evidence.
Identity now issues agent-native delegated sessions, while Trace and Governance expose the execution and oversight context around them.
The public trust layer now includes security, disclosure, incident response, procurement, HIPAA/FedRAMP posture, and researcher-program materials.
Signed proof bundles, trust manifests, partner integrations, and public asset summaries now connect trust data to real buyer and partner workflows.
Runtime benchmark methodology, questionnaire starters, partner packets, and CNA-readiness surfaces now make external validation simpler and more accurate.
Stand out in MCP marketplaces with a verified trust badge. Prove to users your server is safe, transparent, and trustworthy.