Fidensa

Independent AI Certification Authority

Trust claims in AI
should be verifiable,
not asserted.

Fidensa independently certifies AI capabilities — MCP servers, Skills, plugins, and workflows — through behavioral testing, adversarial analysis, and supply chain verification. Every certification is a signed, portable artifact that anyone can verify against the evidence.

The structural problem

Today, every trust claim in the AI ecosystem is self-asserted. When a vendor says “this is safe,” that’s marketing. When a government says “this vendor is a risk,” that’s politics. When a publisher says “this capability is reliable,” there is no independent evidence to verify it.

Every dispute degrades into “who do you believe?” because there is no neutral, evidence-based infrastructure for resolving it. No independent body examines AI capabilities and produces signed, testable, portable artifacts documenting what was found.

The structural answer

The AI ecosystem needs the same kind of institution that the electrical products industry built over a century ago. An independent authority that doesn’t manufacture, sell, or regulate — it tests and certifies. Its entire existence depends on the integrity of its process.

Independent

Not owned by or beholden to any AI vendor, platform, or government.

Evidence-based

Every certification backed by behavioral testing, supply chain analysis, adversarial testing, and ongoing monitoring.

Verifiable

Signed, checksummed, portable artifacts. Anyone can verify against the authoritative record.

Neutral

The same process applies regardless of which vendor built it or which platform distributes it.

Six-stage verification

Every capability passes through a defined pipeline. Each stage produces artifacts that feed the trust score and are published in the contract.

1

Ingest

Source acquisition, build, interface extraction, provenance hash

2a

SBOM & Supply Chain

Dependency tree mapping, vulnerability cross-reference (syft, grype, osv-scanner)

2b

Security Scan

Static and behavioral analysis (Cisco mcp-scanner, skill-scanner)

3a

Functional Test

Valid, edge, error, and LLM-generated test cases in isolated sandbox

3b

Adversarial Test

Structured attack library — 6 categories, 40+ patterns — with finding severity evaluation

3c

Behavioral Fingerprint

Per-tool timing (p50/p95/p99), error rates, resource profiling, baseline for drift detection

Stage 4 (Certify) assembles the contract, computes the trust score from eight weighted signals, signs the artifact with ES256 (ECDSA P-256), and issues the certification.

Live certifications

Batch 1 — three capabilities evaluated through the full pipeline. Real data, real findings, real scores. Every attestation is queryable right now.

mcp-server-filesystem

MCP Server · v0.6.3 · Model Context Protocol a Series of LF Projects, LLC.

Verified

67/D

attestation →badge →

docx-skill

Skill · vlatest · anthropics

Evaluated

43/F

attestation →badge →

mcp-server-everything

MCP Server · v2.0.0 · Model Context Protocol a Series of LF Projects, LLC.

Certified

68/D

attestation →badge →

Runtime attestation (try it)

GET https://fidensa.com/v1/attestation/mcp-server-everything

Certification tiers

Score and certification are separate. The trust score is an analytical summary. The tier is a judgment based on finding-severity thresholds.

Fidensa Certified

No unmitigated critical findings. No more than two unmitigated high findings. Pipeline completed.

Fidensa Verified

Pipeline completed. Findings of any severity documented. Evidence-backed contract issued.

Fidensa Evaluated

Pipeline ran with partial coverage. Incomplete data. Contract documents what was found.