OPAQUE Extends the Agent Governance Toolkit with Verifiable Identity and First Ever Verifiably Governed and Secure MCP

OPAQUE open-sources Agent Manifest, extending the governance framework created by AGT creator Imran Siddique

OPAQUE is launching OPAQUE 3.0 to make independent AI verification an open standard for enterprises and regulators with support from TII, AMD and NVIDIA

SAN FRANCISCO, June 23, 2026 /PRNewswire/ — Today, at the Confidential Computing Summit, the event OPAQUE created and now co-hosts with the Linux Foundation, OPAQUE announced OPAQUE 3.0, a new platform that brings verifiable trust to AI agents through open governance standards, cryptographic identity, and confidential execution. For the first time, an enterprise can prove what its AI actually did, what it ran, and where it ran instead of asking customers and regulators to take its word for it.

The announcement includes two major open-source milestones: the release of Agent Manifest, a new open standard for verifiable AI agents built on the Agent Governance Toolkit (AGT), and the launch of Confidential MCP, the first Model Context Protocol implementation that is both verifiably governed and secured through confidential computing.

Together, these technologies allow enterprises to move beyond “trust us” AI. Organizations can now verify what an AI agent is, what it is allowed to do, what it actually did, and whether governance policies were enforced throughout execution.

Three forces have made “trust us” indefensible. Today’s frontier models make it increasingly likely that enterprises will need to assume untrusted behavior inside their environments. AI agents routinely interact with sensitive data and external systems, creating new governance and security challenges. New regulations increasingly demand evidence, not assertions: proof of what ran, where it ran, and under what rules. That proof must be automated, hardware-signed, and independently verifiable. OPAQUE 3.0 answers all three.

Apple settled this argument for consumer AI with the launch of Private Cloud Compute; “trust me” became “verify me.” OPAQUE 3.0 brings that same standard to enterprise AI. Enterprises can apply it to the AI they already run — no rewrites, no new platform required — with every AI action executed under governance enforced in hardware and producing a signed receipt that an auditor, a regulator, or a customer can check on their own, without trusting OPAQUE or the company operating the AI. It runs on the CPU-based confidential computing platforms from Intel, AMD, and NVIDIA. And, on NVIDIA Confidential Computing, the integration brings GPUs inside the Trusted Execution Environment.

OPAQUE 3.0 runs across public cloud, private cloud, and on-premises environments. OPAQUE’s approach builds on AGT, the open-source governance framework created by Imran Siddique during his time at Microsoft. Siddique recently joined OPAQUE as Chief Platform Officer and has led the development of Agent Manifest and Confidential MCP, extending AGT from governance policy definition to cryptographically verifiable enforcement.

Zero trust rebuilt network security on one rule: never trust, always verify. OPAQUE is applying the same doctrine to AI agents, with an open standard and three working pieces beneath it:

• Agent Governance Toolkit (AGT). Created by Imran Siddique and released as open source, AGT has quickly emerged as a leading framework for defining what AI agents may do, what data they may access, and what governance policies they must follow. AGT has attracted roughly 4,100 GitHub stars in its first six weeks.
• Agent Manifest. Released as open source today, Agent Manifest extends AGT by giving every AI agent provable runtime integrity. Organizations can cryptographically verify what an agent is, what resources it can access, who approved it, and which governance policies apply. An altered or unauthorized agent can no longer masquerade as an approved one.
• Confidential MCP. OPAQUE has extended AGT governance into the Model Context Protocol, creating the first verifiably governed and secure MCP implementation. Running inside OPAQUE’s confidential runtime, Confidential MCP enforces governance policies in hardware and produces independently verifiable evidence of every tool call and action performed by an agent.

The standard is open by design; how the industry verifies AI should not belong to any one vendor. The Technology Innovation Institute (TII) of the United Arab Emirates is a founding partner, anchoring the standard in sovereign-AI deployments.

The partnership also reaches past today’s threat model. OPAQUE and TII are bringing TII’s post-quantum cryptography into OPAQUE 3.0, so agent identities and signed evidence remain verifiable even against quantum-era adversaries. An audit record is only as good as the cryptography it will face decades from now: data harvested today gets decrypted by tomorrow’s quantum machines, and regulators in the UAE and beyond are already mandating post-quantum readiness for AI systems. OPAQUE will name founding coalition members at launch, and the standard and both implementations are open today at github.com/agentrust-io. 

OPAQUE 3.0 is in active engagements across leading enterprises in the U.S. and abroad: major financial-services institutions, several of the world’s most valuable enterprise-software companies — the platforms the Forbes Global 2000 runs on — and national sovereign-AI buildouts.

“The more autonomous your AI agents become, the more your security posture has to keep pace — capability without accountability is a liability,” said Aaron Fulkerson, CEO of OPAQUE. “Organizations deploying AI agents are stuck on a question existing tooling can’t answer: is this agent still governed the way I intended, and can I prove it to someone with no reason to trust me? OPAQUE 3.0 provides hardware-enforced governance and independently verifiable evidence of agent activity. That’s what we’re shipping and opening today.”

“The future of AI depends on unlocking the data organizations have never been able to touch. Most organizations sit on a corpus of data too sensitive to use and too valuable to ignore. OPAQUE is the only platform delivering hardware-attested cryptographic evidence across the full AI lifecycle — training, fine-tuning, inference, and agents — with protections engineered to withstand quantum-era threats. That combination doesn’t exist anywhere else in the market today.” – Ion Stoica, Co-Founder of OPAQUE

“As AI agents take on more complex enterprise workflows, trust has to be built on verifiable evidence, not assumptions. AMD SEV provides hardware-rooted protection and attestation for confidential VM deployments, and OPAQUE 3.0 support for AMD SEV technology helps enterprises apply those capabilities to governed AI agent environments across public cloud, private cloud and on-premises infrastructure.” – Madhu Rangarajan, Corporate Vice President, Server Product Management, AMD.

“Sovereignty in the AI era requires more than ownership of infrastructure. It requires the ability to independently verify how AI systems are governed and operated. Open and verifiable standards enable nations to establish trust through evidence and proof rather than assurance. By combining these standards with post-quantum cryptography, we can ensure that this trust remains secure and verifiable not only today, but well into the quantum future.” – Dr. Najwa Aaraj, CEO, Technology Innovation Institute.

“As enterprises scale agentic AI, the ability to protect sensitive data and proprietary models in use is foundational to success. OPAQUE’s integration of NVIDIA Confidential Computing delivers hardware-rooted security so organizations can unlock the full value of their data with the confidence that it remains secure, compliant and uncompromised.” – Ali Golshan, senior director, AI Software, NVIDIA.

Availability. OPAQUE 3.0 debuts today at the Confidential Computing Summit, with general availability in July 2026.

Agent Manifest is being released as open source today and joins AGT as part of an open governance stack for AI agents. https://github.com/agentrust-io

Confidential MCP, the first verifiable implementation of the Model Context Protocol, is available to developers today through OPAQUE 3.0. https://github.com/agentrust-io

OPAQUE will also launch the agentrust-io Fellowship, a sponsored program created by Chief Platform Officer Imran Siddique that invites security engineers, researchers, and compliance practitioners to build on the open standard alongside its maintainers, with applications opening this August.

About OPAQUE
OPAQUE is the Confidential AI company. Born from UC Berkeley’s RISELab (now the Sky Compute Lab), OPAQUE lets organizations run AI models, agents, and workflows on their most sensitive data with hardware-rooted isolation and verifiable evidence that approved governance policies were actually enforced. Founded by Dr. Ion Stoica (co-founder of Databricks; co-director, UC Berkeley Sky Compute Lab), Dr. Raluca Ada Popa (ACM Grace Hopper Award winner; Senior Staff Research Scientist at Google DeepMind, where she leads AGI security research), and Rishabh Poddar (CTO); Imran Siddique, creator of the open-source Agent Governance Toolkit (AGT), is Chief Platform Officer. OPAQUE created the Confidential Computing Summit, now co-hosted with the Linux Foundation.

Media contact: [email protected] • [email protected]

View original content to download multimedia:https://www.prnewswire.com/news-releases/opaque-extends-the-agent-governance-toolkit-with-verifiable-identity-and-first-ever-verifiably-governed-and-secure-mcp-302806751.html

SOURCE OPAQUE