In times when data privacy has become a headline cliché, Chen Feng's vision for Trusted Execution Environments as a foundation for #ConfidentialAI offers a technical and philosophical framework. In his capacity as Head of Research at #AutonomysNetwork and UBC Professor, Feng cloaks #TEE as 'digital castles'-fortified islands where AI agents are sovereign over their logic and data. This metaphor gives an architectural significance to the otherwise highly abstruse domain of privacy technology and thereby states the mission of Autonomys network in the language of security concepts.
His insights are quite captivating for me as a social miner on @DAO Labs #SocialMining Ecosystem.
#AI3
Why TEEs Outperform Cryptographic Alternatives
The cryptographic toolkit already contains ZKPs and FHEs, Feng says, but TEEs are special because they combine performance and security. Zero-knowledge proofs never come free speed overhead, and homomorphic encryption slows computation down by a factor of 10,000; TEEs, on the contrary, just isolate the execution in hardware so that the execution virtually runs at native speed. For any autonomous agents facing real-time decisions-crush decisions about trading crypto assets or handling sensitive health data, this performance differential is truly existential.
Autonomys’ choice reflects this calculus. By integrating TEEs at the infrastructure layer, they create environments where:
AI models process data without exposing inputs/outputs
Cryptographic attestations prove code executed as intended
Memory remains encrypted even during computation
As Feng notes: “When deployed, the system operates independently within its secure enclave, with cryptographic proof that its responses...are genuinely its own”. This combination of autonomy and verifiability addresses what Feng calls the “Oracle Problem of AI” – ensuring agents act independently without hidden manipulation.
Privacy as Non-Negotiable Infrastructure
The podcast presents very worrying scenarios: AI therapists leaking mental health data, bot traders being front-run through model theft, etc. Feng's solution: ensure that privacy is the default through TEEs rather than making it an opt-in feature. Aligning with this is Autonomys' vision of "permanent on-chain agents" that retain data sovereignty along interactions.
Critically, TEEs not only conceal data but also safeguard the integrity of AI reasoning. As Feng's team demonstrated with their Eliza framework, attestations produced with TEEs allow users to verify that an agent's decisions stem from its original programming and have not been subjected to adversarial tampering. For Web3's agent-centric future, this goes from trusting institutions to trusting computation that can be verified.
Strategic Implications for Web3
Autonomys’ TEE implementation reveals three strategic advantages:
Interoperability: Agents can securely interact across chains and services without exposing internal states.
Composability: TEE-secured modules stack like LEGO bricks for complex workflows.
Sustainability: Hardware-based security avoids the energy costs of pure cryptographic approaches.
As Feng summed up: "These TEEs provide an environment wherein these systems can operate independently without manipulation even by their original creators". With the AI space being dominated by centralized players, this view provides a blueprint for true decentralized intelligence-an intelligence whose capability is not gained through compromise of privacy.
Moving forward, the route entities in the ecosystem must collaborate. Autonomys' partnerships with projects such as Rome Protocol for cross-chain storage and STP for agent memory management is the implication that they are not only building technology but also building the connective tissue for confidential AI ecosystems. Now, should more developers take this castle-first approach, we might finally begin to develop AI systems that enable and not exploit, thereby fulfilling the Web3 promise of user-owned intelligence.