OPAQUE announced OPAQUE 3.0 alongside open-source AgentTrust components, including Agent Manifest and Confidential MCP, aimed at providing cryptographic evidence of AI agent identity, intent, policy enforcement, and tool use.
OPAQUE announced OPAQUE 3.0 and a set of AgentTrust open-source tools intended to strengthen governance and verification for enterprise AI agents.
In a PR Newswire announcement, OPAQUE said OPAQUE 3.0 extends its agent governance toolkit with verifiable identity and what it describes as a “verifiably governed and secure MCP.” The company said the release includes open-source components called Agent Manifest and Confidential MCP, designed to provide cryptographic and hardware-enforced evidence for enterprise AI agent activity.
The announcement comes as enterprises adopt AI agents that can call tools, retrieve data, and take actions across software systems. OPAQUE’s pitch is that organizations need ways to verify not only which agent is acting, but also what it is authorized to do and whether tool calls are being governed at runtime.
The AgentTrust website describes the project as a set of open standards and tools for “cryptographic proof of agent identity, intent, and behavior.” AgentTrust lists Agent Manifest, Confidential MCP, TRACE, and a June 23, 2026 launch of related standards and tools.
According to AgentTrust, Agent Manifest is intended to define an agent’s identity and declared intent in a verifiable format. The site also presents Confidential MCP as a way to secure Model Context Protocol tool calls, with governance tied to evidence rather than informal configuration.
The AgentTrust GitHub organization similarly describes work on standards for trustworthy agentic AI, including hardware-attested agent identity, runtime policy enforcement, and TEE-secured MCP tool calls. Trusted execution environments, or TEEs, are designed to isolate code and data so that systems can produce evidence about what ran and under what conditions.
Model Context Protocol has become a common way for AI systems to connect with external tools and data sources. OPAQUE’s announcement focuses on the governance risks created by that connection layer: once an agent can call tools, enterprises need a defensible way to know whether each action came from an approved agent operating under approved policies.
OPAQUE says Confidential MCP is meant to provide verifiable governance for those tool calls. The company’s materials characterize the approach as combining agent identity, runtime policy checks, and hardware-backed evidence. AgentTrust’s GitHub description adds that its work includes TEE-secured MCP tool calls, suggesting the project is trying to bind tool access decisions to attested execution environments.
The sources describe a standards-oriented and open-source approach, but they do not provide independent performance evaluations, enterprise deployment case studies, or third-party security audits in the materials reviewed. For buyers and security teams, the practical questions will be how easily these tools integrate with existing agent frameworks, how policy enforcement behaves under failure conditions, and whether the attestation evidence is usable in compliance and incident-response workflows.
OPAQUE’s announcement is nonetheless notable because it addresses a concrete problem in agent deployment: governance controls are difficult to trust if they cannot be tied to verifiable identity, declared intent, and runtime behavior. AgentTrust’s public materials and GitHub presence indicate that OPAQUE and collaborators are positioning Agent Manifest and Confidential MCP as open building blocks for that verification layer.
OPAQUE announced OPAQUE 3.0 and a set of AgentTrust open source tools intended to strengthen governance and verification for enterprise AI agents.
The announcement comes as enterprises adopt AI agents that can call tools, retrieve data, and take actions across software systems.
OPAQUE’s pitch is that organizations need ways to verify not only which agent is acting, but also what it is authorized to do and whether tool calls are being governed at runtime.
Continue reading