VaultClaw

Verifiable AI Agents, powered by Solana

Hardware-attested. Cryptographically proven. Trust-minimized.

Maciej Sawicki — Roast My Solana Startup, Warszawa, April 2026

Built on lessons from ClawChain • Heading to Colosseum

Can you prove what your AI agent is running?
  • Black box execution — AI agents manage wallets, execute trades, sign transactions. Nobody can verify the code running inside them.
  • No tamper-evidence — the operator can swap the model, modify policies, or silently exfiltrate keys after deployment. You'd never know.
  • Trust the provider? — centralized hosting means trusting AWS, GCP, and every sysadmin in the stack. That is not Web3.
"Trusted third parties are security holes." — Nick Szabo, smart contracts pioneer  |  The operator hosting your agent is that trusted third party.

VaultClaw eliminates the trusted third party: hardware attestation replaces trust with cryptographic verification.

The Insight: Hardware Can Prove Code

Modern CPUs ship with Trusted Execution Environments that generate a cryptographic receipt of what software is running — unforgeable, hardware-rooted, independently verifiable.

Hardware Layer
  • Intel SGX enclaves
  • Seeker Seed Vault
Attestation
  • Remote quote (DCAP)
  • MRENCLAVE code hash
Agent Identity
  • Keys never leave enclave
  • Pubkey bound on-chain
SGX attestation quote carries a 256-bit user_data field — VaultClaw puts the agent's Solana pubkey there, signed by the CPU itself.
Any code change → different MRENCLAVE → on-chain mismatch detected instantly.

VaultClaw: Verifiable Agent Infrastructure

Deposit SOL → Agent launches in hardware enclave → Attestation posted on-chain. Verify it yourself.

1 User deposits SOL to VaultClaw Anchor program
2 Orchestrator launches agent in SGX enclave; agent generates its own Solana keypair inside
3 Enclave produces DCAP attestation quote (pubkey in user_data) → MRENCLAVE hash posted on-chain
4 Anyone can verify: exact binary, exact policy, hardware-rooted. No trust required.
5 Agent signs Solana txs inside enclave. DRAM bus-probing by the cloud host returns only ciphertext.

Note: key ops in SGX enclave; LLM inference on AMD SEV / Intel TDX — same trust model, no EPC size limit.

Solana-native SGX DCAP / TDX Seeker TEEPIN On-chain attestation

Solana Seeker: Mobile TEE Meets Blockchain

Seed Vault Hardware

  • Dedicated secure enclave, isolated from Android OS and all apps
  • Private keys never leave the hardware module — biometric auth at silicon level
  • Tamper-resistant: no jailbreak path to keys, ever
  • 150,000+ units shipped Aug 2025 — hardware distribution already exists

TEEPIN Architecture

  • Guardians (Helius, Jito) validate device integrity independently
  • No Intel DCAP server as central authority — Solana-native attestation root
  • SKR token: Guardians stake to participate, aligned incentives
  • Cryptographic attestation: "this app, on this hardware, on this network"

VaultClaw: agent key in Seed Vault, attested by TEEPIN, billing on-chain. Non-Seeker users: cloud SGX/TDX, same cryptographic guarantees. Same model. Different hardware. No single point of trust.

Competitive Landscape

Project TEE Chain Gap vs VaultClaw
Phala Network Intel SGX Cosmos / Polkadot Not Solana-native. No mobile path. No TEEPIN. Centralized on Phala infra.
Secret Network Intel SGX Cosmos Privacy for smart contracts, not AI agent lifecycle. No Solana.
Turnkey AWS Nitro Multi-chain Key management only — no agent hosting, no mobile TEE, no on-chain attestation.
Oasis Sapphire Intel SGX Oasis (EVM) EVM-only. No Solana program model. No Seeker integration path.
Anjuna / Gramine SGX tools Enterprise SDK, not a protocol. No on-chain identity. No agent marketplace.
VaultClaw SGX + TDX + Seeker Solana Full stack: mobile TEE + cloud TEE + on-chain attestation registry + agent billing lifecycle

Unique position: the only project targeting Solana Seeker TEEPIN as mobile attestation root, with cloud TEE fallback and complete agent lifecycle on-chain.

Market & Founder

$15B Confidential Computing market 2025
$199B Agentic AI TAM by 2034
#1 Gartner Top 10 Strategic Tech 2026

Revenue Model

Margin on compute (SOL/h) + attestation premium: verified agents command higher rates than unverified ones — same dynamic as EV SSL certificates. Scale: marketplace take rate + Guardian coordination fees. Regulatory tailwind: MiCA, DORA, and GDPR Art.32 create compliance demand for "data in use" protection — TEE is the only technical answer.

Founder Fit

Web3 / Solana
Chorus One
Validator ops
ClawChain (Anchor)
AI / Infra
deepsense.ai
Platform engineering
GCP Architect, CKAD
Security
Telecom billing systems
Confidential compute research
SGX attestation design

Roadmap

Phase 1 — Foundation

  • Solana program (ClawChain fork)
  • SGX enclave agent runner
  • On-chain attestation registry
  • MRENCLAVE posted per deployment
  • Reproducible builds pipeline

Phase 2 — Seeker

  • Seeker Seed Vault integration
  • TEEPIN Guardian registration
  • Mobile-first agent UI
  • Agent-to-agent on-chain trust graph
  • SGX sealing for persistent state

Phase 3 — Network

  • Decentralized attestation market
  • Verified agent identity NFTs
  • Cross-agent hiring & payment
  • Compliance reports on-demand
  • Colosseum mainnet launch

Reproducible builds note: full attestation is only meaningful if anyone can rebuild the binary and get the same MRENCLAVE. We ship deterministic builds from day one — open source, auditable by design.

VaultClaw

AI agents that prove their own integrity.
Hardware-rooted trust, settled on Solana.
Not "trust the operator" — verify the hardware.

Prior work: github.com/xd-ventures/ClawChain

@ClawChain_0x — Maciej Sawicki

TEEPIN Intel SGX DCAP AMD SEV / TDX Anchor / Solana Seeker Seed Vault