Fidensa

What is Fidensa?

Fidensa is an independent certification authority for AI capabilities. We verify that MCP servers, skills, rules files, sub-agents, hooks, and plugins actually do what they claim — reliably, safely, and transparently.

The problem

The AI capability ecosystem is growing fast. Thousands of MCP servers, skills, and plugins are available for agents and developers to use. But every trust claim in this ecosystem is self-asserted. Publishers say their tools are safe, reliable, and well-built. There is no independent way to verify those claims.

This is the same gap that existed in consumer electronics before UL, in financial auditing before independent accounting standards, and in web security before certificate authorities. The AI ecosystem needs an independent, evidence-based trust authority.

What we do

Fidensa runs every capability through a seven-stage automated verification pipeline:

  1. Ingestion — source code retrieval, build verification, tool enumeration
  2. SBOM analysis — software bill of materials, dependency vulnerability scanning
  3. Security scanning — static analysis, behavioral analysis, MCP-specific checks
  4. Functional testing — automated test generation and execution in a sandbox
  5. Adversarial testing — 55 attack patterns across 6 categories, impact-based classification
  6. Behavioral fingerprinting — response timing, resource usage, error rate profiling
  7. Certification — trust score computation, signed contract generation, portable artifact production

The result is a trust score grounded in established frameworks (CVSS v4.0, NIST SP 800-30, SLSA, ISO/IEC 25010) and a signed certification contract that publishers can embed in their repositories and package metadata.

What we certify

Six capability types across the AI tool ecosystem: MCP servers, skills and slash commands, rules files, sub-agents, hooks, and plugins (composites of the above). Most competitors focus exclusively on MCP servers. Fidensa covers the full spectrum of artifacts that agents and developers depend on.

Certification tiers

CertifiedScore 75+. Full pipeline pass. Recommended for production use.
VerifiedScore 40–74. Pipeline complete. Known issues documented.
EvaluatedScore below 40. Significant gaps identified.

Independence

Fidensa is not controlled by any AI vendor, cloud provider, or government. We report what we find, not what looks good. Our catalog includes capabilities that score 96/A alongside capabilities that score 31/F-D. Honest assessment is the only kind worth having.

Browse certificationsRead the methodology