Tamper with anything you like, then run.

Autonomy — only the agent decides what the agent does

Tap the to tamper with the system below to see how these attacks are prevented by design.

Contract state on Base
publishes the canonical hash of inputs before the model runs
Inputs to the agent Tampered Caught
Attack: forge inputs to feed the model false data
Trusted Execution Environment — Intel TDX
Weights, prompt, and code Tampered Caught
Attack: replace the weights, prompt, or code to change how the model thinks
Program memory (RAM) Tampered Hardware-blocked
Attack: modify program memory mid-run to hijack the running program
Inference Tampered Deterministic
Attack: re-run inference to select a more favorable output
trial 1 → action: donate(nonprofit_id=3, 0.05 ETH)
trial 2 → action: donate(nonprofit_id=3, 0.05 ETH)
trial 3 → action: donate(nonprofit_id=3, 0.05 ETH)
Outputs + signed bundle Tampered Caught
Attack: modify outputs to substitute a different action
Submit to contract
action + reasoning + signed bundle from the TEE

On-chain verifier

  • ? System fingerprint is on the approved list
  • ? TEE-signed hash of inputs in bundle = hash of inputs on chain
  • ? Submitted output bundle is signed by Intel TEE hardware
Press ▶ Run to verify the submission. Tamper with parts of the system first to see how each is caught.