TEE breaks the triangle of distrust among agents, and Phala helps the AI ​​Agent track move from virtual reality to reality

Author: Kevin, the Researcher at BlockBooster

Trusted Execution Environment (TEE) is not a new concept that has emerged in this recent cycle. In previous mainstream narratives, TEE has often been compared with cryptographic technologies such as zero-knowledge proof (ZK), fully homomorphic encryption (FHE), and multi-party computation (MPC). However, compared to these technologies, TEE has always been at a disadvantage. A more niche location. However, this does not mean that TEE is an early and unproven technology. In fact, in the Web2 era, TEE has been widely used in many scenarios, such as fingerprint entry and comparison, payment verification and authentication, FaceID, etc.

The challenge TEE faces in Web3 is how to organically combine with the blockchain to achieve trusted preprocessing and isolated computing. As the AI ​​Agent track continues to heat up, this new field actually provides an ideal entry point for TEE to enter Web3. Through TEE, AI Agents can avoid any additional trust assumptions when managing larger funds and more specific on-chain use cases.

For example, the head project Phala provides the most mature TEE solution currently on the market, and adopts a product-market fit (PMF)-oriented development concept to enable its TEE facilities to have rich practical application scenarios. As a result, Phala has recently attracted cooperation from several top AI Agent projects including Vana, Near AI, and a16z-powered Eliza. Please refer to the figure below for specific information.

 Source:Phala

This article will not discuss the technical details and performance parameters of TEE in depth. Instead, it will start from the product workflow and the future prospects of Agent + TEE to clarify the market demand for TEE, the basic accumulation of Phala, and innovative use cases in cooperation with ai16z. Through these perspectives, we will analyze how Phala helps the Agent track move from concept to practical application.

The triangle of distrust is preventing Web3 Agent from advancing to the

next stage

In "Is the AI ​​Agent Framework the Last Piece of the Puzzle?" How to interpret the "wave-particle duality" of the frame? "In the article, I mentioned that whether it is a single AI Agent or an AI Agent startup framework, the entire AI Meme track is currently in a dynamic balance between seriousness and Memeness. One of the key judgment criteria is the mistrust triangle problem faced by the current Agent protocol.

There is an impossible triangle of trustless assumptions between AI Agents, communities and developers. Without relying on TEE, the community cannot fully trust that the operation of the Agent will not be interfered by the outside world, especially the intervention of developers. This problem constitutes a potential hidden danger in the decentralized system. What's more serious is that the sources of X Agent's comments, such as aixbt and zerebro, cannot fully prove that they are all independent outputs of AI models. There is still a clear lack of transparency on the path from "speech output" to community reception.

When the Agent's remarks cause fluctuations in the token price, or when the funds managed by the Agent suffer significant losses, or even when the transaction behavior initiated by the Agent is inconsistent with the community consensus, this lack of trust will trigger a serious crisis.

When Agent tokens are still in the Memecoin cycle, this risk can often be ignored by the market. Because the Agent's capabilities and executable tasks are extremely limited at this time, and the FOMO effect brought about by the token price is enough to cover up the various flaws in the Agent protocol. However, with the emergence of the Agent startup framework, when the market's focus gradually turns to the fundamentals of the Agent track, these deficiencies are like a gap, directly hindering investors with a higher level of knowledge from entering this track.

The TEE solution developed by Phala effectively breaks this mistrust triangle. By deploying the Agent in a secure enclave, the assumption of trust between the AI ​​Agent, the community, and developers is naturally eliminated. TEE technology not only ensures that the Agent's input and output are free from external interference, but also protects the Agent's privacy. It fundamentally solves the concerns of developers and communities and provides more reliable technical support for the Agent track.

The following figure shows the architecture of the Phala Confidential AI Inference (private LLM node) service. To host a private LLM in a TEE, simply encapsulate the LLM inference code into a Docker image and then deploy the container to the TEE network.

 Source:Phala

Compared with Web2 Agent, Web3 Agent has greater power. This power is reflected both in its profound impact on the market value of the protocol and in the expansion of its market influence. This can be seen from the fact that aixbt has long occupied the first position in Kaito's Yapper Mindshare list. The paradox is that Web2's Agent has superior performance, richer user experience, and deeper practical use cases, but it always stays at the application level and has no intention or ability to break through its established framework.

However, Web3's Agent goes far beyond application scope. The market's FOMO sentiment, coupled with the "unrequited" desire for the copycat season, has pushed it to the altar. It is not just a tool, but a symbol of spiritual sustenance, cultural totem and market expectations. It can play any role, but it can also fall into the abyss due to a reversal in market sentiment.

The introduction of TEE technology is equivalent to "refueling" the Agent track, directly connecting it with real needs, and providing solid support for the backend of almost all Web3 Agents. TEE can not only stabilize the technical foundation of the Agent track, but also effectively eliminate a lot of bubbles in it, making its development more healthy and sustainable.

The Eliza framework was the first to connect to TEE, and Spore.fun and

aiPool gave birth to new ways to play.

The cooperation between Phala and ai16z is by no means limited to X’s official announcement tweet. The opportunity for cooperation between the two can be traced back to October last year. At a private party, Shaw and Phala founder Marvin discussed the reasonable development scenarios of Crypto AI. discussed in depth.

In the official documentation of the Eliza framework, the Dstack SDK deployed by TEE Plugin comes from Phala. "Usable and invisible" private key generation and management allow Agent to have the following characteristics:

• Stronger security: By running Eliza Agent in the TEE, sensitive operations and data are isolated from external threats.

• Encrypted proof and verification: The operations performed by Eliza Agent can be verified through encrypted proof to ensure the credibility of autonomous decision-making.

• Easy deployment: Dstack SDK simplifies the process of deploying Eliza Agent in a secure environment, allowing developers to easily access TEE-based functions.

The characteristics of TEE's isolated execution and memory encryption allow Agents under the Eliza framework to take the lead in breaking out from homogeneous competition. Isolated execution ensures that even if the Agent platform is attacked, the model and data in TEE are still safe; memory encryption ensures that TEE The stored sensitive information cannot be deciphered. Developers can safely place the fine-tuned model in the TEE environment without worrying about being exposed to adversarial attacks after open source, or running the model privately and being criticized by the community.

It can be said that the collaborative work of the Eliza framework and TEE makes the AI ​​Agent not only efficient in operation, but also guaranteed in terms of security and transparency, paving the way for wider applications of more trustworthy AI systems.

At the stage when the current model cannot be uploaded to the chain, TEE is one of the few mature technologies that can achieve consensus for complex calculations off the chain. The previous article only discussed the market demand for TEE. Next, let us discuss Spore.fun and aiPool to see what differences TEE brings to the user experience.

Whether Spore.fun or aiPool, both run completely in the TEE environment of the Phala network, and wallets and private keys are independently managed by Agents. Developers cannot operate in secret or transfer assets. I think this can be seen as the AI ​​Agent truly breaking away from human subjective control and achieving complete autonomy over encrypted assets.

Before discussing what role Phala plays in this process, let’s take a quick look at Spore.fun’s workflow. Spore.fun’s Agents are all based on the Eliza framework, which allows Agents to:

• Think independently, adapt and interact.

• Passing on traits (personality, strategies) to future generations.

• Decision-making is managed through a combination of learned behavior and mutation.

 Source:Phala

Each AI Agent in Spore.fun creates its own token through Pump.fun as the basis of its economic system. These tokens are traded on Solana’s decentralized marketplace, and Agents use various methods to earn revenue:

• Only by generating income can we maintain our own survival.

• The criterion for success is whether the market capitalization reaches US$500,000.

• If successful, the Agent can reproduce, creating new tokens for future generations.

Only by generating revenue can it survive because the Agent needs to use the revenue to pay for the TEE server. When you see this, you will understand that Phala makes TEE not only a toB service, but also for a large number of users on Solana. As the Spore.fun craze continues, that is, under the premise that Agents continue to multiply and issue coins, Phala's The private key management and Agent operation verifiable credentials provided by the TEE environment make it a The infrastructure for the next stage of the Agent track is just needed, and what’s even more exciting is that no matter whether there are imitations of Spore.fun or new gameplay in the market, as long as private key management and TEE verifiable consensus are involved, Phala’s TEE environment is The best solution, $PHA will also become the golden shovel of the Agent+TEE track after the token model upgrade.

Phala is about to upgrade its token economic model to create a token

flywheel for more TEE use cases

Phala has gone through many rounds of bulls and bears, and in terms of its token economic model, it has temporarily maintained its Intel SGX-oriented business model. From the article "The 5 Levels of Secure Hardware" by Paradigm, we can see that there are 5 levels of security hardware, of which the second level refers to: slightly worse performance, but better developer experience, allowing the use of more expressive applications, security No improvement. Intel SGX is specifically designed to serve TEE APP at this level. As mentioned at the beginning of this article, sensitive locally stored data such as fingerprint entry comparison and facial recognition in computers and mobile phones will use Intel SGX. This previous generation TEE specifically serves APPs.

 Source: Paradigm

When the use cases are further expanded, they are not limited to the application level, but rise to the system level. Intel SGX could not meet market demand, and Intel TDX came into being. Intel TDX is designed specifically for virtual machines, and even NVIDIA's H100 and H200 have begun to support TEE, which is TEE hardware serving AI.

 Source: Paradigm

Back to Phala, although it has taken the lead in supporting the third level, $PHA’s token economic model and mainnet are still designed around Intel SGX 4 or 5 years ago. Therefore, although Phala has cooperated with a large number of Web3 protocols in terms of products and actual use cases, the token model has not been updated simultaneously, and the corresponding flywheel cannot yet operate, so the current revenue and product status are not consistent. However, this state will not last long. Phala will soon upgrade the token model and mainnet to a stage that matches Intel TDX and NVIDIA GPUs.

Secondly, Phala will also increase the value capture capability of $PHA. In the future, the newly launched Agent on Spore.fun will airdrop tokens to $PHA holders, officially transforming them into golden shovels.

TEE itself is not a new technology, but because of the new implementation scenario of AI Agent, the market discussion has begun to rise; Phala is not a so-called "speed pass" caused by emotional outbursts on PumpFun. Its value growth is based on years of deep cultivation. The accumulation of products, therefore, the accumulation of products. Agent+TEE is not a gust of wind that comes violently and leaves no grass growing after it passes. It is a fertile soil that allows more Agent landing scenarios to take root and thrive.

---