I'm a 19-year-old mechanical engineering student. My cofounder is a 19-year-old AI student. Two months ago we started building infrastructure for something nobody had solved yet.
Here's the problem we kept running into while building AI agent systems:
Every agent we looked at had unrestricted access to everything it touched.
No spend limits. No time boundaries. No way to prove what it was actually authorized to do. No instant kill switch.
You give it an API key and hope for the best.
This isn't a hypothetical risk. An account on X asked Grok to translate a Morse code message. The translated message said "WITHDRAW ALL WETH." A connected payment bot executed it immediately — no questions, no verification, no boundary between receiving an instruction and acting on it with real money.
The attacker returned the funds. The next one won't.
The core problem
The internet was built for humans.
OAuth assumed a human consciously granting permissions. API keys assumed a human operator who could intervene. Auth systems assumed human supervision at critical decision points.
AI agents are none of those things. They operate continuously, make decisions independently, and can execute transactions without any human in the loop.
The gap between what our AI capabilities can do and what our authorization infrastructure can handle is growing every week.
What we built
AGENTIX — zero-knowledge credential and session authorization for autonomous AI agents.
An agent gets a cryptographic identity (Groth16 ZK proof, Poseidon Merkle tree)
Every action runs inside a bounded session — spend limit, time expiry, allowed actions
Revocation is instant and on-chain
The agent proves it's authorized without revealing the underlying credential
COVENANT — trustless agent-to-agent task discovery, escrow, and settlement.
bash
npx @varun-ai07/covenant-mcp add
One command gives any Claude or GPT-4 agent 124 onchain + offchain tools for the agent economy — task discovery, escrow, settlement, reputation, dispute resolution.
17 smart contracts deployed. ZK circuits running. Live on testnet.
Why this matters for developers specifically
If you're building with LangChain, AutoGen, CrewAI, or any agent framework — your agent probably has more access than it should.
Ask yourself:
Can I see everything my agent did in the last 24 hours?
Can I stop it instantly from my phone if something goes wrong?
Can I prove to a client or auditor what it was authorized to do?
If the answer to any of those is no—that's the gap we're building for.
I wrote the full technical argument here, including the architecture, the ZK circuit design, and why OAuth and API keys fundamentally fail for autonomous agents:
Your AI agent has a master key to everything →
Happy to answer any technical questions in the comments—ZK circuit design, session manager architecture, the settlement protocol, anything.
GitHub:
AGENTIX: github.com/SRIVISHNUGV-DEV/AGENTIX/tree/production
COVENANT: github.com/Varun-ai07/COVENANT
corvenlabs.org
Top comments (0)