Building the Trust Layer for Autonomous Agents

Danny opened the sharing wanting to know who has connected their personal Gmail to an agent and felt a weird spike of anxiety about it. Hands go up around The Stage at SQ Collective.

Danny and Rajesh are building loomal.ai, and they are here to talk about the trust layer for autonomous systems. The core issue is not about whether the models are smart enough to do the work. The issue is that they are doing the work while wearing our faces.

The problem with borrowed credentials

Danny opens with a sharp observation that frames the rest of the night. He says, "Every agent borrows your identity today."

If you use Cursor, Claude Code, or Devin, you are handing over your API keys, your logins, and your Stripe credentials. The agent walks around the internet acting as you. If it sends an email, the recipient thinks you sent it. If it buys something, your credit card gets charged. If it edits a production database, the logs point directly back to your user account.

The convenience is high, but the accountability is zero.

If you have ten different secrets stored in a local environment file and you reuse them across projects, you are one bad agent action away from a massive cleanup job. You would have to log into multiple websites and revoke access everywhere.

Take-away for me: This is the kind of invisible technical debt that we accept because the new tools are shiny, but it is completely unsustainable for serious work.

Why a secret token is not an identity

A lot of builders in the room rely heavily on API keys. He points out that API keys are a 25-year-old technology. They were built for scoped access, not for sovereign, autonomous actors.

An agent that actually does work needs what a human worker needs. It needs an email address. It needs a password manager. It needs its own two-factor authentication.

Loomal gives the agent exactly that. When an agent has its own operating identity, the failure modes change completely. If the agent goes off track, you do not have to burn your own credentials. You just rotate one controlling key. Danny explains that you can stop an agent in its tracks by stopping its identity right there.

The chain is broken cleanly. Your personal accounts remain untouched.

The shopping cart wall

Rajesh brings the theory down to earth with a very ordinary example.

Imagine you want to buy a gift for a friend. You tell your agent you have a budget of one hundred dollars. The agent is incredibly good at the research phase. It scans Lazada, Shopee, and Amazon. It compares prices and reads reviews. It finds the perfect item and adds it to the cart.

Then it hits a wall.

It cannot check out because it does not have an email address to create an account. You certainly do not want to give it your raw credit card details without strict spending limits. The automation dies right at the point of transaction because the agent has no commercial identity.

This is the exact friction point that builders hit every day. The agent can read and think, but it cannot finish the job.

Managing the anxiety of delegation

There is a brilliant moment of audience interaction that reveals how little we actually trust these systems right now.

Rajesh asks the room how often people check on their agents when they are running a long research task.

"Every five minutes," someone says from the second row.

"Every two minutes," another person adds.

The room laughs because it is entirely true. We build autonomous systems and then hover over them like nervous supervisors. Rajesh suggests a different model. What if the agent had its own email and could notify you directly when the work was done. Not a system notification from a platform, but a direct message from the worker.

Someone from the floor asks a very practical question about setting up a new Gmail inbox just for the agent instead of using Loomal. Rajesh answers by pointing out the scale problem. If your agent is hopping across unknown websites finding deals, it needs to sign up for things dynamically. Plus, Google imposes strict rate limits on personal accounts. If your agent spins up a hundred sub-agents that each send ten emails, you hit a block almost instantly.

The agent needs infrastructure designed for software, not a consumer email workaround.

Proof and accountability

For anyone building in healthcare, legal, or finance, the identity problem is not just about convenience. It is about compliance and liability.

If an agent edits a legal contract or a medical record, you need to know exactly who made the change. If the agent borrows the lawyer's identity, the law firm carries the risk.

Rajesh has been a blockchain engineer since 2016, and he leans on that background to explain the solution. Loomal creates a cryptographically signed audit trail. It records who authorized the work, what the agent did, and whether it stayed within its delegated scope. If something goes wrong, you can cryptographically prove that the agent took the action, not the human.

An audience member asks about decentralized identity standards like W3C verifiable credentials. Rajesh confirms that this is exactly the model they are using. They issue a decentralized identifier for every single agent they spin up. It is not just a log file. It is a mathematical proof of action.

The path to agent commerce

The most ambitious part of the session moves past individual tasks and looks at how agents will interact with each other.

If your shopping agent needs to buy something, it should be able to negotiate directly with a merchant agent. Someone in the crowd asks how you prevent a malicious agent from stealing your payment credentials during that interaction.

Rajesh explains that this is where Zero-Knowledge proofs come in. When agents transact, they only expose the specific information required to clear the deal. Nothing more. They are building an advanced version of internet payment protocols specifically for this. The shorthand they use is Stripe for agents, which captures the ambition perfectly.

It becomes clear that if agents are going to be the primary users of the internet, the entire underlying infrastructure of identity and payments has to be rebuilt for them.

The geography of ambition

Before the session wraps up, someone asks the classic startup question. Loomal launched on Product Hunt yesterday and hit number 16. They are looking for early adopters in Hong Kong and Singapore. The audience member wants to know if they have thought about staying in Singapore versus moving to San Francisco.

Rajesh smiles and calls it a YC question. He says they are open to it, but the focus remains on the product.

This is the right answer. Geography matters, but fixing the identity layer for the next iteration of the internet matters more. If you build the trust layer that allows autonomous software to safely spend money and sign documents, the location of your headquarters is a secondary concern.

The evening leaves us with a lingering thought about the tools we are building today. We are handing over the keys to our digital lives because we do not have a better option yet. Finding out what happens when the software gets its own set of keys is going to be the defining challenge of the next development cycle.

What struck me most about this Co-work Friday was how quickly the theoretical became personal. Builders at SQ Collective were not debating abstract AI philosophy. They were talking about the real, quiet anxiety of pasting production keys into a chat window. Danny and Rajesh provided a glimpse into a stack where that anxiety is engineered away.

Missed out last week? Don't worry, these conversations happen every Friday at SQ Collective.

Usually over laptops. Sometimes over pizza.

Join the next one.