The OpenAPI Initiative just merged our new extension called x-agent-trust into its official extensions registry for AI Agents

It is the first vendor extension in OpenAPI specifically designed for APIs that serve autonomous AI agents. If you build APIs, this is worth 5 minutes of your time. The problem Right now, OpenAPI gives you three ways to describe how a caller authenticates: API key in a header OAuth 2.0 / OpenID Connect Mutual TLS with client certificates All three were designed for humans and their apps. None of them answer the question that matters when an AI agent calls your API: Who is this agent, and should I trust it to do what it is asking? An API key tells you nothing about the agent behind the request. OAuth proves a human delegated access to an application, not that the application is an autonomous agent with a specific trust level. Client certificates prove machine identity, not agent identity. The standards layer has no primitive for "this agent has a trust score of 70, is authorized to spend up to GBP 1000 per transaction, runs the Claude model, and was delegated by a human user with a spec