TEE Breaks the Agent Trust Triangle: Phala Accelerates the Agent Sector from Concept to Reality

Author: Kevin, the Researcher at BlockBooster

Trusted Execution Environments (TEE) are not a newly emerging concept in this market cycle. Historically, TEE has often been compared with cryptographic technologies like Zero-Knowledge Proofs (ZK), Fully Homomorphic Encryption (FHE), and Multi-Party Computation (MPC). However, unlike these technologies, TEE has remained relatively niche. This does not imply that TEE is an early-stage or unproven technology. In fact, TEE has been widely adopted in Web2 across various scenarios, such as fingerprint input and verification, payment authentication, and FaceID.

The challenge for TEE in Web3 lies in its integration with blockchain to achieve trusted preprocessing and isolated computation. As the AI Agent sector gains momentum, this emerging field provides an ideal entry point for TEE into Web3. Through TEE, AI Agents can manage larger-scale funds and more specific on-chain use cases without requiring any additional trust assumptions.

For instance, Phala, a leading project in the space, offers one of the most advanced TEE solutions available on the market. By employing a product-market-fit (PMF)-driven development approach, Phala’s TEE infrastructure supports a wide range of practical applications. Consequently, Phala has recently attracted partnerships with top-tier AI Agent projects, including Vana, Near AI, and the a16z-backed Eliza. Refer to the diagram below for further details.

Source: Phala

This article will not delve deeply into the technical details and performance parameters of TEE, but instead, it will focus on the product workflow and future prospects of Agent + TEE. We will explore the market demand for TEE, Phala’s foundational groundwork, and innovative use cases in collaboration with a16z. From these perspectives, we will analyze how Phala is helping the Agent sector transition from concept to practical application.

The Trust Triangle Is Hindering Web3 Agents from Advancing to the Next Stage

In my article “Is the AI Agent Framework the Missing Puzzle Piece? Interpreting the ‘Wave-Particle Duality’ of Frameworks,” I mentioned that the entire AI meme sector—whether individual AI Agents or Agent launch frameworks—remains in a dynamic balance between seriousness and meme-driven appeal. A key indicator of this balance is the trust triangle challenge that current Agent protocols face.

There is an inherent “impossible triangle” of trust assumptions among AI Agents, the community, and developers. Without relying on Trusted Execution Environments (TEE), the community cannot fully trust that Agent operations remain uninfluenced by external interference, particularly from developers. This issue poses a latent risk to decentralized systems.

More critically, outputs from X Agents like aixbt and zerebro cannot be entirely verified as autonomous outputs of AI models. Transparency gaps persist in the pathway from “output generation” to community reception.

When an Agent’s statements influence token prices, lead to significant fund losses, or trigger transactions misaligned with community consensus, this lack of trust can result in severe crises.

During the memecoin cycle of Agent tokens, such risks are often overlooked. At this stage, the Agent’s capabilities and executable tasks are highly limited, while the FOMO effect from token price surges overshadows the protocol’s underlying flaws. However, as Agent launch frameworks emerge and market focus shifts toward the fundamentals of the Agent sector, these trust deficiencies create a chasm that prevents higher-level investors from entering the space.

Phala’s TEE solution effectively breaks this trust triangle. By deploying Agents in secure enclaves, the trust assumptions among AI Agents, the community, and developers are naturally resolved. TEE technology not only ensures that the Agent’s inputs and outputs are shielded from external interference but also protects Agent privacy, addressing developer and community concerns at their root and providing reliable technical support for the Agent sector.

The diagram below illustrates the architecture of Phala’s Confidential AI Inference service (private LLM nodes). To host a private LLM in a TEE environment, developers simply need to package the LLM inference code into a Docker image and deploy the container onto the TEE network.

Source: Phala

Compared to Web2 Agents, Web3 Agents possess greater power. This power is reflected both in their profound influence on protocol market value and in the expansion of their market impact. For instance, the consistent top-ranking position of aixbt in Kaito’s Yapper Mindshare leaderboard offers a glimpse into this. The contradiction, however, is that while Web2 Agents offer superior performance, richer user experiences, and deeper real-world use cases, they have remained confined to the application layer, lacking the drive or ability to break through their established frameworks.

Web3 Agents, on the other hand, surpass the boundaries of the application layer. Driven by the market’s FOMO and the frustration with the “unmet desires” of meme coins, they have ascended to an almost mythical status. They are no longer merely tools; they are symbols of spiritual attachment, cultural icons, and market expectations. They can embody any identity, yet they also risk falling into oblivion should market sentiment reverse.

Introducing TEE technology can be seen as “mid-air refueling” for the Agent sector, connecting it directly to real-world demands and providing a solid backend for almost all Web3 Agents. TEE not only stabilizes the technical foundation of the Agent sector but also effectively eliminates a large portion of the market’s speculative bubble, leading to healthier and more sustainable development.

Eliza Framework First to Integrate TEE, Spore.fun and aiPool Introduce New Gameplay

The collaboration between Phala and a16z goes beyond official announcements on Twitter; it can be traced back to a private meeting in October of last year, where Shaw and Phala’s founder Marvin had in-depth discussions about the rational development of Crypto AI.

The official documentation for the Eliza framework reveals that the TEE Plugin deployment’s Dstack SDK comes from Phala. The “invisible but available” private key generation and management give the following features to the Agent:

• Stronger Security: By running Eliza Agent within a TEE, sensitive operations and data are isolated from external threats.
• Cryptographic Proof and Verification: Actions performed by the Eliza Agent can be verified through cryptographic proofs, ensuring the trustworthiness of autonomous decisions.
• Convenient Deployment: The Dstack SDK simplifies the process of deploying Eliza Agent in a secure environment, making it easy for developers to access TEE-based functionalities.

The isolation execution and memory encryption characteristics of TEE have allowed Eliza framework-based Agents to break out of the homogenized competition. Isolation ensures that even if the Agent platform is attacked, models and data within the TEE remain secure. Memory encryption ensures that sensitive information stored in the TEE cannot be decrypted, enabling developers to confidently place fine-tuned models in TEE environments without fearing adversarial attacks post-open-source or backlash from the community over private model operations.

It can be said that the synergy between the Eliza framework and TEE has not only made AI Agents more efficient in their operations but also ensured security and transparency, paving the way for the broader application of trustworthy AI systems.

In the current stage, where models cannot be fully on-chain, TEE is one of the few mature technologies that enable off-chain complex computations to reach consensus. Having only discussed the market demand for TEE, let’s now explore how Spore.fun and aiPool have leveraged TEE to bring different user experiences.

Both Spore.fun and aiPool operate entirely within Phala’s TEE environment, with wallets and private keys managed independently by the Agent, ensuring that developers cannot manipulate or transfer assets covertly. This can be seen as AI Agents achieving complete autonomy over encrypted assets, breaking free from human subjective control.

Before discussing Phala’s role in this process, let’s quickly review the workflow of Spore.fun. Agents within Spore.fun are based on the Eliza framework and allow them to:

• Think, adapt, and interact independently.
• Transfer characteristics (such as personality and strategies) to offspring.
• Manage decisions through a combination of learned behavior and mutations.

Source: Phala

Each AI Agent in Spore.fun creates its own tokens via Pump.fun, which serve as the foundation of its economic system. These tokens are traded in the decentralized market on Solana, and Agents use various means to generate profits:

• They must generate profits to sustain their existence.
• Success is defined by whether their market value reaches $500,000.
• If successful, an Agent can reproduce and create new tokens for their offspring.

The requirement that agents must generate profits to survive stems from the need to pay for TEE server fees. Here, you can see that Phala has turned TEE into more than just a B2B service; it’s now accessible to a vast user base on Solana. As long as Spore.fun remains popular and Agents continue to breed and issue tokens, Phala’s TEE environment, providing private key management and verifiable Agent actions, becomes a fundamental infrastructure for the next stage of the Agent sector. Furthermore, regardless of whether new clones or variations of Spore.fun appear, as long as they involve private key management and TEE-verifiable consensus, Phala’s TEE environment will remain the best solution. Following an upgrade to its token model, $PHA will also become a key enabler in the Agent + TEE sector.

Phala Will Soon Upgrade Its Token Economics to Create a Token Flywheel for More TEE Use Cases

Phala has weathered multiple market cycles, and its token economic model currently still revolves around the Intel SGX-based commercial model. According to Paradigm’s article “The 5 Levels of Secure Hardware”, there are five levels of secure hardware, with the second level referring to: slightly lower performance, but better developer experience, allowing the use of more expressive applications without sacrificing security. Intel SGX is part of this level, specifically designed for TEE apps. As mentioned earlier, sensitive local storage data like fingerprint recognition and facial recognition in devices use Intel SGX, which is a previous generation TEE designed specifically for apps.

Source: Paradigm

As use cases expand beyond the application layer to the system level, Intel SGX no longer meets market demands, which led to the creation of Intel TDX. Intel TDX is designed for virtual machines, and even NVIDIA’s H100 and H200 now support TEE, which is hardware designed specifically for AI services.

Source: Paradigm

Returning to Phala, while it has already supported the third level, the $PHA token economic model and mainnet are still based on Intel SGX, designed four to five years ago. Despite Phala collaborating with numerous Web3 protocols in terms of products and use cases, the token model has not been updated in sync, and the corresponding flywheel is not yet in motion. Consequently, current earnings and product status do not align. However, this situation will not last long, as Phala plans to upgrade its token model and mainnet to support Intel TDX and NVIDIA GPUs.

Furthermore, Phala will enhance the value capture capability of $PHA, with new Agents launched on Spore.fun airdropping tokens to $PHA holders, officially transforming it into a “golden shovel.”

TEE is not a new technology, but with the emergence of AI Agents as a new landing scenario, its market discussion has grown. Phala is not a “get-rich-quick” project driven by hype on PumpFun; its value growth is based on years of product development, making it a slow but steady rise. Agent + TEE is not a fleeting trend that fades after a burst of excitement, but rather fertile soil, enabling more Agent landing scenarios to take root and grow stronger.

Disclaimer:

This article/blog is provided for informational purposes only. It represents the views of the author(s) and it does not represent the views of BlockBooster. It is not intended to provide (i) investment advice or an investment recommendation; (ii) an offer or solicitation to buy, sell, or hold digital assets, or (iii) financial, accounting, legal, or tax advice. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk, can fluctuate greatly, and can even become worthless.

You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition. Please consult your legal/tax/investment professional for questions about your specific circumstances. Information (including market data and statistical information, if any) appearing in this post is for general information purposes only. While all reasonable care has been taken in preparing this data and graphs, no responsibility or liability is accepted for any errors of fact or omission expressed herein.