Inside the Anatomy of a Trusted AI Agent
Developer's Guide to Privacy, Attestation & Deployment
Everyone’s building agents. But if you require to make an agent that would handle sensitive data, sign transactions, or act autonomously in production, you need more than just clever prompts. You need trust by design.
At Agents Day, Token2049, Francis Otshudi, CTO at iExec, broke down exactly how to architect a trusted agent, from the execution layer to the encryption layer, using a clear and memorable framework: treat your agent like a living system, and secure each organ.
His keynote mapped out the six layers you need to design secure, private, and verifiable agents from the ground up. Here’s the breakdown.
Top VC Events by EpicWeb3, EthCC, Cannes 🇫🇷
DeFAI Breakfast 🥐
Why roll out of bed for this?
– 15 + speakers from leading DeFi & AI projects
– 500 + builders, investors, product leads & partners under one roof
– Two tracks: DeFAI (AI‑driven DeFi, VC takes, market efficiency & liquidity) + Agents Day (autonomous systems, data, dApps)
– French breakfast, great coffee, zero fluff — just high‑voltage networking
📅 June 29
Spots are limited — be ahead of the curve!
VC & Demo Day: Oz Hackathon Showcase
Where bold ideas meet real traction🧞
Get a first look at standout projects from the Oz City Bootcamp & Hackathon!
Live startup pitches from alumni, Q&A sessions with founders, and curated networking.
Who’s coming?
VCs, angels, and ecosystem funds
Builders & founders from the Epic Web3 community
Strategic partners, ecosystem agents & scouts
Whether you're deploying capital, scouting your next investment, or building the next breakout venture, this is where connections turn into collaborations.
This event is strictly limited to investors and fundraisers.
Why Trustable Agents Need Architecture
Many developers assume agent security is a backend problem, but it starts much earlier. Most current agents operate in environments that are:
Easy to tamper with
Unable to prove what code is actually running
Vulnerable to prompt leaks, memory access, and data injection
This means users are left guessing, and agents can be manipulated or exploited without detection. A trusted agent needs to be verifiable, not just performant. That’s the gap this architecture solves.
Trusted AI Agent Dissected
🦰 The Skeleton: Trusted Execution Environments
The foundation of any trusted agent is a trusted execution environment (TEE). This hardware-secure layer guarantees the agent’s logic can't be tampered with, not even by the node operator. TEEs act as the immutable skeleton that protects execution integrity, ensuring that the agent's behavior matches its design.
🧪 The Nervous System: Verifiable Autonomy
Autonomous agents must prove they’re acting as intended, not just assume trust. This is where onchain governance and attestation come in:
All conditions for agent behavior are set and verified onchain.
Agent actions are logged publicly.
Remote attestation proves the agent is running inside a TEE.
Together, these tools form a verifiable nervous system for autonomy.
❤️ The Heart & Skin: Confidentiality by Design
Privacy isn’t a feature — it’s structural.
The heart: Confidential computing inside TEEs ensures no one can modify the agent or access sensitive prompts, inputs, or models.
The skin: End-to-end encryption wraps all external interactions. Any data shared with the agent stays private, even in transit.
This model protects user data, model logic, and the overall flow from outside interference.
🧠 The Brain & Veins: Offchain Logic, Onchain Triggers
Execution happens offchain in secure enclaves, while control flows are anchored onchain:
The agent’s intelligence (brain) is modular and built by devs.
Triggers and access logic are set in stone onchain.
Agents can switch between nodes in a decentralized infra (veins), avoiding single points of failure.
This separation enables agents to be portable, resilient, and composable across networks.
🧩 What Comes Next: Modularity, Composability & Dev Tools
Building trustable agents is no longer a theory, it’s a stack. But to make it usable:
We need agent registries that verify deployments and expose attestation.
Devs need modular SDKs to assemble agent parts without reinventing security.
Workflows need trusted input/output bridges that support offchain ↔ onchain communication without leaking data.
📺 Watch the full keynote:
That wraps it up for today! But before you go...
Check out our Twitter for more details. Follow us to stay updated on all the latest news!
Best,
Epic AI team.