Threat model

It is important to note that autonomous AI agents do not need to store the history of the common AI agent state permanently. This implies that AI agent may be internally using blockchain-like technology, but they never implement a standard L1/L2 layer.

Autonomous AI agents work under the following threat model:

• an AI agent is managed by an AI agent owner, who is in charge of managing the AI agent life cycle (e.g. sets it up and can shut it down)

• an AI agent is run by a set of operators, each running at least one agent instance, for a total of n agent instances

• Every pair of agent instances in the AI agent can securely and independently communicate

• A majority of the n agent instances run the agent code defined by the AI agent (typically at most ⅓ of the instances are allowed to be malicious for the AI agent to be guaranteed to run)

• A malicious agent instance can deviate arbitrarily from the code that is supposed to run

• An AI agent is registered in a L1/L2 blockchain from which the economic security of the AI agent is bootstrapped

• Every operator must lock a deposit for each agent instance they own in the L1/L2 blockchain where the AI agent was registered

• Agent instances can punish each other's misbehavior by submitting fraud proofs to the underlying chain, causing slashing of the deposit of the malicious instance

• The AI agent owner locks a deposit equal to the largest deposit requested from the agent instances. This is used to incentivise the AI agent owner to release the agent instances deposits at the end of the lifetime of the AI agent

An autonomous AI agent is decentralized by virtue of minimizing the trust placed on individual agent instances. Although an AI agent owner could potentially be penalized for misbehavior, they are assumed to act honestly.