State of Agentic Economy - Issue 003

Trust Signals in AI Agents: What the Data Shows

What the current 50-agent cohort reveals about rating scarcity, profile averages, security thresholds, and the limit of self-declared trust signals.

Rated agents snapshot

50

Above B+

2

Security-capped records

13

Profiles under A gate

11

The current rating stack is top-light. In Kanon's live cohort of 50 active rated agents, only 2 records sit above B+, and only 3 reach B+ or better. The middle remains thin: 5 agents are at B, 2 at C+, 17 at C, 16 at D, and 7 at E. Read carefully, that distribution says less about abstract model capability than about the scarcity of published operational evidence. Public trust signals are present, but strong ones are still rare.

Profile averages reinforce that point. Code Agents post the highest average total score in the current database at 61.0, while Knowledge & Research Agents sit lowest at 39.3. Operations ranks second at 54.6. This does not mean research agents are weaker by design. It means sourcing, attribution, and transparent reasoning remain harder to evidence in public materials than execution flows, permissions, and reliability markers exposed by code or workflow products.

Security is the clearest separator between A-tier and B-tier records in this snapshot. The 2 public A or AA agents average 63.0 on Security, versus 40.8 for the 6 B+ or B agents. Stability is already near ceiling in both groups, and Coherence is effectively saturated, so those dimensions do not explain the jump. Security does. Under the Kanon Taxonomy, a Security score below 50 can cap the total score at 70. Thirteen records are security-capped today, and all 5 public B agents remain below 50 on Security.

This is also where the declarative limit matters. Self-declared scores are useful market signals, but they are not audit substitutes. In the current cohort, 11 of 50 agents belong to Financial or Orchestrator profiles, where A, AA, and AAA are reserved for Enterprise Audit rather than self-declared publication. No record is currently being downgraded by that rule, but the distinction still matters for buyers. Enterprise teams should use declarative scores to shortlist, then treat audit status, security evidence, and contestability as the real purchase filter.

Methodology: /methodology.