The Missing Layer in AI Agents

In this episode of Coffee With Captain, host Chris Jourdan sits down with Concordium CTO Peter Marirosans for a 45-minute conversation about the one piece of infrastructure the AI agent boom forgot to build: accountability. AI agents have already overtaken humans in internet activity, and they are starting to transact, make decisions, and act on our behalf. When one of them goes wrong, who answers for it?

That question runs through the whole interview. Peter makes the case that proving an agent exists is not the same as knowing who stands behind it, and that the gap between those two things is exactly where Concordium's protocol-level identity fits. The conversation moves from the recent Zcash incident, through how Concordium's new agent registry works, to a simple supermarket shopping example that shows what accountable, privacy-preserving agents could look like in practice.

It is a useful listen for anyone trying to understand why identity and accountability are becoming foundational to the agentic economy, and where one blockchain is positioning itself to provide them.

1: Introduction and Peter's Background

1 Introduction and Peters Background

0:00

/171.95

1×

• Host frames the interview agenda upfront
  • Why AI agents differ from traditional software
  • Why identity and accountability are different things
  • Why ERC-8004 alone leaves accountability unsolved
  • Why trust becomes infrastructure as agents become economic actors
  • How Concordium solves accountability while preserving privacy
  • Why the verified Concordium badge matters
• Host's positioning of Concordium
  • Hosted a space with the Concordium CEO two weeks earlier
  • "The more I learn about Concordium, the more excited I get"
  • Concordium solves the missing layer in AI agents: accountability
• Peter's background
  • In tech since age six, starting with the rubber key Spectrum
  • At the forefront of technology through every wave, including Google's launch during his degrees
  • 20 years in energy
  • Seven to 10 years in crypto
  • Five years at Quant before joining Concordium
• Format notes
  • 45-minute slot, audience questions welcomed
  • Host promises follow-up with the team on unanswered questions

2: The Zcash Bug and Concordium's Ethos

2 The Zcash Bug and Concordiums Ethos

0:00

/200.412494

1×

• Host opens with the Zcash bug
  • Dominated the show's first hour
  • Asks Peter for general thoughts, explicitly avoiding chain-vs-chain PVP
• Peter's reading of the moment
  • AI marks a whole new era, "the sci-fi films I grew up with almost coming true"
  • At its core, the Zcash incident is an exploit of code on a chain with smart contracts
• Concordium's ethos in response
  • Smart contracts should never hold value
  • Tokens that sit in contracts can be drained; protocol-level custody removes that attack surface
  • This is where PLTs come in: keep value at the protocol level, in safe custody
  • Identity at the protocol level, tokens at the protocol level
  • Smart contracts reduced to giving green light or red light, never holding custody
• Why guardrails matter now
  • Agents have flipped humans in internet activity
  • Agents are active yet untested; they go rogue and do unexpected things
  • AI moves faster than any prior technology
  • Earlier waves gave people and industries time to adjust; this one gives none
  • That pace is exactly where "balls get dropped"

3: The Accountability Gap

3 The Accountability Gap

0:00

/97.518005

1×

• Host sharpens the problem
  • Agents go beyond activity; they're transacting
  • Shocking how few are building accountability infrastructure; Concordium stands among the few
• Peter: why the gap exists
  • Accountability has always lived in one of two places: the corporation or the individual
  • For the first time in history, something else is acting; neither us nor the corporation
• The autonomous car analogy
  • Who is accountable: the manufacturer that built the self-driving car, or the person behind the wheel with hands off?
  • Agents pose the same question at a much faster, bigger scale
• The open question
  • Agents act on their own intelligence and make decisions
  • Things go wrong because the technology is that fresh; guardrails are missing
  • "Now whose fault is it? How do we bring the accountability to it?"

4: The Agent Registry and the Concordium Badge

4 The Agent Registry and the Concordium Badge

0:00

/179.844014

1×

• The answer to "how do we bring accountability": something Concordium has built
• Identity at the protocol level since day one
  • "Probably earlier than we should have, but nonetheless we've had it"
  • Opening a Concordium account requires ID verification
  • Same flow as banks and exchanges: passport or ID photo plus selfie, verified against the document
• Privacy preserved by design
  • Personal information stays on your device, secured with zero-knowledge proofs and encryption
  • Only anchors to that data go on chain
  • Result: cryptographic proof that an identified human stands behind the account
• The agent registry, now live
  • Prove access to your Concordium account by signing with its keys
  • Add an anchor or attestation proving access to your Ethereum or Sol key
  • Both keys linked and ingrained on chain in the registry
• The cross-chain positioning
  • The pitch is explicitly free of "come build on Concordium"
  • Concordium adds accountability to your agent wherever it runs
  • Registered agents get a token and a Concordium badge
  • The badge tells anyone: "there's a real human behind me"
• Host's take: this should be table stakes for agents transacting on chain

5: ERC-8004 Is Identity, Concordium Adds Accountability

5 ERC 8004 Is Identity Concordium Adds Accountability

0:00

/246.204014

1×

• Host's challenge: ERC-8004 exists, didn't that solve this?
• Peter's distinction
  • ERC-8004 is agent identity, accountability is something else
  • 8004 proves you're talking to the same agent as yesterday
  • It proves 100 other people vouch for its actions and abilities
  • It stays silent on who owns it; the accountable party remains unnamed
• What Concordium adds
  • Accounts carry a human identity behind them
  • You know a human is there without knowing who, straight away
  • Zero-knowledge proofs can be requested against that human
  • A full reveal is possible where the use case allows it
  • The registry is 8004 compatible, with Concordium identity added on top
  • "That's the subtlety here"
• The healthcare scenario from Concordium's tweet, quoted by the host
  • AI agent with patient record access recommends a treatment; harm follows; investigation begins
  • The agent exists, the wallet exists, the transaction history exists; the responsible person doesn't
  • That's the difference between an agent registry and an accountability layer
  • In regulated industries, proving an agent exists won't be enough; the harder question is who's behind it
• Keys versus identity
  • Up to now: hold the key, hold the agent
  • Keys travel; they can be given away or taken, leaving zero evidence it was ever you
  • With Concordium, even a stolen key leaves your identity behind the account
  • That permanence is what makes it accountability
• Peter on Concordium's stance toward the agentic world
  • The goal is making it safe, never stopping or stifling it
  • Guardrails need to exist and actually work
  • Anyone who has played with agents knows they step over the line even when told where it is

6: The Shopping Agent: ZK Proofs in Practice

6 The Shopping Agent ZK Proofs in Practice

0:00

/182.664014

1×

• Host asks how exactly Concordium connects the dots, assuming a KYC component
• The base mechanic
  • Agent associated with your Concordium account = accountable layer attached
  • Zero-knowledge proofs can then run against your identity, in lots of different ways
• Peter's worked example: the weekly shopping agent
  • Agent gets account access and a standing order: weekly shop from the supermarket, delivered
• Hurdle one: the age check
  • Beer is on the list; the supermarket must verify the agent is allowed to buy it
  • ZK proof shows the agent acts on behalf of someone over 18
  • First hurdle taken care of
• Hurdle two: is the supermarket real?
  • The agent asks back: are you the verified business, or someone pretending?
  • In the ERC-8004 world, enough people saying "that's the supermarket agent" makes it so
  • In Concordium's case, a legal verified entity stands behind the account, otherwise the account would never exist
  • Provable by querying the agent directly
• The result
  • Two conversations, both with identity behind them, completely agentic
  • Each side verifies the other against what's on chain
• Beyond agents
  • Host: this solves age gating and geography checks generally, agents aside
  • Peter: the beauty of an identity you can run ZK proofs against
  • Zero information handed over; proof in a completely privacy-preserving manner that you're over 18 and in the right jurisdiction

7: Registration Mechanics and the HTTPS Analogy

7 Registration Mechanics and the HTTPS Analogy

0:00

/427.614014

1×

• What actually gets linked at registration
  • An NFT is minted on Concordium's agent registry contracts, associated to your account
  • Owning that NFT is owning your agent's badge
  • Coming from Ethereum or SOL: signature with that external key gets verified and folded into the same record
  • Registry returns the information you need for your agent card
• The MCP server
  • Ask it: "Can you verify this badge for me?"
  • It checks the chain and returns owner, account, validity of the record
  • Agent to agent: badge first, then "prove access to that account by signing something"
  • Everything linked immutably on chain, against the identity on the account
• Host's light bulb moment
  • This reaches beyond agents into on-chain transactions generally
  • Solves challenges that have existed for years in the on-chain economy
  • Verify where the end user is without exposing who they are
  • Jurisdiction checks for state and municipality laws, an afterthought until now
• Peter's first point: we got used to giving information away
  • Years of handing over data without understanding how or why
  • Zero reason for passport copies to sit in so many breachable locations
  • The club analogy: bouncer glances at your ID, it goes back in your wallet, you move on
  • Online, a copy gets stored somewhere without you realizing
  • ZK proofs prove categorically you're over 18, in that jurisdiction, or that it's your name
  • Reveals are possible too, all without a stored copy
• Peter's second point: the web's trust history repeating
  • Early web: DNS, then certificates, then "is this the real website or a spoof?"
  • The green tick, the yellow lock: signals the site is genuine and free of middleman attacks
  • The Concordium badge brings the same thing to the agentic world
  • Badge with a tick = verified human behind the agent
  • Take the badge number to the MCP, get a yes or no, "because we can check"
• The HTTPS exchange
  • Host recalls realizing HTTPS meant something different from HTTP
  • Peter: the browser took that technology over; you see neither lock nor protocol prefix anymore
  • Host: browsers now warn you off unsafe sites; the internet is far safer than 1999
• Why stakes are higher this round
  • Humans visiting an insecure site is one thing; agents running around transacting on our behalf is another
  • The host's quote that landed: "accountability doesn't require exposure, it requires traceability"
  • Full visibility is unnecessary; if something goes wrong, we can get to the bottom of it

8: Why Protocol Level, Not App Layer

8 Why Protocol Level Not App Layer

0:00

/346.442018

1×

• The case against the app layer
  • Applications can be middleman attacked; you have to trust the application
  • HTTP versus HTTPS all over again: less secure because it's an application at the end of the day
• The case for the protocol
  • Same protection level as your funds
  • "If you trust it to keep track of your funds and tokens, why would you not trust it to keep track of your identity?"
  • The power of the vault that is the blockchain
  • Bolt-on identity on another chain: the underlying technology lacks identity, so an add-on can always be bypassed
• Speed changes the threat model
  • A human visiting a bad website operates at human speed, comparatively very slow
  • Agents transact, move, and decide at phenomenal speed, in phenomenal numbers
  • You need something that resists breaking, spoofing, and middleman attacks at that scale
  • A distributed protocol sits there holding the identity and the badge
• Peter's pro-agent stance
  • Excited about agents, quite the opposite of against them
  • Wonders how life looks in two, five, ten years at this rate
  • His dream: a travel agent that sees a Berlin event land in the calendar and books flight plus hotel unprompted
• Where trust enters that dream
  • The ticket company must trust the agent is actually Pete
  • The hotel must know a human stands behind it, instead of a bot booking rooms and skipping the bill
  • The agent must buy economy instead of first class
  • Concordium's positioning: build the infrastructure that lets all of that happen safely
  • "And not end up on a first class ticket to the Bahamas when you're trying to go to Berlin"
• Locks teased
  • Host: when the agent fails on attempt 10 of 10, at least know who's responsible
  • Peter: "our locks would even stop that from happening in the first place"
• The 200,000 agents question
  • Host: ERC-8004 launched March 15th, just shy of 90 days ago, already 200,000+ registered agents
  • Peter: lots happening on chain, and Concordium is the infrastructure rather than a use case
  • Use cases are reaching out; the standard reaction: "Wow, that's fantastic, it's kind of what we've been looking for"
  • "The world's the oyster, let's keep going for it"

9: What the Badge Means, and What It Doesn't

9 What the Badge Means and What It Doesnt

0:00

/158.998005

1×

• Host's framing
  • The badge turns a very technical conversation into a simple visual decision for the end user
  • Badge present versus badge absent
• What the badge means
  • A verified human commissioned this agent and stands behind it
  • Accountability exists: someone is there to say "that's on me, that's my agent"
  • The relationship is provable: the badge sits in Pete's account, so Pete's commissioning of the agent can be categorically proven
• What the badge means by absence: three explicit disclaimers
  • It carries zero endorsement, zero "king's seal of approval"
  • Concordium can't vouch for Pete because Concordium has no idea who Pete is
  • It leaves risk intact: you're still talking to an agent, that's the reality of the technology
• The alpha on Concordium's blindness
  • Concordium knows nobody's account ownership; it is just the infrastructure
  • Identity verification happens at a third-party IDP
  • The foundation never sees your identity or documents
• The bottom line
  • When something goes wrong, a human stands behind it and should be accountable
  • Host's recap: the badge won't stop the $3,000 first class booking; it guarantees you know who was behind it

10: Cross-Chain Roadmap and Locks

10 Cross Chain Roadmap and Locks

0:00

/203.288005

1×

• Current coverage and pipeline
  • Ethereum and Solana supported today
  • Talks underway with a fair number of marketplaces running their own identities and ecosystems
  • Concordium becomes the accountability layer within them
  • Many platforms onboarding soon enough
• The standing invitation, restated
  • Zero pressure to drop everything and build on Concordium
  • By all means do, though: identity at the protocol level, tokens at the protocol level
  • Protocol-level tokens mean the AI can't hack the smart contract holding them in the first place
• Locks: launching very soon
  • Guardrails for what your agent can spend, where, and how often
  • Shopping example: set a $50 weekly lock with conditions
  • Fund the lock with $500 and the agent craves daily premium steak: the money stays unspendable
  • "Thanks for thinking about me, but the money isn't there, so you can't spend it"
• The two-contract registry architecture
  • CIS-8004: the ERC-8004 equivalent, with identity information on top
  • A second contract works in the background for arrivals from Eth or Sol
  • It verifies your signature matches the public key being registered
• External attestation for the rest
  • Some ecosystems lack smart contracts capable of that verification
  • An external body, Fetch.ai for example, verifies the agent belongs to its ecosystem
  • That attestation lands on chain and links back into the 8004 contract on Concordium
• The positioning, in one line
  • "Wherever you are, whatever you're building, you can carry on. We'll just add that accountability layer to your agent."

11: Use Cases, Enterprises, and the Audit Layer

11 Use Cases Enterprises and the Audit Layer

0:00

/336.434014

1×

• Which use cases need accountability first
  • Anything transacting money or value, simple as that
  • You need to know where money came from and where it's going
  • Concretely: trading agents, treasury agents, marketplace agents placing orders and paying for them
• Enterprises as the bigger adopters
  • Every enterprise sees the value: decision speed plus the vast information agents digest before deciding
  • The problem: enterprises are accountable entities; what they do matters
  • Accountability extends beyond value transfers to decisions themselves
  • The procurement example: agent digests six contracts, suggests contract B
  • Which agent decided that? Your agent or some random agent?
  • Enterprises will need to say: this is my agent, I'm accountable for its behavior and decisions
• The audit layer, launching very soon
  • Builds on last year's Verify and Access: rock up to a website, prove you're over 18
• The Ofcom conversation
  • Concordium spoke with Ofcom, the body monitoring age verifications on websites
  • Key finding: the solution drops an audit anchor on chain, timestamping that the check took place, with a hash of the information
  • Under audit, logs are provably unchanged and free of retroactive entries
  • All provable because the anchor sits on chain
• Same mechanic for enterprises
  • Agent acts or decides, drop an anchor on chain
  • Whenever anyone asks, internally or externally, what happened, why, and when: here's the anchor
  • Provable whether the agent did right things or wrong things, with accountability either way
• Host's customer service scenario
  • Corporations already run agent fleets in customer service under human managers
  • Likely already cases where an agent erred and nobody could reconcile who managed it
  • Agents hallucinate; this is phase one, ground zero
  • Shocked accountability got forgotten by agentic builders; "you would think this would've been step one"
• Peter's explanation: the pace
  • This technology is building itself; AI develops the applications and use cases pushing it forward
  • We all teach AI by interacting with it; that's why the pace is so fast
  • Guardrails and accountability need to land sooner rather than later
  • All it takes is that one scenario where something unfortunate happens

12: Agent-to-Agent Verification and Closing

12 Agent to Agent Verification and Closing

0:00

/396.330862

1×

• The full A2A verification flow, walked through
  • Pete's agent to supermarket agent: "I'm Pete, here's my Concordium badge, go verify it"
  • Supermarket agent reads the agent card, sees the badge
  • It queries the Concordium MCP: "Who's the owner?"
  • Response points to account 1234; the agent asks: "Prove you've got access to account 1234"
  • Pete's agent signs something, sends it back, verification complete
  • Verified as Pete's agent without knowing it's Pete; only that a human stands behind it
  • The same process runs the other way: Pete's agent verifies the supermarket is the real enterprise, free of impostors
• Speed and architecture
  • Both verifications run in parallel, completing within a few seconds
  • ZK proofs generate in seconds and verify in seconds
  • The whole point: a smart contract is absent from the ZK proof verification
• Registration is free
  • "Completely free. Rock up and register."
  • The registry is a standard: CIS-8004 agencies
  • Many different agencies will exist; the one Concordium runs itself is free
  • "Come and get yourself a Concordium badge"
  • URL: agent-registry.concordium.com, reachable via concordium.com
• Host's closing tribute
  • Team delivers technical information a layman can understand, with audible passion; same impression as the CEO interview
  • Concordium is solving a real problem at the foundational level before most realize it exists
  • Getting ahead of the $3,000 flights people thought were $300
  • Thanks on behalf of listeners and the space at large for taking the leadership role
• Peter's response
  • Seeing something nobody else sees yet is what excites the team and drives them to fix it
  • Open invitation: come take a look, validate what we're saying, it's all out there
• Host, now in the rabbit hole
  • Happy to amplify beyond the partnership
  • Advice to builders: register agents and get ahead of it before there's a problem
  • The badge as a credibility edge: "ours can be trusted, ours has already been registered"
  • Incremental value for builders and a safer internet
• The one thing to remember
  • Peter: the agentic economy should grow, it just needs to grow in a safe way, and for that it needs accountability
  • "The agentic economy doesn't need more intel. It just needs accountability."
  • Host crowns it the soundbite of the show: intelligence improves weekly with every new frontier model; accountability was the missing piece until Concordium came along