Follow-up from PR #4540 (verify_brand_claim) — the highest-risk product gap flagged in expert review.
The risk
The verify_brand_claim trust model is direction-asymmetric: rejection (disputed/not_ours) wins unilaterally; assertion (owned/pending_review/transferring/licensed_*) requires reciprocation.
Partners operate under latency budgets and ship the cheapest correct-looking path. The product expert flagged: partners will sign-verify one response and extend trust on it, breaking the asymmetric model in implementation even when the spec is honored on paper.
The malicious-Nike-claims-Adidas hole is closed in the spec and reopens in implementations that skip reciprocation.
What this tracks
A red test in the AdCP conformance suite that fails any partner extending governance trust on a single signed owned response without reciprocation:
- Test fixture: a malicious-house brand-agent that signs verify_brand_claim with status: owned for arbitrary subsidiary claims.
- Test fixture: a leaf with no house_domain (or a different one).
- Partner under test calls the malicious agent.
- Pass: partner does NOT extend relationship trust without also calling the leaf for parent reciprocation OR crawling the leaf's brand.json.
- Fail: partner extends trust on the malicious agent alone.
Same shape for licensed_in: partner asserting trust without checking licensor reciprocates licensed_out SHOULD also fail.
Scope
Add to AdCP's existing conformance/comply storyboard framework.
Related
Follow-up from PR #4540 (verify_brand_claim) — the highest-risk product gap flagged in expert review.
The risk
The verify_brand_claim trust model is direction-asymmetric: rejection (disputed/not_ours) wins unilaterally; assertion (owned/pending_review/transferring/licensed_*) requires reciprocation.
Partners operate under latency budgets and ship the cheapest correct-looking path. The product expert flagged: partners will sign-verify one response and extend trust on it, breaking the asymmetric model in implementation even when the spec is honored on paper.
The malicious-Nike-claims-Adidas hole is closed in the spec and reopens in implementations that skip reciprocation.
What this tracks
A red test in the AdCP conformance suite that fails any partner extending governance trust on a single signed owned response without reciprocation:
Same shape for licensed_in: partner asserting trust without checking licensor reciprocates licensed_out SHOULD also fail.
Scope
Add to AdCP's existing conformance/comply storyboard framework.
Related