Audits, exploits, threat models, and defensive engineering across the stack.
zkML, optimistic, TEE, FHE all prove the computation. Restaking takes the other road: bond it and slash liars. We do the cost-of-corruption math behind EigenLayer's $18B AI-AVS security, the overloading attack that breaks it, and the probabilistic-audit tax.
ERC-8004's agent registries went live in January. We read them straight off the chain: ~90,000 registrations across Ethereum and Base, a $0.003 ERC-4337 registration dissected — and a reputation registry already farmed with vouch spam.
zkML costs 1000x, optimistic schemes cost a challenge window. Hardware attestation verifies AI inference at under 7% overhead and ~$0.26 on-chain — if you're willing to trust Intel. Part 3 weighs the third leg of verifiable inference.
An autonomous agent can't sign up for an API key or swipe a credit card. x402 revives HTTP 402 and settles in gasless USDC — here's the EIP-3009 handshake, the facilitator trust model, and where prompt injection breaks it.
The Elliptic benchmark made GNNs the default for on-chain AML. A 2026 leakage-free re-evaluation flips the script: random forests win by 13 F1 points, randomly rewired edges beat the real graph, and every model falls off a cliff at time step 43.
World Chain reserved top-of-block space for verified humans while 382M smart-account ops poured in. We read the Semaphore tree on Ethereum — 17.59M identities, hourly batches at ~3,300 gas each — decode PBH's month-stamped nullifiers, and find the human-only lane sitting almost empty.
An agent holding your raw key is one prompt injection from total loss — and 97% of early EIP-7702 delegations went to drainer sweepers. We read the sweeper's source off the chain, dissect a real 35.97-USDC-a-day spend permission on Base, and do the blast-radius math.
We ran multi-agent LLM pipelines against historical exploit corpora and live audit engagements. The results reshape where AI fits in a security review — and where it absolutely doesn't.