Original author: Kevin, the Researcher at BlockBooster
Trusted Execution Environment (TEE) is not a new concept that has only emerged in this recent cycle. In the past mainstream narrative, TEE is often compared with cryptographic technologies such as zero-knowledge proof (ZK), fully homomorphic encryption (FHE), and multi-party computing (MPC), but compared with these technologies, TEE has always been in a relatively niche position. However, this does not mean that TEE is an early and unproven technology. In fact, in the Web2 era, TEE has been widely used in many scenarios, such as fingerprint entry and comparison, payment verification and authentication, FaceID, etc.
The challenge facing TEE in Web3 is how to organically integrate with blockchain to achieve trusted preprocessing and isolated computing. As the AI Agent track continues to heat up, this new field actually provides an ideal entry point for TEE to enter Web3. Through TEE, AI Agent can avoid any additional trust assumptions when managing larger-scale funds and more specific on-chain use cases.
For example, the leading project Phala provides the most mature TEE solution on the market and adopts a product-market fit (PMF)-oriented development concept, which enables its TEE facilities to have rich practical application scenarios. As a result, Phala has recently attracted cooperation from multiple top AI Agent projects including Vana, Near AI, and Eliza supported by a16z. For specific information, please refer to the figure below.
Source: Phala
This article does not discuss the technical details and performance parameters of TEE in depth, but starts from the product workflow and the future outlook of Agent + TEE, to explain the market demand for TEE, the basic accumulation of Phala, and the innovative use cases in cooperation with ai16z. Through these perspectives, we will analyze how Phala helps the Agent track move from concept to practical application.
The trust triangle is preventing Web3 Agent from advancing to the next stage
In the article Is the AI Agent Framework the Last Piece of the Puzzle? How to Interpret the Wave-Particle Duality of the Framework?, I mentioned that, whether it is a single AI Agent or an AI Agent startup framework, the entire AI Meme track is currently in a dynamic balance between seriousness and memeability. One of the key judgment bases is precisely the distrust triangle problem faced by the current Agent protocol.
There is an impossible triangle between AI Agent, community and developers based on the trustless assumption. Without relying on TEE, the community cannot fully trust that the Agents operation is not interfered with by the outside world, especially the intervention of developers. This problem constitutes a potential hidden danger of the decentralized system. What is more serious is that the source of speech of X Agents such as aixbt and zerebro cannot be fully proved that they are all autonomous outputs of AI models. There is still a clear lack of transparency in the path from speech output to community reception.
When the Agents speech causes fluctuations in the token price, or when the funds managed by the Agent suffer substantial losses, or even when the transaction initiated by the Agent is inconsistent with the community consensus, this lack of trust will lead to a serious crisis.
When the Agent token is still in the Memecoin cycle, this risk can often be ignored by the market. Because at this time, the capabilities and executable tasks of the Agent are extremely limited, and the FOMO effect brought by the token price is enough to cover up the various defects in the Agent protocol. However, with the emergence of the Agent startup framework, when the markets attention gradually turns to the fundamentals of the Agent track, these deficiencies are like a chasm, directly hindering investors with a higher level of cognition from entering this track.
The TEE solution developed by Phala effectively breaks this triangle of distrust. By deploying the Agent in a secure enclave, the trust assumptions between the AI Agent, the community, and the developer are naturally eliminated. TEE technology can not only ensure that the Agents input and output are not interfered with by the outside world, but also protect the Agents privacy, fundamentally resolving the concerns of developers and the community, and providing more reliable technical support for the Agent track.
The following diagram shows the architecture of the Phala Confidential AI Inference (Private LLM Node) service. To host a private LLM in a TEE, simply package the LLM inference code into a Docker image and deploy the container into the TEE network.
Source: Phala
Compared with Web2 Agent, Web3 Agent has greater power. This power is reflected in both the profound impact on the market value of the protocol and the expansion of its market influence. This can be seen from the fact that aixbt has long been ranked first in Kaitos Yapper Mindshare list. The contradiction is that Web2 Agent has superior performance, richer user experience and deeper practical use cases, but it always stays at the application level, with no intention or ability to break through its established framework.
However, Web3 Agents go far beyond the scope of application. The FOMO sentiment of the market, coupled with the unrequited demand for the Shanzhai Season, has pushed it to the altar. It is not just a tool, but a symbol of spiritual sustenance, cultural totem and market expectations. It can play any role, but it may also fall into the abyss due to the reversal of market sentiment.
The introduction of TEE technology is equivalent to refueling the Agent track in the air, directly connecting it with real needs and providing solid support for the backend of almost all Web3 Agents. TEE can not only consolidate the technical foundation of the Agent track, but also effectively eliminate a large number of bubbles in it, making its development more healthy and sustainable.
Eliza framework is the first to connect to TEE, Spore.fun and aiPool have new ways to play
The cooperation between Phala and ai16z does not stop at X’s official tweet. The opportunity for cooperation between the two can be traced back to October last year. At a private party, Shaw and Phala founder Marvin had an in-depth discussion on the reasonable development scenarios of Crypto AI.
In the official documentation of the Eliza framework, the Dstack SDK deployed by the TEE Plugin comes from Phala. The usable but invisible private key generation and management give the Agent the following features:
Stronger security: By running Eliza Agent in the TEE, sensitive operations and data are isolated from external threats.
Cryptographic Proof and Verification: The operations performed by Eliza Agent can be verified through cryptographic proof, ensuring the credibility of autonomous decision-making.
Easy deployment: Dstack SDK simplifies the process of deploying Eliza Agent in a secure environment, allowing developers to easily access TEE-based functions.
The isolated execution and memory encryption features of TEE allow the Agent under the Eliza framework to be the first to break out of homogeneous competition. Isolated execution ensures that even if the Agent platform is attacked, the model and data in the TEE are still safe; memory encryption ensures that sensitive information stored in the TEE cannot be deciphered. Developers can safely place the fine-tuned model in the TEE environment without worrying about adversarial attacks after open source, or running the model privately and being criticized by the community.
It can be said that the collaboration between the Eliza framework and TEE makes AI Agent not only efficient in operation, but also guaranteed in terms of security and transparency, paving the way for wider application of more trusted AI systems.
At a stage where the current model cannot be put on the chain, TEE is one of the few mature technologies to enable complex off-chain calculations to gain consensus. The previous article only discussed the market demand for TEE. Next, let’s discuss Spore.fun and aiPool to see what differences TEE brings to the user experience.
Both Spore.fun and aiPool run completely in the TEE environment of the Phala network, and the wallets and private keys are independently managed by the Agent, so developers cannot operate in secret or transfer assets. I think this can be seen as AI Agent truly breaking away from human subjective control and achieving complete autonomy over encrypted assets.
Before discussing the role of Phala in this process, let’s take a quick look at the workflow of Spore.fun. Spore.fun’s agents are based on the Eliza framework, which allows agents to:
Think independently, adapt and interact.
Passing traits (personality, strategies) to offspring.
Manage decisions through a combination of learned behaviors and mutations.
Source: Phala
Each AI Agent in Spore.fun creates its own token through Pump.fun as the basis of its economic system. These tokens are traded on Solanas decentralized market, and Agents use various methods to earn rewards:
Generating income is the only way to sustain ones own survival.
The criterion for success is whether the market value reaches US$500,000.
If successful, the Agent can reproduce, creating new tokens for its offspring.
Only by generating income can the Agent survive because the income needs to pay the TEE server fee. Seeing this, you will understand that Phala makes TEE not only a toB service, but also faces the massive users on Solana. Under the premise that the Spore.fun craze continues, that is, Agents continue to multiply and issue coins, the private key management and verifiable credentials of Agent operations provided by Phalas TEE environment make it a rigid infrastructure for the next stage of the Agent track. Whats more exciting is that no matter whether Spore.fun imitations or new gameplay appear in the market, as long as it involves private key management and TEE verifiable consensus, Phalas TEE environment is the best solution. After the token model is upgraded, $PHA will also become the golden shovel of the Agent+TEE track.
Phala is about to upgrade its token economic model to create a token flywheel for more TEE use cases
Phala has experienced multiple rounds of bull and bear markets, and in terms of the token economic model, it has temporarily maintained a business model oriented to Intel SGX. From Paradigms The 5 Levels of Secure Hardware, we can see that there are 5 levels of secure hardware, of which the second level refers to: slightly worse performance, but better developer experience, allowing for more expressive applications, and no security improvements. At this level, Intel SGX is specifically designed for TEE APP services. As mentioned at the beginning of this article, sensitive locally stored data such as fingerprint entry comparison and facial recognition in computers and mobile phones will use Intel SGX. This previous generation of TEE is specifically for APP services.
Source: Paradigm
As use cases expand further, they are no longer limited to the application level, but rise to the system level. Intel SGX cannot meet market demand, and Intel TDX comes into being. Intel TDX is designed for virtual machines, and even Nvidias H100 and H200 have begun to support TEE, which is TEE hardware for AI services.
Source: Paradigm
Back to Phala, although it has taken the lead in supporting the third level, the token economic model and mainnet of $PHA are still designed around Intel SGX 4 or 5 years ago. So although Phala has cooperated with a large number of Web3 protocols in products and actual use cases, the token model has not been updated synchronously, and the corresponding flywheel cannot be operated, so the current income and product status are not in a state of fit. However, this state will not last too long, and Phala will soon upgrade the token model and mainnet to match Intel TDX and Nvidia GPU.
Secondly, Phala will also increase the value capture capabilities of $PHA. In the future, the newly launched Agent on Spore.fun will airdrop tokens to $PHA holders, officially transforming them into golden shovels.
TEE itself is not a new technology, but with the emergence of AI Agent, a new landing scenario, market discussion has begun to rise; Phala is not a so-called quick pass caused by the emotional outburst on PumpFun, its value growth is based on the accumulation of long-term product development, so it is a long-term development. Agent+TEE is not a gust of wind that comes violently and leaves nothing alive after it passes, but a fertile soil that allows more Agent landing scenarios to take root and thrive.
About BlockBooster
BlockBooster is an Asian Web3 venture studio backed by OKX Ventures and other top institutions. We are committed to becoming a trusted partner for outstanding entrepreneurs. Through strategic investment and in-depth incubation, we connect Web3 projects with the real world and help high-quality entrepreneurial projects grow.
Disclaimer: This article/blog is for informational purposes only and represents the personal opinions of the author and does not necessarily represent the views of BlockBooster. This article is not intended to provide: (i) investment advice or investment recommendations; (ii) an offer or solicitation to buy, sell or hold digital assets; or (iii) financial, accounting, legal or tax advice. Holding digital assets, including stablecoins and NFTs, carries a high degree of risk and may fluctuate in price or become worthless. You should carefully consider whether trading or holding digital assets is appropriate for you based on your financial situation. If you have questions about your specific situation, please consult your legal, tax or investment advisor. The information provided in this article (including market data and statistics, if any) is for general informational purposes only. Reasonable care has been taken in preparing these data and charts, but no responsibility is assumed for any factual errors or omissions expressed therein.
