Recent advances in large language models (LLMs) have enabled a new generation of autonomous agents that operate over sustained periods and manage sensitive resources on behalf of users. Trusted for their ability to act without direct oversight, such agents are increasingly considered in high-stakes domains including financial management, dispute resolution, and governance. Yet in practice, agents execute on infrastructure controlled by a host, who can tamper with models, inputs, or outputs, undermining any meaningful notion of autonomy. We address this gap by introducing VET (Verifiable Execution Traces), a formal framework that achieves host-independent authentication of agent outputs and takes a step toward host-independent autonomy. Central to VET is the Agent Identity Document (AID), which specifies an agent's configuration together with the proof systems required for verification. VET is compositional: it supports multiple proof mechanisms, including trusted hardware, succinct cryptographic proofs, and notarized TLS transcripts (Web Proofs). We implement VET for an API-based LLM agent and evaluate our instantiation on realistic workloads. We find that for today's black-box, secret-bearing API calls, Web Proofs appear to be the most practical choice, with overhead typically under 3$\times$ compared to direct API calls, while for public API calls, a lower-overhead TEE Proxy is often sufficient. As a case study, we deploy a verifiable trading agent that produces proofs for each decision and composes Web Proofs with a TEE Proxy. Our results demonstrate that practical, host-agnostic authentication is already possible with current technology, laying the foundation for future systems that achieve full host-independent autonomy.

翻译：大型语言模型（LLMs）的最新进展催生了新一代自主智能体，它们能够在持续时间内代表用户操作并管理敏感资源。这类智能体因其无需直接监督即可行动的能力而受到信任，正日益被考虑应用于包括财务管理、争议解决和治理在内的高风险领域。然而在实践中，智能体在由主机控制的基础设施上执行，主机可能篡改模型、输入或输出，从而破坏任何有意义的自主性概念。我们通过引入VET（可验证执行轨迹）来解决这一差距，这是一个实现智能体输出主机无关认证的形式化框架，并朝着主机无关自主性迈进一步。VET的核心是智能体身份文档（AID），它规定了智能体的配置以及验证所需的证明系统。VET具有组合性：支持多种证明机制，包括可信硬件、简洁密码学证明和公证的TLS记录（Web Proofs）。我们为基于API的LLM智能体实现了VET，并在实际工作负载上评估了我们的实例化。我们发现，对于当前黑盒、携带秘密的API调用，Web Proofs似乎是最实用的选择，与直接API调用相比，开销通常低于3倍；而对于公开API调用，开销较低的TEE代理通常已足够。作为案例研究，我们部署了一个可验证的交易智能体，为每个决策生成证明，并将Web Proofs与TEE代理组合使用。我们的结果表明，利用现有技术已可实现实用的、主机无关的认证，为未来实现完全主机无关自主性的系统奠定了基础。