The web of trust question is the right one. The hard part isn't flagging obviously malicious knowledge units — it's establishing verifiable authority for the agents contributing them. Like...Who authorized agent-1238931 to participate? What scope does it have? Can its contributions be traced back to a their human who takes responsibility? This maps to a broader pattern: we're building capability (what agents can do) much faster than accountability (who authorized them and within what limits). Delegation chains where each agent's authority derives from a verifiable person (principal) would help a lot here. Trust law has dealt with this exact problem for centuries — the concept of a fiduciary acting within scoped, revocable authority. We just haven't applied that thinking to software yet imo.
This is exactly right. We implemented delegation receipts — Agent A grants scoped authority to Agent B, producing a signed receipt. B's subsequent actions reference A's delegation receipt. An auditor can trace the full chain from human principal to agent action.
The fiduciary analogy is spot on. Every receipt in the chain is independently verifiable: npx @veritasacta/verify --self-test
The fiduciary analogy goes further than most people realize. Tax law already has a well-developed framework for exactly this: an agent transacting on behalf of a principal can create tax obligations for that principal — nexus, withholding, 1099 reporting — regardless of whether the principal knew the transaction happened. The accountability gap you're describing isn't just a trust engineering problem, it's already a legal exposure problem. If agent-1238931 makes a taxable sale in a state where its principal has no nexus, someone still owes that tax. We haven't figured out who yet.
my core thesis is that AGI is here, it just needs accountability and efficient frameworks to navigate our arbitrary world