ZK-Policy Engine for Trust-Minimized Web3 Agents Automation
As demonstrated by Patlan et al. (Cornell / UIUC, 2025) in “Real AI Agents with Fake Memories: Fatal Context Manipulation Attacks on Web3 Agents” , Dominant agent architecture today is fundamentally unsafe, and the problem is not the smart contract, but agent context. Modern Web3 agents are vulnerable to context manipulation attacks, including:
prompt injection
memory poisoning
persistent context corruption
Our Solution
Opaque is a policy-enforced execution layer for Web3 agents where:
Agents propose actions
Policies are evaluated outside the agent’s context
Authorization is proven cryptographically
Execution happens only after on-chain verification
The agent never sees policy logic, thresholds, constraints, or decision rationale. The Cornell research showed that:
Attacks succeed because policies live in agent context.
Memory persistence makes compromise durable
Prompt defenses fail
Opaque eliminates the attack surface by removing policies from agent context, enforcing them via cryptographic proof, and anchoring verification on-chain before execution. Mantle Network provides low-cost, fast verification and execution layer for the agents intended actions
Opaque composable circuits was built with noir and verifier contract deployed on Mantle Sepolia Testnet. Enclave was deployed on AWS nitro, and plugin-opaque (Eliza OS plugin for generating proofs from the enclave and executing transactions on Mantle, and an AllowanceBot Agent to demonstrate opaque transactions from agent