AI Agent Ecosystem Trust Index — Live Trust Score for 4.5M+ Agents

Q: What is the Nerq Ecosystem Trust Index?

A daily-calculated metric measuring trust health across 4,399,361 AI agents from GitHub, npm, PyPI, Docker Hub, HuggingFace, and MCP registries.

Q: How is the trust index calculated?

Each agent receives a trust score (0-100) based on 13+ signals including security, maintenance, licenses, and community trust. The index weights by adoption (downloads > stars > equal).

Q: Why is the index only 60.84?

96.7% of agents are D-grade. Most lack security practices, documentation, or active maintenance. The ecosystem is in its early phase.

Q: What percentage of AI agents are safe to use?

Only 0.23% earn B or above. 0.02% earn an A. 96.7% are D-grade.

Q: How often is the index updated?

Daily at 09:45 UTC. Historical values tracked for trend analysis.

Nerq Ecosystem Trust Index

60.84

out of 100

Tracking 4,399,361 AI agents and tools

Updated 2026-03-20

The AI agent ecosystem earns a C grade with an average trust score of 60.84/100. 96.7% of all graded agents receive a D rating, while only 0.02% earn an A or A+. GitHub-sourced agents score highest (66.8 avg), while the overall median is 50.6. The ecosystem is in its early “wild west” phase — most agents lack basic trust signals. Machine-readable data (JSON).

Sub-Indices

Security

0.8

49 known CVEs across 11 agents. Average security score across all scored agents.

Maintenance

0.7

0.32% of agents updated in last 30 days. Activity score average across scored agents.

License Health

57%

2,664 agents with known licenses. 57% use permissive licenses (MIT, Apache-2.0, BSD).

Framework Adoption

2508

Agents with detected framework dependencies. 0 MCP-compatible servers tracked.

Grade Distribution

A+: 0.0% A: 0.0% B+: 0.0% B: 0.2% B-: 0.0% C+: 0.0% C: 0.9% C-: 0.0% D+: 0.0% D: 96.7% E: 2.1% F: 0.0%

Trust by Source Platform

Source	Agents	Avg Trust	Median
github	38,547	65.1	64.9
replicate	454	60.6	60.3
mcp	2,077	58.4	58.0
npm	2,718	55.9	56.7
huggingface	1,091	55.6	56.0
npm_full	78,882	55.1	54.6
huggingface_new	132	54.4	51.6
huggingface_model	1,519	54.1	53.0
replicate_cursor	2,691	53.7	53.5
docker_hub	66,604	52.7	51.9
pypi_full	73,371	52.3	52.6
huggingface_space_v2	8,401	52.2	50.6

Stars vs Trust Score

Popular projects score higher — but the gap is smaller than expected. A 100K-star project averages only 75.7 vs 53.4 for zero-star projects. Stars alone don't guarantee trust.

Stars	Count	Avg Trust	Median
0	4,254,356	50.3	50.6
1-99	132,986	54.8	54.1
100-999	8,952	62.5	60.3
1K-10K	2,383	70.1	70.6
10K-100K	668	73.4	71.8
100K+	16	76.9	74.2

Key Findings

75% of agents are D-grade. The vast majority of the AI agent ecosystem lacks basic trust signals — security practices, documentation, and active maintenance.
GitHub agents score 27% higher than Docker Hub. GitHub-sourced agents average 66.8 vs Docker Hub's 52.6. The MCP ecosystem (62-66) is relatively healthy.
Stars correlate with trust, but weakly. 100K+ star projects average only 75.7 — 22 points above zero-star projects. Community popularity ≠ security.
99.6% have unknown maintenance status. Only 0.4% of agents show updates in the last 30 days. This is a major data gap.
The top 0.03% set the standard. A-grade agents represent just 1,004 out of 4,399,361 — they have security practices, active maintenance, and community trust.

Frequently Asked Questions

What is the Nerq Ecosystem Trust Index?

The Nerq Ecosystem Trust Index is a daily-calculated metric that measures the overall trust health of the AI agent ecosystem. It aggregates trust scores from 4,399,361 agents across GitHub, npm, PyPI, Docker Hub, HuggingFace, and MCP registries. The index uses a weighted average — agents with more downloads and stars have more influence on the score.

How is the trust index calculated?

Each agent receives a trust score (0-100) based on 13+ independent signals including security practices, maintenance activity, license compliance, documentation quality, and community signals. The ecosystem index weights these scores by real-world adoption: npm downloads (highest weight), GitHub stars, then equal weight for the rest.

Why is the index only 60.84?

The AI agent ecosystem is in its early phase. Most agents (75%) are small projects without established security practices, documentation, or active maintenance. The few that earn high scores are established, well-maintained projects. As the ecosystem matures and trust verification becomes standard, we expect this index to rise.

What percentage of AI agents are safe to use?

Based on Nerq's analysis, only 0.23% of graded agents earn a B grade or higher. 0.02% earn an A. The majority (96.7%) are D-grade, meaning they lack sufficient trust signals for confident adoption in production environments.

How often is the index updated?

The Nerq Ecosystem Trust Index is recalculated daily at 09:45 UTC. Historical values are stored and tracked for trend analysis. Individual agent scores are updated as new data becomes available from crawlers and enrichment pipelines.

Check any agent

API Access

curl nerq.ai/v1/preflight?target=langchain

API docs →

Explore

Agent safety · MCP servers · Data stories

Methodology: The Nerq Ecosystem Trust Index is based on automated analysis of publicly available signals. Trust scores reflect measurable properties (security practices, maintenance activity, license compliance, community signals) — not endorsements. Data sourced from GitHub, npm, PyPI, Docker Hub, HuggingFace, NVD, OSV.dev, and MCP registries. Full methodology.