🤖 AI Summary
This work addresses critical trust risks in Agentic Routing Infrastructure (ARI)—including exposure of plaintext queries, unverifiable routing destinations, and lack of data integrity—when AI agents invoke external services. The paper presents the first natively trusted ARI architecture, introducing a tripartite TLS handshake protocol, a privacy-preserving collaborative query construction mechanism, and a verifiable settlement protocol that ensures both fair billing and data confidentiality. By integrating TLS extensions, secure multi-party computation, and zero-knowledge proofs, the design unifies authentication, privacy, and verifiability. Prototype evaluation demonstrates a 39.34% reduction in communication overhead, with query construction incurring only 0.19 seconds of computation and 0.58 MB of communication latency, while billing proof generation is accelerated by 28.20×—all without requiring modifications to existing service endpoints.
📝 Abstract
AI agents increasingly access external models, tools, and services through Agentic Routing Infrastructure (ARI) to manage the overhead of heterogeneous interfaces and fragmented subscriptions. Yet, the architecture of ARI introduces fundamental trust risks: it obtains plaintext access to agent queries and service responses, while leaving agents unable to verify that their queries are routed to intended service providers or that requests and responses remain untampered. To address this problem, we present TrustedARI, the first trust-native agentic routing infrastructure for agentic AI. Architecturally, TrustedARI is built upon three core innovations: (i) an ARI-adapted three-party TLS handshake that enables the agent and ARI to jointly authenticate the service provider through role-specific distribution of TLS key materials; (ii) a privacy-preserving query-construction protocol that allows the agent and ARI to collaboratively construct well-formed queries without exposing their respective private inputs; and (iii) a verifiable billing protocol that supports fair usage-based settlement while preserving the integrity and confidentiality of service responses.
We implemented and extensively evaluated a prototype of TrustedARI to validate its performance. Experiments confirm that TrustedARI is highly efficient: our ARI-adapted handshake protocol reduces communication overhead by 39.34% compared to the existing three-party TLS handshake. Furthermore, the privacy-preserving query-construction protocol imposes negligible overhead-averaging 0.19 seconds in computation time and 0.58 MB in communication costs-while the verifiable billing protocol speeds up proof generation by 28.20x. Crucially, TrustedARI is readily deployable without any modification to the service providers.