Verifiable AI Agent Execution
Verifiable AI Agent Execution
AI agents are increasingly being deployed to perform high-stakes, automated tasks — from executing trades on DeFi protocols to interacting with external data sources and making autonomous decisions. However, agents are inherently non-deterministic: given the same inputs, their outputs may vary, and there is no native mechanism to guarantee that an agent actually performed the steps it claims to have performed.
This creates a fundamental trust problem. How can an on-chain protocol, a user, or a third-party verifier confirm that an agent:
- Actually called an LLM to generate its decision, rather than returning a hardcoded or manipulated result?
- Queried a price oracle before executing an automated trade, as required by protocol rules?
- position an buy order at the right point in its execution pipeline?
Without answers to these questions, the outputs of AI agents cannot be trusted, and building reliable, accountable systems on top of them becomes impossible.
The Root of the Problem: Unverifiable Intermediate Steps
The core challenge is not verifying the final result of an agent, but verifying the intermediate execution steps that led to it. An agent may produce a plausible-looking output while having skipped required steps, used stale data, or deviated from its specified behavior entirely.
Most of these intermediate steps share a common structure: they are API calls. Whether invoking an LLM endpoint, querying a DeFi oracle, fetching off-chain market data, or calling a Web2 service, virtually all agent actions are expressed as HTTP requests over a TLS-secured connection.
This is precisely where zkTLS becomes applicable.
How zkTLS Enables Agent Execution Verifiability
zkTLS allows a prover to generate a cryptographic proof that a specific HTTPS request was made, and that the server returned a specific response, without revealing the underlying session data or private credentials. Because TLS is the transport layer for nearly all API communication, zkTLS effectively provides a general-purpose mechanism for verifying any API call an agent makes during its execution.
The general workflow for a verifiable agent looks like the following:
- The agent is assigned a task governed by a specified execution policy (e.g., "query oracle X before executing any trade").
- At each critical step in the execution pipeline, the agent generates a zkTLS proof attesting that the required API call was made and the expected response was received.
- These proofs capture the essential parameters of each call — endpoint URL, relevant request fields, and key response values , without leaking sensitive data.
- The proofs are submitted to a verification contract or verified off-chain by a verification service, which validates that every required step in the policy was executed in the correct order and with compliant results.
- Only after all proofs are verified does the system accept the agent's final output as trustworthy.
Why This Matters
As AI agents take on more autonomous roles in DeFi, DAOs, and automated infrastructure, the ability to verify how a result was produced, not just what the result is, becomes essential for security, compliance, and accountability. zkTLS provides a practical foundation for this: since agent behavior already manifests as TLS-based API calls, no fundamental changes to agent architecture are required. Verifiability is introduced as an attestation layer over the existing execution flow.
This enables a new class of trust-minimized agentic systems where the correctness and compliance of every critical action can be proven on-chain, turning AI agents from opaque black boxes into auditable, accountable participants in decentralized protocols.