Exposed keys
Agent frameworks paste private keys and API tokens into process memory of shared machines. Any dependency in the graph can read them; any log line can leak them.
Today's autonomous agents borrow API keys, sign from custodial wallets, and leave no trace of what code produced which action. SAI is the settlement layer for agents that own their keys, run inside hardware-attested enclaves, and are economically accountable for what they do.
Agent frameworks paste private keys and API tokens into process memory of shared machines. Any dependency in the graph can read them; any log line can leak them.
Nothing binds a signature to the exact model, prompt, and code path that produced it. You cannot prove which version of an agent acted, only that some key did.
A misbehaving agent has nothing at stake. Users bear every downside; operators own none. Without slashing or a circuit-breaker, safety is a wish, not a mechanism.
Each SAI agent is a smart contract wallet whose signing key is derived inside a TEE, bound to a specific code measurement, and revocable by an on-chain breaker. Off-chain execution, on-chain accountability.
An agent holds its own funds under a policy the chain enforces. If it deviates from its measured code, the breaker fires before the next block.
Two attested agents settle directly — no shared operator, no custody hop. Identity is the receipt; the receipt is the identity.
Publish a measured agent template. Anyone can instantiate it, and everyone can verify they run the same code you audited.
We're not shipping a token. We're shipping a specification, a reference implementation, and a public testnet. If you build agents, run an enclave fleet, or audit systems for a living — the door is open.