Agents can consume anything digital. A signed attestation, a verifiable credential, a structured claim in JSON-LD — if it is digital and structured, an agent can read it, verify it, and act on it in milliseconds.

The physical world does not work this way. A building inspection is a person with a clipboard. A food safety audit is a person in a hairnet. A site survey is a person with a tape measure and a camera. The output of these physical-world verification events is, at best, a PDF report. At worst, a handwritten form in a filing cabinet.

Bridging from physical-world observations to agent-queryable attestations is the oracle problem applied to provenance. And it is still, in 2026, approximately stone age.

The oracle problem.

In blockchain contexts, the oracle problem is: how do you get real-world data onto the chain in a trustworthy way? The chain can verify computations, but it cannot verify that the temperature reading from a sensor is accurate, or that the inspector actually visited the site, or that the photograph was taken at the claimed location.

The attestation version of this problem is identical: how do you create a signed, verifiable attestation about a physical-world observation in a way that an agent can trust? The signature is only as good as the signer’s reliability. The signer’s reliability is only as good as their process. The process is physical, messy, and hard to verify remotely.

What the primitive looks like.

A physical-world attestation primitive might look like this: a credentialed inspector uses a device that captures timestamped, geotagged, tamper-evident observations — photographs with cryptographic hashes, sensor readings with device attestations, checklists with completion proofs. The device signs the observation bundle with the inspector’s key and the device’s key. The resulting attestation is: “this inspector, using this device, at this location, at this time, observed these conditions.”

The chain of trust has three links: the inspector’s credential (are they qualified?), the device’s attestation (is the device tamper-evident?), and the observation’s integrity (has the data been modified since capture?). Each link is independently verifiable. Together, they create a physical-world attestation that an agent can evaluate.

Pieces of this exist. Secure hardware enclaves can attest to device integrity. Verifiable credentials can attest to inspector qualifications. Timestamping authorities can anchor observations to a moment in time. What does not exist is the composition layer that bundles these into a single, agent-queryable physical-world attestation.

Whoever builds that composition layer sits at the bridge between the physical and digital worlds. Seems like a valuable place to sit. Not sure who is building it yet.