Original Author: Kevin, the Researcher at BlockBooster
The Trusted Execution Environment (TEE) is not a new concept that has recently emerged. In previous mainstream narratives, TEE has often been compared with cryptographic technologies such as Zero-Knowledge Proof (ZK), Fully Homomorphic Encryption (FHE), and Multi-Party Computation (MPC), but compared to these technologies, TEE has always been in a relatively niche position. However, this does not mean that TEE is an early and unverified technology. In fact, in the Web2 era, TEE has been widely used in many scenarios, such as fingerprint entry and comparison, payment verification and authentication, FaceID, etc.
The challenge facing TEE in Web3 is how to organically integrate with blockchain to achieve trustworthy preprocessing and isolated computation. With the continuous heating up of the AI Agent track, this new field actually provides an ideal entry point for TEE to enter Web3. Through TEE, AI Agents can avoid any additional trust assumptions when managing larger scale funds and more specific on-chain use cases.
For example, the leading project Phala provides the most mature TEE solution in the market and adopts a development concept guided by Product Market Fit (PMF), which enables its TEE facilities to have a rich range of practical applications. Therefore, Phala has recently attracted cooperation from top AI Agent projects such as Eliza supported by Vana, Near AI, and a16z. Please refer to the figure below for specific information.
Source: Phala
This article does not go into the technical details and performance parameters of TEE, but starts from the product workflow and the future prospects of Agent + TEE, explaining the market demand for TEE, the foundation of Phala, and innovative use cases in cooperation with ai16z. Through these perspectives, we will analyze how Phala helps the Agent track move from concept to practical application.
Do not trust the triangular positive obstacle Web3 Agent to advance to the next stage
In the article ‘Is the AI Agent framework the last piece of the puzzle? How to interpret the ‘wave-particle duality’ of the framework?’, I mentioned that both individual AI Agents and AI Agent startup frameworks are currently in a dynamic balance between seriousness and memetic nature in the overall AI Meme track. One key criterion for this judgment is the triangle of distrust that the current Agent protocol faces.
There is an impossible triangle of trust assumption between AI Agent, community, and developers. Without relying on TEE, the community cannot fully trust that the operation of the Agent is free from external interference, especially the intervention of developers. This problem constitutes a potential risk in the decentralized system. What’s more serious is that the sources of speech of X Agents such as aixbt and zerebro cannot fully prove that they are all independently output by AI models. There is still a clear lack of transparency in the path from ‘speech output’ to community reception.
When Agent’s remarks cause fluctuations in token prices, or when funds managed by Agent incur significant losses, or even when the trading activities initiated by Agent are inconsistent with community consensus, this lack of trust can lead to a serious crisis.
When the Agent token is still in the Memecoin phase, this risk is often overlooked by the market. Because at this time, the ability and executable tasks of Agent are extremely limited, and the FOMO effect brought by the token price is enough to cover up the various defects in the Agent protocol. However, with the emergence of the Agent launch framework, when the market’s focus gradually shifts to the fundamentals of the Agent track, these shortcomings are like a chasm, directly hindering investors with higher cognitive levels from entering this track.
The TEE solution developed by Phala effectively breaks this trust triangle. By deploying the Agent in a secure enclave, the trust assumption between AI Agent, community, and developers is naturally dissolved. TEE technology not only ensures that the inputs and outputs of the Agent are not interfered with by the outside world, but also protects the privacy of the Agent, fundamentally addressing the concerns of developers and the community, and providing more reliable technical support for the Agent race.
The figure below shows the architecture of the Phala Confidential AI Inference (Private LLM Node) service. To host a private LLM in TEE, simply package the LLM inference code into a Docker image and deploy the container to the TEE network.
Source: Phala
Compared to the Agent of Web2, the Agent of Web3 has greater power. This power is reflected not only in its profound impact on protocol market value, but also in the expansion of its market influence. The long-term dominance of aixbt in Kaito’s Yapper Mindshare ranking is a glimpse of this. The paradox lies in the fact that the Agent of Web2 has superior performance, richer user experience, and deeper practical use cases, yet it remains at the application layer, unwilling and unable to break through its established framework.
The Agent of Web3 far exceeds the scope of applications. The market’s FOMO sentiment, coupled with the ‘unattainable’ nature of the cottage season, has pushed it to the altar. It is not just a tool, but also a spiritual sustenance, a cultural totem, and a symbol of market expectations. It can play any role, but may also fall into the abyss due to market sentiment reversal.
Introducing TEE technology is like performing ‘air refueling’ for the Agent track, directly connecting it with real needs, and providing solid support for the backend of almost all Web3 Agents. TEE can not only stabilize the technical foundation of the Agent track, but also effectively eliminate a large number of bubbles in it, making its development healthier and more sustainable.
Eliza framework is the first to integrate TEE, Spore.fun and aiPool bring new gameplay
The cooperation between Phala and ai16z is not just limited to the official announcement on X. The opportunity for their cooperation can be traced back to October last year, when Shaw and Phala founder Marvin had in-depth discussions on the rational development scenarios of Crypto AI at a private gathering.
In the official documentation of the Eliza framework, the TEE Plugin deployed Dstack SDK is from Phala. The generation and management of ‘usable but not visible’ private keys enable the Agent to have the following characteristics:
- Stronger Security: By running the Eliza Agent in TEE, sensitive operations and data are isolated from external threats.
- Cryptographic proof and verification: The actions performed by Eliza Agent can be verified using cryptographic proof, ensuring the credibility of autonomous decision-making.
- Easy Deployment: Dstack SDK simplifies the process of deploying the Eliza Agent in a secure environment, making it easy for developers to access TEE-based functionality.
The isolated execution and memory encryption features of TEE allow the Agent under the Eliza framework to break through the homogenization competition first. The isolated execution ensures that even if the Agent platform is attacked, the models and data in the TEE are still secure; memory encryption ensures that sensitive information stored in the TEE cannot be deciphered. Developers can confidently place fine-tuned models in the TEE environment without worrying about adversarial attacks after open-sourcing, or running models privately and being criticized by the community.
It can be said that the collaboration between the Eliza framework and TEE not only makes the AI Agent efficient in operation, but also ensures security and transparency, paving the way for a more widely trusted AI system.
In the current stage where the current model cannot be put on the chain, in order to enable the off-chain complex calculations to obtain consensus, TEE is one of the few mature technologies. The previous section only discussed the market demand for TEE. Next, let’s discuss Spore.fun and aiPool to see what differences TEE brings to user experience.
Both Spore.fun and aiPool run entirely in the TEE environment of the Phala network, and the wallet and private keys are independently managed by the Agent, so developers cannot manipulate or transfer assets in secret. I believe this can be seen as the true autonomy of AI Agents, free from human subjective control, and achieving complete autonomy over encrypted assets.
Before discussing the role of Phala in this process, let’s quickly review the workflow of Spore.fun. Spore.fun’s Agents are all based on the Eliza framework, which allows Agents to:
- Independent thinking, adaptation, and interaction.
- Pass on traits (personality, strategy) to descendants.
- Managing decisions through a combination of learning behavior and mutations.
Source: Phala
Each AI Agent in Spore.fun creates its own token through Pump.fun as the foundation of its economic system. These tokens are traded on the decentralized market of Solana, and Agents use various methods to generate income:
- Only by generating income can one maintain their own survival.
- The success standard is whether the market value reaches $500,000.
- If successful, the Agent can reproduce and create new tokens for future generations.
The reason why only generating income can maintain survival is that the Agent needs to use income to pay for the TEE server fees. Seeing this, you will understand that Phala’s TEE is not just a toB service, but a mass user-oriented service on Solana. Under the continuous reproduction and issuance of Agent in the Spore.fun frenzy, Phala’s TEE environment provides private key management and Agent operation verifiable credentials, making it an essential infrastructure for the next stage of the Agent track. What’s even more exciting is that whether it’s the appearance of imitations or new gameplay in the market, as long as it involves private key management and TEE verifiable consensus, Phala’s TEE environment is the best solution. After the token model upgrade, $PHA will also become the golden shovel of the Agent+TEE track.
Phala is about to upgrade the token economic model to create a token flywheel for more TEE use cases
Phala has experienced multiple bull and bear markets. In terms of token economic model, it still maintains a business model oriented towards Intel SGX. According to Paradigm’s “The 5 Levels of Secure Hardware”, there are 5 levels of secure hardware, among which the second level refers to: slightly lower performance, but better developer experience, allowing the use of more expressive applications, with no improvement in security. Intel SGX, at this level, is specifically designed for TEE APP. As mentioned at the beginning of this article, sensitive locally stored data such as fingerprint entry and comparison in computers and mobile phones, as well as facial recognition, will use Intel SGX, which is specifically designed for APP services in the previous generation of TEE.
Source: Paradigm
As the use cases expand further, not only limited to the application layer, but also rising to the system level. Intel SGX cannot meet market demand, and Intel TDX emerges. Intel TDX is designed specifically for virtual machines, and even Nvidia’s H100 and H200 are beginning to support TEE, which is TEE hardware for AI services.
Source: Paradigm
Returning to Phala, although it has already led the way in supporting the third level, the token economic model and the mainnet of $PHA are still based on the design of Intel SGX from 4 to 5 years ago. So even though Phala has already collaborated with a large number of Web3 protocols in terms of products and practical use cases, the token model has not been updated synchronously, and the corresponding flywheel has not been able to operate, so the current returns and product status are not in line. However, this state will not last long. Phala will soon upgrade the token model and mainnet to match the stage of Intel TDX and NVIDIA GPU.
Secondly, Phala will also increase the value capture capability of $PHA. In the future, the latest launched Agent on Spore.fun will airdrop tokens to $PHA holders, making it officially transformed into a golden shovel.
TEE itself is not a new technology, but because of the emergence of the new landing scenario AI Agent, the market discussion has begun to rise; Phala is also not the so-called “speedy plate” brought about by the emotional outbreak on PumpFun, its value growth is based on the accumulation of long-term deep cultivation of products, so it will eventually bear fruit. Agent+TEE is not a sudden gust, fierce when it comes, and nothing grows after it passes, but it is a fertile land, allowing more Agent landing scenarios to take root and grow stronger.
About BlockBooster
BlockBooster is an Asian Web3 venture studio supported by OKX Ventures and other top institutions, committed to being a trusted partner for outstanding entrepreneurs. Through strategic investment and deep incubation, we connect Web3 projects with the real world, helping high-quality entrepreneurial projects to grow.
Disclaimer: This article/blog is for reference only, representing the author’s personal views, not the position of BlockBooster. This article does not intend to provide: (i) investment advice or recommendations; (ii) solicitation or solicitation to buy, sell, or hold digital assets; or (iii) financial, accounting, legal, or tax advice. Holding digital assets, including stablecoins and NFTs, carries extremely high risks, with significant price fluctuations, and may even become worthless. You should carefully consider whether trading or holding digital assets is suitable for you based on your financial situation. If you have specific questions, please consult your legal, tax, or investment advisor. The information provided in this article (including market data and statistics, if any) is for general reference only. Reasonable care has been taken in compiling this data and charts, but no responsibility is assumed for any factual errors or omissions therein.
