TrustMCP

Trust, made machine-readable. The TrustMCP is an open standard for publishing and accessing third-party assurance evidence in a form an agent can read.

TrustMCP moves third-party risk from a request model to a publish model. A vendor publishes its assurance evidence once, machine-readably, and grants scoped, revocable access. Each customer assesses on its own terms against its own control framework - no questionnaire.

The network standardizes access to the evidence, never the verdict. Two customers can read the same profile and reach different conclusions. That is the point.

Why TrustMCP

• Publish once. Stop re-answering the same security questionnaire forever.
• Stay in control. Customers request access; you approve, scope, and revoke. Every read is logged.
• Agent-ready. Any assessment agent reads your profile over MCP in a handful of tool calls.
• Open & neutral. Apache-2.0; not a product of any single company. Any tool can read it.

Why this works

Pooled-assessment networks shipped stale, one-size verdicts. TrustMCP shares the raw, current evidence and lets each customer compute its own answer.

Two audiences

• For vendors - stand up a custom-branded trust center, upload evidence, declare claims, and control access.
• For customers - read a vendor's profile and run your own assessment via MCP or REST.

Start with the Quickstart.