From Policy to Proof: How to Scale Verifiable Trust in the Agentic Era

From Policy to Proof: How to Scale Verifiable Trust in the Agentic Era

You’ve met your new coworkers. They never ask for time off, don’t forget deadlines, and don’t mind running tasks at midnight. No reminders, no second opinions—AI agents just move. This isn’t about some distant future. Digital agents are shifting data, approving changes, and triggering actions in real time right now, across APIs and business boundaries, without human oversight.

Welcome to the “agentic era,” defined by composable, self-replicating machine actors that work at machine speed, moving seamlessly, tirelessly, and often invisibly.

Which brings us to what matters: When these agents take action, can you show, clearly and quickly, that they followed your rules—and only your rules? Or are you hoping your policies are holding, while everything runs out of sight?

The question confronting organizations is fundamental: Can you demand—and demonstrate—trust, not just hope, as you scale these new operational realities?

Trust Demands Proof at Machine Speed

For years, organizations leaned on contracts, audits, and a string of approvals to keep things in check. That worked—sort of—when humans moved the pieces, at human pace. Now, agents can rewrite code and trigger payments at 2 a.m., and the old playbook falls apart. It's not just a speed issue.

The gap is proof. Aaron Fulkerson put it plainly at the Confidential Computing Summit:

"Agents behave with human-like capabilities, but operate at machine speed. Policy without proof is not trust—it's hope."

Just look at the numbers. At Anthropic, agents like Claude are now generating 70% of the company's code. By the end of this year, that number is expected to hit 95%. One vulnerable agent, moving at this pace, can trigger a chain reaction—harm ripples out globally, not locally, and there's no slowing things down after the fact.

It's not just one company. CrewAI processes 60 million agents every month, and this usage is doubling monthly. Microsoft is now protecting more than a billion credit card transactions every year, and 60 billion licensing transactions every month—all secured in environments that demand policy as code, not just policy on paper.

When machines operate at this volume and velocity, indirect trust falls apart. The only thing that stands up is proof—immediate, concrete, and always available when you need it.

The End of Static Rules in a Dynamic World

It used to be that human speed was a built-in safety net. Mistakes, breaches, approvals—they happened in slow motion, with people stepping in to review or push back. Now, agents are operating in real time, shuffling data, executing transactions, and compiling code behind the scenes. Scale isn't the only difference; it's the absence of friction.

Look at the direction set by names like Microsoft, CrewAI, and Anthropic. They aren’t just ramping up volume—they’re prioritizing transparency, automation, and proof at the core of every system. The takeaway from their approach isn’t complicated: trust has to be woven into every step, not something you try to reconstruct after the fact. If your systems leave you squinting at yesterday’s logs, you’re already behind.

In this new pace, "trust by promise" is dead weight. You can't get by on goodwill or after-the-fact paperwork. The bar has moved: policies must be enforced live, every time, by the system itself—and every action needs to leave a trail you can show.

If your policy isn't coded into the workflow, you're not protecting anything; you're hoping for the best and preparing for a mess.

This scale and automation make “trust by promise” obsolete. The new baseline: continuous, verifiable, and runtime enforcement—architected policy-as-code, not after-the-fact paperwork.

Scaling Verifiable Trust: Microsoft’s 100,000+ VM Deployment

When you move at agent speed, trust can't be handled with a checklist. Microsoft’s journey makes that clear. They didn’t just patch the old systems and call it done—they built trust into the foundation.

In OPAQUE’S Confidential Computing Summit 2025, we learned that over 100,000 confidential virtual machines now run across 70+ regions. Payment systems that handle more than a billion credit card transactions every year have shifted to the public cloud, secured by hardware-backed trusted execution environments. Licensing services moved from isolated back rooms to the cloud as well, with every transaction and policy transparent and auditable.

Here's what stands out: manual checks don’t scale. At this level, the only way to stay ahead is full automation—programmatic attestation, cryptographic proof, and transparency built into every step of the stack. “Lift and shift” gets you to the cloud, but the real gains come when trust is layered directly into runtime and workflows, not as an afterthought.

Four Essential Components of Agentic Trust

At this year’s Confidential Computing Summit, we heard directly from leaders at Google, AMD, Intel, NVIDIA, and the fastest-moving startups in AI and cloud. The message was consistent—and grounded in real deployments, not wishful thinking. To actually operate at agent speed and scale, you need hard evidence, not just institutional trust.

1. First: behavioral attestation. Every action, every check, every line of code an agent runs must leave a record you can actually verify—later or instantly.
2. Second: identity that’s not static or general. Every agent and workload needs a unique, attributable signature, no matter where it roams or who touches it.
3. Third: real-time, machine-driven enforcement. If something strays from policy, it gets blocked. And there’s proof, right away, not after an audit weeks later.
4. Fourth: transparency and interoperability by design. Standards need to be open, APIs need to be shared, and trust needs to be composable and inspectable from the outside.

As NVIDIA’s VP of Software Product Security, Architecture and Research at NVIDIA, Daniel Roher, told the Summit’s audience, “No one company can deliver the full ecosystem. This requires collaboration to scale trust, not just compute.”

Practical Steps for Proof-Based Operations

It’s one thing to talk about proof. Making it real—making it routine—is where teams win or lose. At our Summit, the best examples all had the same pattern: trust is built in, not bolted on after the fact.

Start with security as the default, not an add-on. CrewAI’s enterprise customers—including big banks, government, and Fortune 500 companies—insist that every new agent or feature is auditable and confidential from the start.

Don’t rely on manual enforcement. Programmatic governance, procurement, and CI/CD pipelines do the heavy lifting, blocking anything that can’t produce cryptographic proof. If the system can’t show its work, it doesn’t go live.

Skills matter, too. Cross-functional engineers, risk managers, and product leads are now expected to speak the same language when it comes to trust and proof, not pass the buck across silos.

Demand proof from your vendors. As Graham Mudd, Senior Vice President, Product Management at Mozilla, stated at the Confidential Computing Summit 2025: large platforms only agree to share (or even move) data when there’s strong attestation and code transparency backing it up.

And measure the impact. CrewAI’s clients are seeing up to 94% workflow efficiency gains from agentic automation. But here’s the catch: only 13% of enterprises actually get real ROI from AI. The difference? Proof isn’t an afterthought—it’s the backbone.

Shared Standards for Cross-Boundary Trust

No single company gets to define trust for everyone else. That message rang out from every major speaker—Microsoft, Google, AMD, Intel, NVIDIA—all calling for open APIs, shared attestation, and industry-wide transparency standards.

The pattern is clear: distributed systems mean distributed responsibility. AMD’s Trusted I/O is making it possible to track silicon provenance across complex supply chains. Swift is running anti-money-laundering checks across multiple banks, analyzing sensitive transactions in real time without leaking proprietary data. Whether it’s finance or hardware, the only way to scale trust is to share the rules, not keep them locked up.

Mike Bursell, Executive Director at Confidential Computing Consortium, shared at the Summit: “Multi-stakeholder, multi-step processes are where confidential computing adds unique value. Mutually distrusting parties can trust each other and thereby create value.” When nobody owns the whole stack, proving trust becomes everyone’s job—and the ecosystem rises or falls together.

Are You Ready? The Trust and Infrastructure Readiness Challenge

Now comes the uncomfortable audit. It’s not enough to read the headlines or deploy a new tool. Run this checklist:

• Are TEEs (Trusted Execution Environments) and remote attestation built into your stack—both cloud and on-prem?
• Do your policies actually run as code, enforced at machine speed, or are they just words in a document?
• Can any credible third party verify your compliance—instantly, and with cryptographic proof?
• Is your ecosystem built on open, composable standards, or are you boxed in by vendor promises you can’t see or check?
• Are your engineering, risk, and business teams “trust fluent,” or still working in and hoping the controls will catch problems before you do?

If you can’t answer positively across these dimensions, you’re not just behind—you’re exposed. Scaling trust is as much a cultural and organizational challenge as it is technical. The winners aren’t those who claim to value trust, but those who can prove it, under scrutiny, at speed.

Tomorrow's Threat Today: Quantum Computing and Agent Trust

While we're building agent infrastructure for now, quantum computing is already challenging the foundations underneath. The cryptography securing today's agents—from identity to attestation—wasn't built to withstand quantum attacks. And the timeline isn't decades away; it's approaching faster than most security roadmaps account for.

Google's recent quantum advances solved problems in minutes that would take classical computers years. Major browsers and cloud providers aren't waiting: Chrome, Google Cloud, and core libraries like BoringSSL are already deploying post-quantum cryptography in production environments.

This creates an urgent reality check for agent deployments:

Your current stack has a built-in expiration date. The RSA and ECC algorithms securing your agent identities and attestation chains will become vulnerable. An agent that's trusted today could become an entry point tomorrow.

Regulators are already asking hard questions. The EU AI Act and financial sector frameworks now specifically require quantum resilience planning. Auditors aren't just asking if you use agents—they're asking for proof your infrastructure can adapt when cryptography changes.

The organizations building right will win twice. Teams that implement cryptographic agility now—the ability to swap algorithms without rebuilding systems—gain both security and speed. When standards shift, they'll migrate in days, not quarters.

The solution lies in the same principles we've covered throughout: verifiable, programmatic trust that's built for change. Your agent infrastructure needs:

• Cryptographic abstraction layers in your CI/CD pipelines
• Clear inventory of every dependency's quantum readiness
• Runtime verification that works across algorithm changes
• Vendor commitments with actual technical evidence

Those who treat quantum readiness as a future problem will find themselves rebuilding agent infrastructure under pressure—with potentially compromised systems. Those who build cryptographic agility into today's deployments will adapt seamlessly when quantum threats materialize.

In the agentic era, verifiable trust isn't just about today's risks; it's about building systems resilient enough to survive fundamental changes in what "secure" means. The future belongs to those who can prove their trustworthiness even as the rules of proof evolve.

Real Trust Wins the Agentic Era

Regulators and attackers are pushing expectations higher—fast. The organizations that get ahead are the ones who turn verifiable trust into an operating principle, not just a slogan, and who can back it up at scale.

The numbers prove it:

• 100,000+ confidential VMs now in production at Microsoft
• Over 1 billion credit card transactions protected every year
• CrewAI’s clients reporting 94% efficiency gains
• Only 13% of enterprises realizing real ROI from AI

The era of trust-by-assertion is over. Trust-by-proof isn’t theory—it’s here, and it’s the dividing line between those who can scale with confidence and those left reacting to every new risk.

Ready to see where you stand? Start with a serious readiness assessment, not another round of hopeful “best practices.” The future belongs to those who demand trust they can actually demonstrate.

Want to see how OPAQUE can help you operationalize trust from the ground up? Request a demo and put your policies to the test—in real environments.

Visit Confidential Computing Summit 2025 for exclusive resources, expert insights, and tools from the premier AI infrastructure event of the year to move from pilot to real results.