๐Ÿ›ก๏ธ Independent Trust Authority

Trust, but verify.

Every AI tool scanned, scored, and certified. Know what your AI tools are doing before you connect.

No account required ยท Results are public ยท Max 5 scans/hour

Trust Score Distribution

Recently Scanned

View all โ†’

Highest Rated

View all โ†’

Newly Certified

View all โ†’

Recently Flagged

View all โ†’

Recently Indexed Packages

View all โ†’

Touchstone Security Research

View Advisories โ†’

Vulnerability Research

63 automated checks across 9 domains including A2A Agent Card security, tool poisoning, input validation, data security, supply chain, infrastructure, and runtime. Findings scored with OWASP AIVSS.

Supply Chain & SBOM

CycloneDX SBOM generation, dependency vulnerability scanning via OSV, Sigstore provenance verification, and container hardening analysis for every indexed package.

10 Compliance Frameworks

Every finding mapped to CoSAI, OWASP MCP Top 10, OWASP Agentic AI Top 10, MITRE ATLAS, NIST AI RMF, EU AI Act, ISO 42001, MAESTRO, SOC 2 Type II, and HITRUST CSF. Published advisories include full compliance context.

Red Team Testing

219 automated adversarial attack templates across 14 categories. Prompt injection, tool poisoning, privilege escalation, jailbreak, encoding bypass, and more. Available via API and CLI.

Published Advisories Check Reference (63) Red Team Dashboard

Start With Your Goal

View platform directory โ†’

The platform has grown quickly. These are the shortest paths for most people using CraftedTrust today.

Evaluate an MCP Server

Search the Registry, review Touchstone research, and understand whether a server is indexed, live verified, certified, or actively monitored.

Search Registry Touchstone Coverage Methodology

Publish and Certify Your Server

Use scans, assisted review, certification, badges, and proof exports to make trust visible to users, buyers, and marketplaces.

Publisher Center Start Certification Badge Generator

Protect Production Agent Traffic

Move from trust checks to runtime policy, agent identity, traces, approvals, and governance when you need operational control.

Runtime Gateway Trace Governance Identity

Share Proof With Buyers and Partners

Use the Trust Center, procurement materials, signed proof bundles, and partner integration hooks when a public score is not enough.

Trust Center Proof Bundles Partner Integrations
Resources Hub Publisher Center Trust Center Proof Bundles

What's New Across CraftedTrust

View changelog โ†’

The recent roadmap work centered on four upgrades: runtime protection, agent identity, public trust/procurement, and portable proof for partner workflows.

Phase 1

Runtime Gateway

Audit is now the Runtime Gateway story: in-path policy, receipts, approvals, quickstarts, and compliance-oriented evidence.

Overview Quickstart
Phase 2

Agent Identity & Trace

Identity now issues agent-native delegated sessions, while Trace and Governance expose the execution and oversight context around them.

Identity Trace Open Source Toolkit
Phase 3

Trust Center & Procurement

The public trust layer now includes security, disclosure, incident response, procurement, HIPAA/FedRAMP posture, and researcher-program materials.

Trust Center Procurement Kit
Phase 4

Proof Bundles & Partner Hooks

Signed proof bundles, trust manifests, partner integrations, and public asset summaries now connect trust data to real buyer and partner workflows.

Proof Bundles Partner Integrations

Get Your Server Certified

Stand out in MCP marketplaces with a verified trust badge. Prove to users your server is safe, transparent, and trustworthy.

Start Certification Learn More