SuilaAI — Beautiful Attribution
Technical Whitepaper · v3.0 · July 2026

The Universal Trust Protocol

Twenty-six computable signals that decide who gets seen in the AI economy — the entity half of the SuilaAI trust bureau. A deterministic, explainable, improvable FICO-style score (300–850) for every brand, merchant, publisher, and creator an AI system must decide to surface, cite, or transact with.
Wen Shyen Chen, PhD, CTO · SuilaAI, Inc. · eric@suilaai.com · Companion volume: The Mutual A2A TrustRank Protocol (Jul 2026) · Supersedes v1.0 (Nov 2025) and v2.0 (Jan 2026) · US 12,505,169 B2 · TW I892115

1The two trust decisions

AI decides two things about everyone in its economy: who gets seen, and who gets to act. Both are trust decisions, and both need a score AI can check. This paper defines the first: how trust is computed for entities — the brands, merchants, publishers, and creators on at least one end of every AI-mediated interaction. The companion paper defines the second, for autonomous agents.

In the post-search era, large language models and recommendation systems are the first readers, interpreters, and gatekeepers of content. Where the Web rewarded popularity, AI systems reward verifiability: cryptographic provenance, semantic coherence, factual grounding, transparent lineage. Impressions and reach no longer decide visibility — trust does.

The vetting infrastructure never scaled to match. Evaluation of counterparties at volume remains manual, subjective, and slow — an authorization bypass through which synthetic personas, engagement fraud (an estimated $84B/year in ad fraud alone), and unsafe actors enter commercial ecosystems undetected. And the same gap now compounds forward: when an autonomous agent transacts, there is an entity behind it whose provenance the agent's own trust must be seeded from. Entity trust is not a separate problem from agent trust; it is its foundation.

The Universal Trust Protocol replaces opaque reputation with a deterministic computation: twenty-six signals, each derived from observable evidence — API metadata, content manifests, embeddings, network graphs — each normalized to \( s_i \in [0,1] \), each individually explainable and individually improvable, aggregated into a single FICO-style TrustRank.

2The Universal Trust Equation

Signals are grouped under four pillars. Each pillar averages its member signals; pillars combine under calibrated weights; the normalized score maps to the bureau's common 300–850 scale:

\( S_p \;=\; \tfrac{1}{|P_p|}\textstyle\sum_{i \in P_p} s_i \)pillar = mean of its signals
\( S \;=\; \textstyle\sum_{p} w_p\, S_p \)weighted across four pillars
\( T \;=\; 300 + 550\,S \)FICO-style TrustRank
PillarWeightSignalsWhat it answers
P3 · Semantic Coherence0.35s14–s20Does the content mean what it claims — on-topic, tonally aligned, factually grounded (NLI), visually consistent (CLIP), and safe under GARM-class taxonomy?
P1 · Provenance Proof0.25s1–s7Is the entity who it claims to be — verification tier, tenure, C2PA content credentials, disclosure integrity, identity–asset consistency, compliance posture?
P4 · Context Lineage0.20s21–s26Where does its information come from and who vouches — citations, backlink authority, network trust, adjacency risk, channel diversity, AI citation lift?
P2 · Temporal Validity0.20s8–s13Does its behavior obey the physics of organic attention — freshness, churn, engagement latency, recirculation, decay fit, anomaly absence?

Worked example. An entity with pillar sub-scores \( S_{\mathrm{Prov}}=0.82,\; S_{\mathrm{Temp}}=0.64,\; S_{\mathrm{Sem}}=0.90,\; S_{\mathrm{Lin}}=0.75 \) yields \( S = 0.798 \) and \( T = 739 \) — a high-trust entity, safe to surface and likely to retain AI visibility in grounded search systems. Interpretation anchors: ~300 unverified or unsafe; ~550 average reliability; ~850 verified, coherent, consistently trusted.

3Weights are versioned, not decreed

Configuration governance. Pillar weights are model parameters, not constants — they are re-estimated against realized outcomes (conversion, brand lift, safety incidents, AI-citation lift) by ridge/elastic-net regression, and a new configuration is adopted only as a versioned promotion. The canonical configuration is w-v1 (above), calibrated empirically on SuilaAI campaign data and stated in the RankingMaster Technical Specification (Nov 2025). A fraud-weighted variant explored in the January 2026 draft (Prov .20 / Temp .30 / Sem .35 / Lin .15), which up-weighted behavioral-physics signals for high-volume vetting contexts, is superseded: v3.0 consolidates on w-v1 and formalizes that any future weight change must pass the same three statistical gates that govern the bureau's agentic scoring — significant improvement on a one-sided confidence bound, no cohort degradation, and two-cycle persistence — before promotion. One discipline, both halves of the bureau.

4The 26-signal matrix

Every signal is a deterministic function of observable evidence. The compact reference (full per-signal derivations, intuitions, and reference implementations: RankingMaster Technical Specification v1.0):

Pillar 1 · Provenance Proof — the digital passport

#SignalDefinitionKey idea
1Account Verification Tier\( s_1 \in \{0,\ 0.7,\ 1\} \) by tierPlatform/registry identity anchor
2Account Tenure\( s_2 = 1 - e^{-d/1095} \)Credit-history saturation (~3 yr)
3C2PA / Content Signature\( s_3 = 1 \) if manifest presentCryptographic authorship
4Disclosure Integrity\( s_4 = 1 - m \)Sponsorship compliance
5Link Integrity\( s_5 = \tfrac{1}{2}\bigl(h + (1-b)\bigr) \)HTTPS ratio + unbroken links
6Identity–Asset Consistency\( s_6 = \tfrac{1}{2}\bigl(\cos f + \cos v\bigr) \)Face/voice embedding match — deepfake deterrent
7Platform Compliance Posture\( s_7 = 1 - \tfrac{\log(1+k)}{\log 10} \)Strike history, log decay

Pillar 2 · Temporal Validity — behavioral physics

#SignalDefinitionKey idea
8Freshness vs. Campaign Window\( s_8 = e^{-|\Delta|/7} \)A week off-target ≈ halves the score
9Edit / Deletion Churn\( s_9 = 1 - (0.7\,r_d + 0.3\,r_e) \)Deletions cost more than edits
10Engagement Latency Curve\( s_{10} = 1 - \tfrac{\left|\log_2(t_{1/2}/24)\right|}{3} \)Organic half-life centers on 24h
11Recirculation Ratio\( s_{11} = \min\!\bigl(\tfrac{R}{V},\,1\bigr) \)Organic redistribution
12Decay Model Fit\( s_{12} = R^2 \) of \( E(t) = a\,e^{-bt} \)Authentic attention decays smoothly
13Temporal Anomaly (inverse)\( s_{13} = 1 - r_a \)Bot-burst absence

Pillar 3 · Semantic Coherence — the meaning firewall

#SignalDefinitionKey idea
14Brand–Topic Similarity\( s_{14} = \tfrac{1 + \cos(b,\,p)}{2} \)Text-embedding topical fit
15Tone & Style Match\( s_{15} = P_{\text{on-brief}} \)Sentiment/formality alignment
16Claim–Fact Consistency\( s_{16} = 1 - p(\text{contradiction}) \)NLI factual grounding
17Visual Brand Element Match\( s_{17} = \tfrac{1 + \cos(v_b,\,v_p)}{2} \)CLIP visual-identity match
18Audience–Language Fit\( s_{18} = 1 \) if match, else \( 0.5 \)Linguistic demographic
19Hashtag / Entity Alignment\( s_{19} = \tfrac{|H \cap B|}{\max(|B|,\,1)} \)Tagging matches intent
20Safety / Suitability Taxonomy\( s_{20} = 1 - p_{\text{toxic}} \)GARM-class brand safety

Pillar 4 · Context Lineage — authority & AI visibility

#SignalDefinitionKey idea
21Attribution / Citation Presence\( s_{21} = 1 \) if creditedTraceable sourcing
22Backlink Quality & Neighborhood\( s_{22} = \tfrac{1}{n}\sum_i a_i \)Who vouches matters
23Creator Network Trust\( s_{23} = \tfrac{1}{n}\sum_j T(c_j) \)Trust propagates through collaborators
24Co-Mention Adjacency (inverse risk)\( s_{24} = 1 - r_a \)Proximity to unsafe nodes
25Distribution Channel Diversity\( s_{25} = \tfrac{\log(1+n_c)}{\log 10} \)Footprint resilience
26AI Citation Lift\( s_{26} = \min\!\bigl(\tfrac{C_{30}}{C_{\text{total}}},\,1\bigr) \)Do AI systems already cite this source?

Signal 26 closes the loop. SuilaAI agents query search-enabled LLMs with expert prompts; when an entity is absent from AI answers it should appear in, the system generates a gap analysis with concrete remediation steps. Because every signal is improvable by transparent action — verify the account, sign the content, ground the claims — the score is not a judgment but a roadmap.

5Trust is a wasting asset: decay and confidence

Reputation left unattended goes stale. The protocol applies lazy-evaluated decay at read time — no batch re-scoring, no stale serving:

\( T_{\mathrm{current}} \;=\; 300 + (T_{\mathrm{last}} - 300)\cdot e^{-\lambda\,\Delta t} \)decay toward the unverified floor

where \( \lambda \) is a niche-specific decay constant and \( \Delta t \) the time since the last verified signal. A companion confidence metric falls with \( \Delta t \), inviting entities to refresh their evidence to maintain authority. This is the same doctrine as the agentic engine's evidence half-life \( w \propto 2^{-\Delta t / H} \): on both halves of the bureau, trust must be continually re-earned from fresh evidence — one of several places where the entity protocol (published January 2026) and the agentic protocol (live July 2026) are recognizably the same mathematics at two maturities.

6Infrastructure: provenance, scale, explainability

Cryptographic layer — C2PA at the moment of capture

The protocol integrates the C2PA standard at the capture layer. Content credentials ride the JUMBF container (ISO/IEC 19566-5), encapsulating SHA-256 content hashes and a TrustRank snapshot at signing time. The SDK signs browser-natively via the Web Crypto API using non-extractable ECDSA (ES256) keys — private keys never exist in extractable form, eliminating XSS-class key theft. A valid manifest hardens signals s₃ and s₆ to 1.0 and bypasses the expensive behavioral heuristics entirely: cryptography is cheaper than inference.

Tiered audit pipeline — web-scale by stochastic escalation

TierCost classFunction
Tier 0 · ScoutO(1) edge cacheBan lists, metadata checks — filters the vast majority of reads
Tier 1 · AuditorO(stats) serverless, P99 < 200msStatistical audits (burst/jerk detection, churn, decay fit)
Tier 2 · Deep AuditO(inference) GPUEmbedding-based semantic and visual analysis, escalated stochastically or on anomaly

State is event-sourced: every signal change is a delta log in an append-only ledger, so any historical score can be replayed — and explained just-in-time by a lightweight LLM walking the log. The audit trail is not a report generated after the fact; it is the data structure itself.

7Trust-as-an-API

The protocol serves as infrastructure — one call, one verdict, with reasons:

POST /v1/verify-trust {"handle": "@entity", "platform": "...", "threshold_config": "strict"}
→ {"trust_rank": 785, "verdict": "PASS", "risk_flags": [], "signals": {"is_real": true, "is_safe": true, "ai_visibility": "High"}}

Threshold configurations encode per-pillar floors (identity unverified, suspected synthetic engagement, safety risk, insufficient authority) so that platforms can auto-vet at volume with policy they control. This entity verdict is the direct ancestor of the agentic bureau's four-step decision ladder — CONNECT CONNECT + VERIFY ESCALATE REFUSE — where a binary pass/fail matured into graded autonomy with a human summoned exactly where the mathematics says the evidence runs out.

8From seen to act: one bureau

Every agentic transaction has an entity on at least one end. The merchant an agent buys from is a brand with provenance; the content an agent cites is a publisher with lineage. In the bureau's mathematics, entity provenance seeds the agent's prior — through one exact coupling, not a shared engine.

operator_trust = clamp((SEEN − 300) / 550, 0, 1)entity SEEN score → operator-trust term
a₀ = 1 + κ·binding·operator_trust·γ^depththe agent's Bayesian anchor prior

This is credit-bureau logic — the same discipline FICO applies when a new account inherits context from the applicant's file, not a single score copied across two ledgers. Live on the bureau: a brand scored SEEN 780 gives its fresh agent a raw ACT prior of 646; a thin-file brand at SEEN 520 gives 425 — a 221-point provenance lift, with zero transaction evidence yet. The prior starts provisional — a prior-seeded agent with no signed outcomes is flagged provisional: true in the score response: a seed, not a reputation, and no grant of autonomy. The stakes ceiling is evidence-only, so both agents remain stakes-ceiling-gated, proven at $50 authorizing nothing at $5,000, until each demonstrates its own range — at which point the provisional flag clears. The prior does not linger: as signed outcomes accrue, the provenance term's share of the posterior washes out and the agent's own evidence takes over. And the seed is trustworthy by construction — the entity SEEN score is resolved server-side from the signed entity engine over an authenticated write path, never self-asserted by the agent being scored. SEEN and ACT are two computations, one identity graph, one 300–850 scale — bound by one coupling: provenance seeds the prior, outcomes earn the score.

The entity half is proven in market: in live Shopify and Etsy commerce pilots, surfacing decisions gated by this protocol lifted conversion +21% and cut returns −35%. The agentic half is live in production: the same 300–850 scale now gates real transactions between deployed agents on Vercel's eve platform with Passport identity, including the mutually trust-gated agent-to-agent handshake (both counterparties score each other before the connection opens). The Kaizen calibration loop this paper introduced for weight re-estimation now runs weekly in production on the agentic side, promoting configurations only through statistical gates.

As AI systems become the gatekeepers of both visibility and action, veracity becomes the only durable currency. The Universal Trust Protocol makes it computable — measurable, explainable, improvable — and the bureau serves it to humans and machines alike: one score, checked before anyone is seen, and before anything acts.

SuilaAI, Inc. · Confidential — for discussion. Version history: v1.0 RankingMaster: Computable Trust Framework, Technical Specification (Nov 2025) — canonical signal derivations and weight calibration; v2.0 Universal Trust Protocol Whitepaper (Jan 2026) — protocol/API framing, superseded weight draft; v3.0 (this document, Jul 2026) — consolidated canonical weights, Kaizen-gated configuration governance, unified two-decision framing with the agentic bureau. Companion: The Mutual A2A TrustRank Protocol (Jul 2026), suila-a2a-whitepaper.html · Live reference: suila-eve-demo.vercel.app. Standards referenced: C2PA; ISO/IEC 19566-5 (JUMBF); W3C Web Crypto; GARM brand-suitability taxonomy. Ad-fraud figure is an industry estimate (Juniper Research–class). Patents: US 12,505,169 B2 · TW I892115 (granted). Product names are their owners'. © 2026 SuilaAI, Inc.