AI Agents Need A Privacy Layer

Despite what short-term sentiment might indicate, AI agents aren’t dead. In fact, nothing has fundamentally changed in terms of blockchain x AI. There’s a continual drumbeat of progress, there’s a lot of activity, and new vertical agents are emerging daily to solve real problems. And the rate at which models and development kits from traditional AI are improving means just one thing: crypto agents are becoming more powerful by the day. 

The space will rebound for the simple fact that agents are inevitable, and web3 offers some undeniable benefits to agents. Crypto can streamline payments, provide a means of capital formation or fundraising, and add cryptographic verification to AI workflows. It can also help address one of the gaping holes in the foundation of agentic trust: data privacy. 

Why AI Agents Need Strong Privacy Protections

As many have pointed out, the current crop of “AI agents” are really just APIs. They retrieve, compute, and repeat information. No real agency. But as the pace of development ramps up, agents are evolving and improving. This is particularly true of multi-agent systems.

We’re rapidly moving toward a world where agents aren’t just simple automation tools but important actors. As agents enter higher stakes roles like managing DeFi portfolios, doing parts of jobs, organizing a user’s life, etc., they must become trustworthy partners. But this won’t happen (at scale) unless they can be relied on to protect personal data. 

It's necessary to take it on faith that today’s models (and the developers behind) them won’t misuse or leak the massive amounts of personal information being funneled to them. This is untenable. And that’s why private agents are needed. That is, agents who keep some or all of their inner workings to themselves. 

This is needed because not every scenario requires full transparency. Indeed, many use cases are nonstarters if that's the only option. E.g., it’s not a great idea to delegate onchain finances to an agent if it's storing and processing the prompts or metadata in plain text.

So, privacy is clearly key when thinking about personalized agents or specialized agents that operate within certain professional domains.  More often than not, this is about protecting sensitive data as a user feeds the agent all of its context to achieve greater results. Think finances, religious beliefs, immigration status, medical history, etc. 

There’s also plenty of jeopardy for businesses, where problems center around protecting a company's IP or competitive position and ensuring regulations are followed. Think trade secrets, knowledge capital, supplier information, patient data, etc. The risk of all this leaking is quite real. 

Building Private Agents: TEEs, MPC, ZK, and more

There are multiple dimensions to creating trustworthy agents in both the personal and enterprise sense. This includes solutions for:

• private model weights 
• private computation
• private agent state
• private agent-to-agent interactions

To build this aspect of trust, private agents must leverage privacy-enhancing technologies (PETs) to store/use valuable information securely. TEEs, ZK proofs, MPC, and other PETs let you enjoy the perks of automation and intelligence without sacrificing data privacy. 

One example: Oasis is making it easy to deploy an agent inside a trusted execution environment (TEE), which is backed by remote attestation, bringing with it all the assurances of confidential computing. And when coupled with a private chain like Sapphire, this unlocks many new possibilities. 

For instance, it enables a complete, secure flow, starting with fetching a sensitive learning dataset, decrypting it inside a TEE, performing computation on it, and finally storing a “provably learned” model. You can also use the same setup for inference to ensure truly private LLM interactions in the case of an AI companion.

Such an application enjoys features like:  

• Guaranteed confidentiality
• Tamper-proof data processing
• Open, reproducible builds
• Verifiable execution results 

The same can be applied to organizations that operate under strict privacy or compliance rules. This is critical because if an agent can’t keep a secret, it will never work in industries like healthcare or finance. For example, a healthcare provider will not just utilize someone else's GPU, even if it's an SSH connection, to upload some data to fine-tune a model or interact with an agent because there aren't any guarantees that this happens confidentially. 

The Future: Privacy-Preserving AI

Of course, complete privacy is unnecessary for every agent or even every aspect of a given agent. Transparency will have its role to play, particularly in cases where open collaboration, validating rules or tracing the origins of decisions matter. For this, consensus systems like public blockchains are a perfect solution. 

But more broadly, agent privacy is not an optional feature or a cool add-on; it's a prerequisite for higher-order utility. Above all, privacy opens the door to real value. Things like financial managers who know all the particulars, strategy advisors who understand the endgame, or medical assistants who are fully versed in patient details.

Many seem to recognize that privacy is needed to get there, yet we’re still speedrunning toward a future where agents handle tons of sensitive data without guardrails. This is putting millions of users at risk. It’s also a fundamental barrier that could stall the next wave of innovation. Make no mistake, this is an urgent need. Privacy is nonnegotiable for agents.

Learn more about Runtime Offchain Logic, a private-by-design framework for agents: here.