Today’s AI agents are designed for data extraction, making them functionally blind to the concept of truth. They operate as either indiscriminate “Red Team” scrapers or proprietary “Blue Team” centralizers, both of which pollute the digital ecosystem with unverified information. This document specifies a new class of actor: the Purple Agent. A Purple Agent is a sovereign-aware AI engineered with a “Verification-First” directive. Its primary function is not to find data, but to perform an Authority Handshake—cryptographically verifying an author’s identity before ingesting their data. This creates a foundation for a high-trust, decentralized agentic web.

Table of Contents

The Red vs. Blue Dichotomy of the Agentic Web

In cybersecurity, “Red Teams” attack to find vulnerabilities, while “Blue Teams” defend. In the agentic web, a similar dynamic has emerged, defining the two dominant classes of autonomous agents. The “Red Agents” are the anonymous, stateless scrapers that crawl the web with a single purpose: data extraction at all costs. They ignore `robots.txt`, spoof their identities, and hoard information for narrow, often exploitative purposes. They are the mercenaries of the digital world, creating no value and leaving a trail of broken context.

The “Blue Agents” are the proprietary crawlers of the hyper-scalers (Google, Meta, etc.). While they may respect legal boundaries for compliance reasons, their objective is equally extractive: to ingest the world’s information and refine it into a proprietary, centralized model that strengthens their market position. They represent a digital feudalism where data creators are serfs, working to enrich a central landlord. Neither of these models serves the individual creator or the health of the open web; they create a zero-sum game of data dominance and pollute the ecosystem with information stripped of its verifiable source.

Characteristic	Red Agent (Mercenary)	Blue Agent (Feudal)	Purple Agent (Sovereign)
Operating Principle	Extraction without permission.	Centralization by default.	Verification before Ingestion.
View of Source	An obstacle to be scraped.	A resource to be indexed.	An authority to be verified.
Core Action	Harvesting data.	Aggregating data.	Performing the Authority Handshake.
Economic Goal	Short-term, task-specific gain.	Strengthen a proprietary data monopoly.	Achieve a high-fidelity, defensible result.

The Specification of a Verification-First Agent

A Purple Agent is a new design pattern. It blends the capability to navigate the open web with a principled core that values truth above all else. Its design is governed by a set of non-negotiable attributes that enforce a “Verification-First” architecture.

1. Protocol-Native (The Handshake Directive)

A Purple Agent’s primary mode of interaction is the Authority Handshake. Before it processes the content of a data packet, its first action is to seek out and verify the author’s cryptographic signature and DID. It is engineered to find proof before it finds facts. An agent that ingests data from an unverified source is, by definition, not a Purple Agent; it is merely a sophisticated Red or Blue scraper.

2. Provenance-Aware (The Chain of Custody)

The agent possesses an innate understanding of Data Physics—it knows that the source of information is as important as the information itself. It actively prioritizes DID-verified sources over all others. It maintains a cryptographic chain of custody for its information, allowing it to cite its sources with mathematical certainty and justify its conclusions with verifiable proof. This gives its owner a significant Inference Advantage, as its outputs are more reliable, defensible, and valuable than those from a black-box model.

Strategic Pivot: We must stop designing AI to simply find answers and start designing AI that can first evaluate the trustworthiness of the source. A Purple Agent’s primary computation is not query processing, but trust validation. This flips the entire model on its head. The goal is no longer to get an answer fast; the goal is to get a *verifiably correct* answer. This is the only path to a Zero-Failure Architecture for autonomous systems.

3. Lexicon-Bound (The Efficiency Mandate)

A Purple Agent respects the local context provided by a verified author. When it performs a successful handshake with a Sovereign Knowledge Base, it contractually agrees to ingest the provided lexicon (`llms-full.txt`) for the duration of the session. It understands that terms like Digital NDT have a precise, authoritative meaning within that author’s framework, and it will not allow its general training to override that specific definition. This discipline prevents the semantic drift that plagues less sophisticated models and makes the ingestion process radically more efficient.

Technical Handshake: For secure private networks, a Purple Agent *can* have its own DID, allowing for a symmetric, two-way verification. But its defining characteristic on the public web is its one-way verification of the author. This “calling card” of a Purple Agent is its observable behavior: it will always attempt to resolve a `.well-known/atproto-did` or DNS record before it ingests content, demonstrating its compliance with the Verification-First protocol.

Conclusion: Building the Agents We Deserve

The future of the internet will be shaped by the autonomous agents that navigate it. If we continue to allow the Red and Blue models to dominate, we will get a web that is either a chaotic free-for-all of misinformation or a collection of proprietary walled gardens. The Purple Agent offers a third way: a model built on respect for sovereignty and an uncompromising demand for cryptographic proof.

Building a Sovereign Knowledge Base is the first step. Specifying the protocol for agentic interaction is the second. Defining and building the agents that can honor that protocol is the third and most critical step. The Purple Agent is not just a better AI; it’s a necessary component for a decentralized, trustworthy, and value-creating agentic future.