airlock: AI Trust as a Variable - A Cryptographic Protocol for Runtime Identity Verification

Every cryptographic primitive built since 1976 assumes that trust is a constant. AI agents make trust a variable. This paper introduces airlock, a cryptographic zero-trust protocol for runtime identity verification of AI agents, and argues that AI-induced oscillating trust - where an agent's reliability flips rapidly due to stochastic outputs, adversarial prompts, or emergent behaviours - constitutes a fundamental break in the assumptions underlying all existing security primitives. We formalise this as the oscillating trust problem: trust is no longer a binary state verified once and held constant, but a continuous time-series variable demanding new cryptographic primitives. We introduce Invocation-Bound Capability Tokens, agent fingerprinting via static and dynamic traits, environment attestation, emoprinting as affective behavioural continuity verification, and a trust graph governance model. We further demonstrate that existing approaches, including OAuth-based delegation and per-invocation attestation protocols, operate at human-task speed and do not address the inference-speed verification problem that emerges at scale in multi-agent deployments. The protocol is specified across eight RFCs and is available at github.com/popivanova/airlock, with an initial draft committed October 2025.