AI agents increasingly access external models, tools, and services through Agentic Routing Infrastructure (ARI) to manage the overhead of heterogeneous interfaces and fragmented subscriptions. Yet, the architecture of ARI introduces fundamental trust risks: it obtains plaintext access to agent queries and service responses, while leaving agents unable to verify that their queries are routed to intended service providers or that requests and responses remain untampered. To address this problem, we present TrustedARI, the first trust-native agentic routing infrastructure for agentic AI. Architecturally, TrustedARI is built upon three core innovations: (i) an ARI-adapted three-party TLS handshake that enables the agent and ARI to jointly authenticate the service provider through role-specific distribution of TLS key materials; (ii) a privacy-preserving query-construction protocol that allows the agent and ARI to collaboratively construct well-formed queries without exposing their respective private inputs; and (iii) a verifiable billing protocol that supports fair usage-based settlement while preserving the integrity and confidentiality of service responses. We implemented and extensively evaluated a prototype of TrustedARI to validate its performance. Experiments confirm that TrustedARI is highly efficient: our ARI-adapted handshake protocol reduces communication overhead by 39.34% compared to the existing three-party TLS handshake. Furthermore, the privacy-preserving query-construction protocol imposes negligible overhead-averaging 0.19 seconds in computation time and 0.58 MB in communication costs-while the verifiable billing protocol speeds up proof generation by 28.20x. Crucially, TrustedARI is readily deployable without any modification to the service providers.

翻译：AI智能体日益通过智能体路由基础设施访问外部模型、工具和服务，以管理异构接口和碎片化订阅的开销。然而，ARI的架构引入了根本性的信任风险：它能够以明文形式获取智能体查询和服务响应，同时使智能体无法验证其查询是否被路由至预期的服务提供商，也无法验证请求与响应是否未被篡改。为解决此问题，我们提出TrustedARI——首个面向智能体AI的可信原生智能体路由基础设施。在架构上，TrustedARI基于三项核心创新构建：（i）一种适配ARI的三方TLS握手协议，通过角色特定的TLS密钥材料分发，使智能体与ARI能够联合认证服务提供商；（ii）一种隐私保护的查询构造协议，允许智能体与ARI协作构建格式正确的查询，同时不暴露各自的私有输入；以及（iii）一种可验证记账协议，支持基于使用量的公平结算，同时保障服务响应的完整性与机密性。我们实现了TrustedARI原型并进行了全面评估以验证其性能。实验证实TrustedARI效率极高：与现有三方TLS握手协议相比，我们的ARI适配握手协议将通信开销降低了39.34%。此外，隐私保护查询构造协议引入的开销可忽略不计——计算时间平均为0.19秒，通信成本为0.58 MB——而可验证记账协议将证明生成速度提升了28.20倍。关键的是，TrustedARI无需对服务提供商进行任何修改即可直接部署。