AI agents increasingly depend on external models, tools, and services to perform complex tasks, but the routing infrastructure that connects them introduces critical trust vulnerabilities. According to a new paper on arXiv, Agentic Routing Infrastructure (ARI) — the middleware that brokers agent queries to service providers — obtains plaintext access to both agent queries and service responses. Agents cannot verify that their queries reach the intended provider or that requests and responses remain untampered. This trust gap poses a significant barrier for enterprise deployments, particularly in regulated sectors like supply chain and logistics where data integrity and confidentiality are paramount.
To solve this, researchers led by Qi, Zou, Zhenhua, Shuo, Xu, Mingwei, Liu, and Zhuotao present TrustedARI, described as the first trust-native agentic routing infrastructure. The system is built on three core innovations that collectively eliminate the trust deficit without compromising performance.
The Trust Problem in Agentic Routing
Traditional ARI operates as a transparent intermediary, meaning it has unfettered access to all data flowing between agents and services. An enterprise deploying AI agents for trade compliance checks or real-time freight tracking, for example, would have to trust the ARI provider not to misuse sensitive commercial data. Additionally, there is no mechanism for agents to independently verify that a response indeed came from the requested service or that it was not altered in transit. TrustedARI addresses these risks architecturally, embedding trust natively into the routing layer.
Three Core Innovations
TrustedARI introduces three technical components, each targeting a specific trust aspect:
1. ARI-Adapted Three-Party TLS Handshake – This protocol allows the agent and ARI to jointly authenticate the service provider through role-specific distribution of TLS key materials. Unlike existing three-party TLS handshakes, TrustedARI's version reduces communication overhead by 39.34%, according to experimental results in the paper.
2. Privacy-Preserving Query-Construction Protocol – Agents and ARI can collaboratively construct well-formed queries without exposing their respective private inputs. The overhead is negligible: 0.19 seconds in computation time and 0.58 MB in communication costs on average.
3. Verifiable Billing Protocol – This enables fair usage-based settlement while preserving the integrity and confidentiality of service responses. Proof generation for billing is accelerated by 28.20x compared to baseline methods.
Crucially, TrustedARI is designed to be readily deployable without any modification to service providers. This means enterprises can adopt the infrastructure without requiring changes from their external partners, a key advantage for multi-party supply chain ecosystems.
Performance and Deployability
The research team implemented a prototype and conducted extensive evaluations. The following table summarises the key performance metrics compared to existing approaches:
| Metric | TrustedARI | Baseline | Improvement |
|---|---|---|---|
| Handshake communication overhead | Reduced by 39.34% | Three-party TLS | 39.34% reduction |
| Query construction computation time | 0.19 seconds | N/A (negligible overhead) | — |
| Query construction communication cost | 0.58 MB | N/A | — |
| Billing proof generation speed | 28.20x faster | Unspecified baseline | 28.20x speedup |
These results indicate that TrustedARI provides strong trust guarantees with minimal performance penalty, making it suitable for latency-sensitive enterprise applications such as automated customs clearance or trade finance settlement.
For technology leaders evaluating agentic AI platforms for global trade, TrustedARI represents a foundational advancement. By making trust native to the routing layer, it removes a key obstacle to deploying AI agents in multi-stakeholder workflows where data sovereignty and auditability are non-negotiable. The architecture is particularly relevant for customs technology, trade documentation digitalisation, and blockchain-based trade finance systems that already require careful identity and integrity management. TrustedARI could serve as a trust layer that integrates with existing standards such as EDI, API gateways, and SWIFT gpi to secure agent-to-service communications across the trade ecosystem.