AI x AVS Deep Dive: Agent Authorization Network

Introduction

Demand for autonomous AI agents is on the rise. These self-sufficient programs leverage artificial intelligence and machine learning to perform specific tasks on behalf of users. Designed to operate with minimal human intervention, they independently work towards achieving predefined goals.

The future of software will be agentic, moving away from today’s manual interfaces and workflows. Instead of users directly interacting with applications, agents will act as intermediaries, capable of understanding context, delegating tasks, and coordinating across systems on the decentralized internet. While agents excel at autonomous decision-making, they require mechanisms to access limited resources such as APIs, protocols, payments, and data—currently locked behind human-driven authorizations and trust assumptions.

Currently, internet platforms utilize solutions like Auth0 as a flexible human identity management solution, standardizing user authentication by providing tools for securely logging into systems (Gmail, Apple ID), Single Sign On (SSO), and multi-factor authentication (MFA).

Auth0's human-centric model falls short when resource-access requests originate from agents rather than humans, highlighting the need for alternative infrastructure specifically designed for agent-based authorization. Such infrastructure would enable secure and flexible access to resources across both traditional and decentralized web ecosystems. Auth0 recently introduced an authentication solution for Generative AI applications, limited to API access for platforms like Google and GitHub. This does not address broader needs such as payment interoperability, agent-to-agent engagements, or agent-based resource management.

The authorization landscape is in the midst of a radical shift, with builders increasingly recognizing the shortcomings of traditional models. As the demand for more secure, efficient, and scalable systems grows, Actively Validated Services (AVS) emerge as the most promising solution.

Highly secure public blockchains (i.e Ethereum) offer a strong foundation for verifiable systems, and recent advancements in distributed system design—especially shared security protocols—make it possible to build these networks entirely on crypto rails as AVSs. Here’s what this type of architecture brings to the table:

  • Self-enforceability and verifiability - Enables transparent systems with ground rule enforcement through smart contracts, cryptographic verification and consensus.
  • Programmable actions: Enables complex logic design through off-chain computation and on-chain validation, allowing agents to execute predefined, intelligence-rich tasks free from the constraints of traditional blockchain execution environments (VMs).
  • Secure delegation: Cryptoeconomic mechanisms ensure secure and trustless delegation of user accounts.
  • Financial interoperability - provides a way for agents to leverage programmable financial rails to perform autonomous, intelligence-based monetary actions.

Several teams are driving innovation in the development of autonomous agents by leveraging crypto infrastructure. Gaia is creating a decentralized computing framework that empowers individuals to build, deploy, and monetize their AI agents. MotherDAO, a collaboration between Gaia, Othentic and Eigenlayer is a verifiable LLM inference system. Ungate is building an intuitive platform for deploying personalized social agents. Omo enables developers to create agents with integrated on-chain functionalities. Giza is working on ARMA, an autonomous yield optimization agent designed to maximize returns on stablecoin deposits.

For an authorization network to effectively safeguard access to capital, the underlying infrastructure must employ large-scale cryptoeconomic security measures to prevent malicious activities. Furthermore, robust key storage mechanisms are essential to ensure privacy and security at the core.

Shared security protocols (i.e. EigenLayer) accelerate the bootstrapping stage of distributed systems and pave the way for open innovation - developing AI infrastructure and applications on decentralized foundations.

Building decentralized products has traditionally been a complex and resource-heavy process, requiring deep knowledge of low-level infrastructure development. In addition, AI systems are inherently complex and demand substantial development resources.

Developing this authentication system as decentralized protocols adds another layer of complexity and introduces development barriers. 

Builders should focus on what matters most - building novel products.

The Othentic Stack 

Leveraging a library of production-ready components, developers can focus on their core service logic while abstracting away complexities around consensus, operators, networking, messaging, and attestations.

The Othentic Stack expands the design space of decentralized AI systems, enables efficient development of self-enforceable and verifiable systems, and provides the foundation for a wide range of innovations.

This article will explore how the AVS primitive can set the foundation for AI agent authorization. We'll first examine the market opportunities and use cases that make this infrastructure essential. Then, we'll dive deep into the technical architecture, showing how the Othentic Stack enables developers to build robust AVS networks. Finally, we'll look at practical implementation strategies and discuss how this technology could shape the future of autonomous AI systems.

Unlocking Growth Opportunities

The AI Agent economy is expected to grow to $200B+ by 2035. As Agentic interactions dominate the web, there will be an increasing need for authorization solutions that expand agent capabilities with:

1. DeFi operations

As DeFi ecosystems grow, AI agents are becoming indispensable for automating tasks like yield farming, risk management, portfolio rebalancing, and cross-chain operations. These agents autonomously monitor markets, optimize strategies in real time, and interact with multiple protocols, eliminating manual inefficiencies.

A key advantage of blockchain-based AI agents is financial interoperability. Crypto’s programmable nature allows seamless execution of conditional trades and automated strategies across decentralized protocols, unlocking new ways to manage and deploy capital efficiently.

Example: An AI agent optimizing stablecoin yields for idle USDT or USDC:

  • The user delegates wallet access, restricting permissions to stablecoins while safeguarding other assets.
  • The agent analyzes vast datasets—market conditions, oracle feeds, and protocol states—to identify opportunities.
  • Upon finding profitable options, the agent autonomously executes arbitrary tasks like staking or unstaking, flash loans, arbitrage, providing and removing liquidity, or bridging funds across chains.

Secure wallet delegation ensures users retain full ownership and control, with safeguards in place to prevent errors or unauthorized actions, maximizing returns with minimal risk.

2. Enabling agent-to-agent ecosystems

Perhaps the most exciting frontier is the emergence of agent-to-agent economies, where AI systems collaborate and trade value autonomously. This ecosystem enables:

  • Trustless collaboration between specialized agents
  • Automated value exchange for services
  • Complex multi-agent workflows

For example, A DeFi management agent might commission specialized risk analysis from another agent and utilize the services of a third designer agent to produce a visual performance report, with the authorization network ensuring secure payment and verifiable delivery of services. This creates a new paradigm of automated, trustless cooperation between AI systems.

3. Payment for 3rd party services

Agents often require resources during runtime to complete tasks—purchase API credits, access data or even hire human services for tasks beyond a machine’s capabilities. These require secure and seamless payment authorization alongside programmable access controls to ensure agents operate within user-defined parameters.

Example: A research agent autonomously accesses premium data from APIs, such as market trends, scientific studies, or financial records, to deliver actionable insights. For instance, the agent may purchase trading data, analyze patterns, and provide recommendations. To do this, these agents require authentication to access user assets and execute purchases. The agent manages this process seamlessly by performing API payments via an Auth network. 

Looking Ahead

These opportunities represent the beginning of what's possible with properly authorized AI agents. As the technology matures, we'll likely see entirely new use cases emerge, particularly at the intersection of autonomous systems and financial operations. The key to unlocking this potential lies in building robust, secure authorization infrastructure that can scale with the growing complexity of agent interactions.

Architecture Design

The AI Authorization AVS architecture utilizes on/off-chain components. The components comprise a multi-party computation (MPC) layer, Policy Box, user registration, access control policies, and validation through a peer-to-peer consensus mechanism. On-chain smart contracts handle state storage for network transactions and enforce node rewards and penalties, maintaining transparency and accountability across the system.

The Policy Box ensures that the actions initiated by an AI agent are approved via the network only when specific conditions and pre-defined policies are met, ensuring enhanced control and safety. AI agents require authentication mechanisms and defined access-control policies to enable secure operations. Authentication confirms the agent's identity and permissions, while authorization policies regulate actions. Common frameworks like Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) are used to manage and enforce these permissions effectively.

The MPC layer is where user keys are split into fragments and distributed across decentralized nodes, to ensure secure and fault tolerant key management. The MPC network is responsible for consensus regarding authorization of transaction payload. These nodes independently sign transaction requests using their key share, which is then aggregated to determine validity of the block.

Key Benefits of This Architecture:

  1. Decentralized and secure asset storage: User assets are safeguarded with cryptoeconomic security and battle-tested key management methods.  
  2. Secure wallet delegation: AI agents autonomously execute transactions under predefined rules while ensuring user control over asset access and spending policies.  
  3. Access-control mechanisms: Customizable conditions ensure AI actions align with user intent, minimizing risks from agent misbehavior or errors. 
Building AI Auth Network Using Othentic Stack

Creating decentralized systems involves managing MPC node pools, designing inter-node communication, ensuring reliable consensus on agent actions, and integrating on-chain attestations—requiring deep knowledge of low-level development. The Othentic Stack addresses these challenges by expanding the design space of decentralized systems while abstracting away low-level implementations. 

In the Othentic Stack:

  1. The unit of work to be carried out by the nodes is a ‘task’, which can be any off-chain computation. Read more about tasks here.
  2. There are primarily three node types:
    1. Performer nodes who execute tasks;
    2. Attester nodes who vote on the validity of a task;
    3. Aggregator nodes who calculate the votes, the voting power of individual operators, and submit the task on-chain to complete the network’s consensus on Task validity or invalidity.
  3. The core logic of the network lives inside the Execution Service, which Performer nodes run when they execute a task, and the Validation Service, which Attester nodes run when they need to determine if a task is valid or not. These services can contain any arbitrary logic and be written in any programming language.

Here are the core components of the proposed AVS architecture and how they come together from task initiation to finalization:

  1. Performer Nodes: Performer nodes handle the execution of Tasks. In the authorization network, a Task would involve validating incoming agent action requests. The Othentic Stack enables developers to configure multiple Tasks with customizable parameters, rewards, and Operator clusters.
    When a Performer node receives a Task execution request from an Agent, it also gets the associated parameters, such as user details or transaction data. These requests are validated against the predefined authorization policies and access control settings defined as part of the network’s Execution Service, which can otherwise be called the ‘Policy Box’.
    Upon successful validation, the Performer node generates a Proof of Task, a cryptographic string that it broadcasts to the peer-to-peer (p2p) network for further verification.
  1. Attester Nodes: The attester nodes propagate the proof of task throughout the network. They then run the Validation Service in a Trusted Execution Environment (TEE) to cross-verify user conditions. Each node individually attests to the validity of the task by signing the TEE report with their respective key shards and broadcasting their vote to the peer-to-peer network.

  2. Aggregator Nodes: The aggregator listens to attestations and weighs them against the voting power of the Operator who cast them. It then aggregates the attestations into a BLS (Boneh-Lynn-Shacham) signature and submits this aggregated signature to on-chain smart contracts for execution.

  3. On-Chain Contracts: The on-chain contracts serve as the actual footprint of the AVS. Consensus is reached off-chain, and only the result is written to the contracts. Once the transaction payload is submitted on-chain, an AVS logic hook contract can be implemented to enable transaction execution prior to task submission on-chain.
    These contracts handle the accounting, rewarding honest nodes, penalizing dishonest ones, and managing slashing events accordingly.
Deploy an Authorization AVS

To translate the architectural principles into a functioning system, developers can follow these steps to set up and deploy the proposed AI Authorization Network using the Othentic Stack:

  1. Set Up the Sample Price Oracle AVS
    Begin with the AVS Quick Start Guide, which provides a foundational example. Clone the repository and install the necessary dependencies as detailed in the documentation. Use the provided commands to run the AVS locally and familiarize yourself with the operations.
  2. Customize Core Services
    • Execution Service: This microservice handles task execution. Implement the required logic to align with your use case, leveraging the flexibility of the Othentic framework to write code in any programming language.
    • Validation Service: Define tailored validation logic to meet your authorization policies. Consult the documentation for examples and configuration guidelines.
  3. Define Task Specifications
    Create detailed task definitions that encapsulate your desired operations. Ensure that all parameters, including taskDefinitionId, are correctly configured for seamless execution.
  4. Set Up Task Triggers
    Configure triggers to initiate task execution. Performer nodes invoke the Execution Service by referencing the appropriate taskDefinitionId. Follow the documentation to integrate custom triggers effectively.
  5. Deploy and Test
    Start all services, including Execution and Validation, alongside the Performer, Attester, and Aggregator nodes. Execute tasks and review outputs to verify that your AVS operates as expected.
Importance of TEE and MPC in AI Agent Authorization Networks

We briefly discussed TEE and MPC in the context of network architecture design and node functionality. However, it's essential to delve deeper into why these cryptographic tools are vital to the operation of the network and the critical role they play in ensuring its security and efficiency.

How Does MPC Work?

MPC enables multiple participants to compute a public function without disclosing their individual private inputs. In the context of agent authorization, the private data consists of sharded parts of the user’s private key, along with relevant details about the user's roles, access, and permissions within the network. Each node checks for validity of the transaction and signs it with their sharded key which is then aggregated to determine validity of the block.

Role of TEEs in Securing MPC Networks

While MPC ensures privacy by encrypting individual node contributions, it also creates challenges in detecting malicious behavior, as nodes’ actions remain hidden. TEEs help solve this by providing a secure execution environment within processors where data and code are protected from tampering. TEEs enable the validation of computations within an MPC network, ensuring that nodes behave correctly. If a node deviates from the expected behavior, it can be penalized through slashing mechanisms. This integration of TEEs into MPC networks strengthens security, enabling both efficient execution and accountability in AI authorization processes.

Use of Cryptoeconomic Security

Cryptoeconomic security is the backbone of the AI Authorization Network, ensuring that participating nodes act honestly and malicious behavior is deterred through economic penalties. Here's how it works:

Honest Behavior
  • Reward Mechanism: Nodes that behave honestly and follow validation logic and consensus rules such as validating agent actions, signing them using their share of private keys (via MPC), and ensuring adherence to predefined policies - receive rewards proportional to their contributions as defined in the Task Definition.
  • Reputation Accumulation: Honest behavior enhances a node's reputation within the network, potentially granting it access to more responsibilities and rewards over time. We can even design an authorization system with different reputation requirements for different task types. The nodes can be ranked based on reaction time, voting participation rate, liveness checks, lifetime requests approved and total time spent on the network.
Misbehavior and Dishonest Behavior

Signing invalid agent actions, colluding with other nodes to manipulate outcomes, executing tasks outside TEE environment or failing to participate in consensus, trigger penalties:

  • Slashing Conditions: When evidence of misconduct is detected, the network can enforce slashing or penalise the node depending on the severity of the action. Most importantly, AVS architecture helps ensure liveness in the network by enabling rotation of Performer nodes, similar to Ethereum’s proposers, and enabling slashing safeguards through underlying cryptoeconomics.
    A slashing event refers to the loss of a participant's staked principal due to malicious or faulty behavior. Penalization may involve the withholding of participation rewards rather than the actual loss of staked assets.
  • Reduced Privileges: Inactive or malicious nodes may lose access to network participation or face temporary bans, further reducing their ability to cause harm.

Economic Actors and Potential Models

Now that we’ve looked at the potential market demand for the AI Auth AVS and the architectural details about the AVS, let's look at ways the AVS generates potential revenue for a sustained network economics. In our case there are multiple important Economic actors at play, the User, Operators and Agents:

  1. User: Sets up policies and funds the network by paying a setup fee and transaction fees. The setup fee generates an MPC EOA (an account with associated private key owner) for the agent and funds it for future transactions. Users are the primary source of payment in the network.
  2. Agent: Acts on behalf of the User to initiate and execute requests based on User’s preset policies. The Agent interacts with the network for transaction authorization. The Agent might be compensated with a share of the transaction fees for successfully executing tasks.
  3. AVS Operator: Operates and maintains the network's nodes (Performer, Attester, Aggregator). They validate transaction requests, ensure network availability, and facilitate consensus. Operators receive rewards and penalties based on their contribution in the smooth functioning of the network.

Alice, a user of the network, sets up an authorization flow and pays a setup fee, which is used to generate an MPC EOA for her agent and fund it with crypto for future network usage. The agent, following Alice's predefined policy, initiates requests. If the network confirms the request, the agent gains authorization to access the funds controlled by the EOA. The Operators receive a portion of the fee for running the network nodes and authorizing the transaction. Additionally, the network can choose to compensate participants in their native token, another asset like ETH or stablecoins, or a hybrid model.

As the network processes multiple transaction requests through Agents, it may be more practical to charge users based on the number of actions they request. 

Another example on the implementation of an economic model, we can look at Privy, a B2B authorization solution that relies on a traditional Web2 revenue model. Privy provides an SDK to integrate authorization for apps and platforms, complete with backend Web3 wallet support. Privy charges a monthly cost based on usage - or monthly active wallet count. 

The superiority of a blockchain-based authorization network lies in the ability to implement per-action economics. For each task, the network defines how much each operator role should be compensated for their participation. The fee is deducted from the transaction itself or the user’s funds held in the MPC wallet, ensuring guaranteed distribution of rewards to operators involved. 

One potential go-to-market (GTM) strategy is to target agent launch platforms like Virtuals, Spectra, ElizaOS and similar ecosystems. These platforms could integrate the authorization network directly into their stack, enabling developers to create agents inherently capable of performing secure and autonomous actions. By embedding network integration, these platforms can offer developers streamlined access control management, secure agent profiles, and enhanced functionality, ensuring agents are both powerful and safe to use.

Conclusion

For teams building AI agents, this article provides an insightful overview of the value and potential of an Authorization Network for AI, built as an AVS. By leveraging decentralized trust, verifiability, programmable access controls, and cryptoeconomic mechanisms, AVSs offer a scalable infrastructure for the next generation of AI-driven applications.

However, it's important to acknowledge some challenges. TEEs, while essential for enabling secure computation within an authorization network, remain an area of active research. TEEs carry inherent risks like hardware vulnerabilities and reliance on centralized manufacturers. On another front, agents handling highly time-sensitive operations might encounter delays due to the time required for the network to reach consensus on requests. Addressing these issues could involve leveraging intent-based execution and more advanced message propagation methods, though a full exploration of these approaches is beyond the scope of this article. These challenges, while significant, represent exciting areas for future development and innovation in the field.

At Othentic, we’re excited about the future of AI and decentralized systems. If you’re looking to build innovative AI systems or want to discuss this evolving space, don’t hesitate to reach out to us. We believe AVSs can unlock the full potential of Authorization Networks for AI and open the gates for a more secure, efficient, reliable and aligned AI future.

About Othentic

Othentic Stack orchestrates the development of low-level AVS infrastructure.

Imagine a canvas with all of the essential building blocks to spin up an AVS, highly configurable and versatile in all aspects of AVS development, while underlying complexities around consensus, operators, networking, messaging, and attestations are abstracted away.

Docs - https://docs.othentic.xyz 

Website - https://www.othentic.xyz/ 

Twitter - https://x.com/0xOthentic 

Discord - https://discord.com/invite/za9tpCdSzs 

Othentic
Blog
(C) 2024 Othentic, All Rights Reserved, an Othentic Labs Project
TERMS OF SERVICE