Skip to main content

How AI Agents Decide Who to Trust

2.1 The “Background Check” Before a Recommendation

You apply for a job at a new company. What does the company do? A background check. They verify your degree, contact your previous employers, and check for any red flags. Only after you pass do they hire you. An AI agent does exactly the same thing before recommending a merchant to a consumer. It checks:
  • Who are you? How long has the domain been registered? Who issued the SSL certificate? Where is the business incorporated?
  • Are you secure? Does the DNS have proper security protections? Can someone spoof your email domain?
  • Are you legitimate? Is there official business registration? Are you listed with regulators?
  • Are you transparent? What does the privacy policy say? Are the return conditions clear?
  • Is your data reliable? Is product information structured or a mess?
  • Can you deliver? Is there evidence of fulfillment capability?
This is what ORBEXA’s OTR (Open Trust Registry) trust scoring system does.

2.2 The Six Assessment Dimensions

OTR evaluates a merchant across six dimensions:

V — Verification

“Who are you?”
What it checks:
  • SSL certificate — Is your website encrypted? Who issued the certificate?
  • Business registration — Can you be found in GLEIF (the Global Legal Entity Identifier Foundation)?
  • Public company data — If you are publicly traded, can Finnhub or SEC data verify it?
  • Knowledge base match — Does Wikidata (Wikipedia’s structured database) have an entity for you?
  • Domain information — Is the WHOIS record complete? How long has the domain been registered?

S — Security

“Is your site secure?”
What it checks:
  • DNSSEC — Is DNS resolution protected against tampering?
  • DMARC — Can someone impersonate your domain to send emails?
  • SPF / DKIM — Are complementary email authentication measures in place?
  • CAA record — Who is authorized to issue SSL certificates for your domain?
  • HSTS — Does the browser enforce HTTPS?
  • Plus additional DNS security signals (12 in total)

G — Governance

“Do you have legitimate credentials?”
What it checks:
  • GLEIF legal entity — Are you registered in the global legal entity system?
  • LEI number — Do you have a Legal Entity Identifier?
  • Public company verification — Can a stock ticker be found and validated?
  • Parent company relationship — Who is your parent company? Is it trustworthy?
  • Headquarters geographic verification — Does the company address match the domain registration location?

T — Transparency

“Are your policies clear?”
What it checks:
  • Privacy policy — Does one exist? Is the content clear and complete?
  • Return policy — Are the return conditions spelled out?
  • Terms of service — Do they exist?
  • Contact information — Can someone reach you? Email, phone, physical address?
  • Schema.org Organization — Can a machine read your company information?

D — Data Quality

“Is your product information complete?”
What it checks:
  • Schema.org Product — Do products have structured markup?
  • JSON-LD format — Is the markup format correct?
  • Price / availability / brand — Are these key fields present?
  • llms.txt — Have you written a “company brief” for AI agents?
  • agent.json — Have you declared AI agent capabilities?
  • Sitemap — Is the product map complete?

F — Fulfillment

“Can you deliver?”
The F dimension is currently in COLD mode — it requires merchants to proactively authorize fulfillment verification. Automated scoring does not yet include this dimension.This means the F dimension score you see on orbexa.io/verify may display as “Authorization Required.” This does not affect the automated scoring of the other five dimensions (V/S/G/T/D).

2.3 Trust Scores and Badges

The six dimension scores are weighted and combined into a single score from 0 to 100. Based on this total, your domain earns a trust badge:
BadgeScoreMeaning
PLATINUM90-100Top-tier trust. AI agents will prioritize your products
GOLD80-89Highly trusted. AI agents are very likely to recommend you
SILVER70-79Moderate trust. AI agents will recommend you
BRONZE60-69Entry-level trust. AI agents recommend with caution
UNRATED0-59Insufficient trust. AI agents may skip you entirely
Scores cannot be bought. The OTR trust score is calculated automatically from publicly verifiable data. Whether or not you use ORBEXA’s paid services has zero impact on your score. This is a core principle of the OTR protocol.

2.4 Why the Score Affects AI Recommendation Rankings

Imagine you are an AI agent. A consumer asks you to recommend running shoes. You find 10 stores that sell running shoes. How do you rank them? Lowest price first? Not necessarily — the consumer might end up with counterfeits. Best reviews first? Reviews can be faked. An AI agent needs a tamper-resistant, fact-based trust signal to help with ranking. The OTR trust score is that signal. When a PLATINUM merchant and a BRONZE merchant sell the same product at the same price, the AI agent is more likely to recommend the PLATINUM merchant. Because there is a higher probability that it is a secure, transparent, and reliable business that can actually deliver.

Self-Check Checklist

  • Visit orbexa.io/verify and review your six-dimension scores
  • Which dimension scored lowest? That is your top improvement priority
  • What badge did you earn? Aim for at least SILVER (70 points)
Next chapter: Three Things Every Store Must Do — plain-language explanation of structured data, llms.txt, and Sitemaps