Generative AI has made it easy to fake identities, forge content, and impersonate people online. The typical response is to fight AI with AI: train a model to detect deepfakes, then train a better one when fakers catch up, and repeat indefinitely. It's an arms race with no end in sight.
Cryptography sidesteps this entirely. Verifiable Credentials backed by Zero-Knowledge Proofs (ZKPs) aren't something a better AI model can learn to fake.
Digit.ink has been building on the W3C Verifiable Credentials standard in production since 2021. It's the same foundation that researchers at OpenAI, Microsoft, MIT, and a16z crypto have identified as the most promising way to establish trust online in the age of generative AI.
We apply this technology to three problems: proving that a person is real (Personhood Credentials), proving that a content creator holds the authority they claim (credentials for content authenticity), and proving that an AI agent is authorized to act on someone's behalf (AI Agent Delegation Credentials).
In 2024, researchers across OpenAI, Microsoft, MIT, Harvard, the Decentralized Identity Foundation, and a16z crypto published a joint paper proposing a new approach to one of the internet's most pressing problems: we can no longer reliably tell whether we're interacting with a real person or an AI.
Their proposal is called Personhood Credentials. The idea is simple: give people a way to cryptographically and anonymously prove they're human. No names, documents, or biometric data needs to be shared to third parties. Just a ZKP that confirms the holder is a real person, and nothing more. The Personhood Credential can be held by its owner privately on their device.
The paper specifically recommends Verifiable Credentials and ZKPs as the technical foundation, which is exactly what Digit.ink has been building on in production for over 4 years. Unlike biometric scanning, CAPTCHAs, or AI-based detection, a Personhood Credential can't be defeated by a better model. The proof is cryptographic, not probabilistic.
AI-generated content is getting harder to distinguish from the real thing. When someone encounters an article, a public notice, or a professional report, there's no easy way to verify that the person who created it actually holds the authority they claim.
Digit.ink lets organizations issue Verifiable Credentials to their content creators. A press association credentials its journalists. A ministry credentials its spokespeople. A professional body credentials its members. Those credentials travel with the content they produce, giving anyone who encounters it a way to confirm the creator's authenticity and authority.
Our credentials are compatible with emerging content provenance standards like C2PA, and built on the same W3C Verifiable Credentials foundation as everything else we create.
AI agents are starting to do real work on behalf of people and organizations: accessing APIs, managing workflows, making purchases. But how do other parties check who authorized the agent, what it's allowed to do, or whether the authorization is valid?
An agent delegation credential fills this gap. It's a verifiable, scoped, and revocable credential that ties a specific human's authorization to a specific agent's permitted actions. Any service the agent interacts with can verify the whole chain cryptographically.
The W3C, the OpenID Foundation, and MIT Media Lab are all actively developing standards for AI agent identity and authorization, and the technical direction is converging on Verifiable Credentials. We're building on these emerging standards so the infrastructure is ready when your organization needs it.
Digit.ink has been issuing Verifiable Credentials in production since 2021. Our platform has over 23,900 issuing accounts across 16+ countries, serving universities, certification bodies, and enterprises including Japan Airlines.
On the technical side, we build on W3C Verifiable Credentials, Open Badges, and Decentralized Identifiers (DIDs). All open standards, no proprietary lock-in. Our credentials can be recorded on any supported blockchain or PKI for independent, permanent verifiability, and our architecture includes ZKPs and selective disclosure so holders always control what they share.