# AxBLADE: Identity, Trusted Execution, and Accountability Infrastructure for the AI Agent Economy ### Whitepaper v0.1 | April 2026 > *"Sharp enough to act. Trusted enough to be accountable."* *锋利如刃,链生可信。* ## Table of Contents * [Abstract](#abstract) * [1. Introduction: The AI Accountability Crisis](#1-introduction-the-ai-accountability-crisis) * [2. Vision & Mission](#2-vision--mission) * [3. The AxBlade Architecture](#3-the-axblade-architecture) * [4. Core Protocols](#4-core-protocols) * [5. AI Behavior Operating System](#5-ai-behavior-operating-system) * [6. AI Credit System](#6-ai-credit-system) * [7. Technical Architecture](#7-technical-architecture) * [8. Application Scenarios](#8-application-scenarios) * [9. Market Opportunity](#9-market-opportunity) * [10. Competitive Landscape](#10-competitive-landscape) * [11. Roadmap](#11-roadmap) * [12. Risk & Mitigation](#12-risk--mitigation) * [Glossary](#glossary) * [References](#references) *** ## Abstract AI is no longer just a generative tool. It is becoming a system participant — processing multi-modal inputs, invoking tools, connecting devices, collaborating with other agents, and triggering outcomes in the real world. By 2030, the global AI Agent market is projected to reach $52.6 billion (CAGR 46.3%), while the robotics market will exceed $205.5 billion. Tens of billions of autonomous AI decisions will be made daily, affecting lives, assets, and rights — yet no unified infrastructure exists to verify these decisions, trace their origins, or hold AI systems accountable. AxBlade is the identity, trusted-execution, and accountability infrastructure for the AI Agent economy. Built on a purpose-designed ZK Rollup Layer 2 chain, it combines blockchain-native behavior recording, zero-knowledge proofs, and the Ethereum AI Agent identity standard (ERC-8004) to ensure that every AI decision is **recorded with evidence**, every AI dataset has **clear ownership**, and every AI entity is **held accountable**. The platform builds three parallel infrastructure pillars, with compliance capability natively embedded across all three: 1. **Identity & Accountability Infrastructure** — Unified identity, authorization, and accountability framework across human users, AI agents, models, and devices 2. **ZK Proof of Decision & Data Rights Infrastructure** — Privacy-preserving, verifiable records of AI behavior that enable audit trails, data ownership, and compliance proofs without exposing raw data 3. **Oracle & Trusted Data Infrastructure** — High-quality, verifiable, traceable data input layer for multi-modal AI systems 4. **Compliance-Native Layer** — Compliance is not a patch; it is embedded from day one across identity, execution, data, and accountability AxBlade delivers this through two core protocols (**Proof of Behavior** and **Proof of Decision**), a full-lifecycle product (**AI Behavior Operating System**), and a reputation framework (**AI Credit System**) — forming the governance infrastructure layer for the AI Agent economy. *** ## 1. Introduction: The AI Accountability Crisis ### 1.1 The Verification Gap We are at a historic inflection point: AI's decision-making capabilities have far outpaced its decision verifiability. This "verification gap" is becoming the largest institutional barrier to AI's large-scale adoption. | Dimension | Human Decisions | AI Decisions | Gap | | ----------------- | -------------------------------------- | ----------------------------------------------------- | ----------------------- | | Process | Interrogable, cross-examinable | Black box, opaque | Extreme | | Evidence Chain | Documents, meeting records, signatures | Model weights, activations, probability distributions | Fundamentally different | | Accountability | Clear decision-maker | Developer? Operator? Model itself? | Ambiguous | | Post-hoc Audit | Reconstructable, reproducible | Cannot reproduce after model updates | Severely lacking | | Legal Standing | Comprehensive evidence law | Nearly blank | Urgently needed | | Tamper Resistance | Physical evidence is hard to forge | Logs can be deleted, models can be swapped | High risk | ### 1.2 The Cost of Inaction Real-world AI safety incidents are accelerating. The AI Incident Database recorded 108 new incidents between November 2025 and January 2026. McKinsey reports that 64% of enterprises with revenue exceeding $1 billion have suffered losses over $1 million due to AI system failures. | Incident | Date | Type | Impact | | ------------------------------------------------------------------------------------------------- | ------- | ------------------ | -------------------------- | | Tesla Model 3 FSD veered off road, struck tree | 2025.03 | Autonomous Driving | Personal injury | | Waymo recalled 1,200+ Robotaxis (NHTSA investigated 7 collisions) | 2025.05 | Autonomous Driving | Mass recall | | U.S. autonomous driving incidents hit 112/month all-time high | 2025.11 | Autonomous Driving | Industry trust crisis | | Lawyer submitted AI-fabricated case citations to court | 2025.04 | AI Agent | Judicial integrity | | AWS AI coding assistant Kiro "deleted and rebuilt" production environment, causing 13-hour outage | 2025.12 | AI Agent | Infrastructure disruption | | Waymo autonomous vehicle struck child near Santa Monica school | 2026.01 | Autonomous Driving | AI Incident Database #1361 | ### 1.3 The Regulatory Acceleration Governments worldwide are responding with increasingly stringent AI governance requirements: | Regulation | Timeline | Key Requirement | | ----------------------------------------- | -------------- | --------------------------------------------------------------------------------- | | EU AI Act — Full Enforcement | August 2026 | All high-risk AI systems must be auditable; max fine €35M or 7% of global revenue | | China Network Security Law Amendment | January 2026 | AI explicitly incorporated into law; fines up to ¥50M or 5% of annual revenue | | China AI Safety Governance Framework V2.0 | September 2025 | AI system behavior auditability mandated | | U.S. White House AI Executive Order | December 2025 | Unified federal AI policy framework | | OWASP Agentic AI Top 10 | 2026 | First risk taxonomy for autonomous AI agents | | UN Global AV Safety Regulation | June 2026 | Global unified autonomous driving safety standard | | France AV Black Box Mandate | 2025 | All autonomous vehicles must carry behavior recorders | ### 1.4 Deconstructing the AI Decision Chain: Where Do Problems Arise? To understand the root of the accountability crisis, we must first understand how AI Agent decisions are made. Every AI Agent — whether an autonomous driving system, a surgical robot, or a DeFi trading bot — makes decisions driven by three upstream factors: ``` AI Agent Decision Chain Data Prompt (Instructions) Market data, sensors, User commands, system prompts, APIs, databases triggers, task descriptions | | +--------+--------------+---------------+ | v [ LLM / AI Engine ] <-- Model weights, version, parameters Inference -> Decision | v Output / Action Trade execution, robotic arm motion, content generation, API calls... ``` Every link in this decision chain has **verification blind spots** — and these blind spots are the root cause of AI losing control: | Decision Link | Verification Blind Spot | Out-of-Control Example | | ---------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------------------- | | **Data Input** | Was the data tampered with before going on-chain? Is the source trustworthy? | Fake price injection → AI trading bot instantly liquidated | | **Prompt/Instruction** | Who issued the instruction? How is the Agent's identity confirmed? | Prompt injection attack → Agent executes malicious operations | | **LLM Inference** | What happened inside the model? Can the decision be independently verified? | Model silently swapped → Decision logic changes undetected | | **Output/Action** | Does the execution result comply with rules? Was it authorized? | AI hiring tool → Produces systematic discrimination | From this, we naturally derive the **four questions every AI must answer** — each corresponding to a verification blind spot in the decision chain: | Decision Link | Question That Must Be Answered | Essence | | -------------------- | ---------------------------------------------- | ------------------- | | Prompt/Instruction → | **Who acts, and who is accountable?** | Identity question | | LLM Inference → | **What happened, and how can it be verified?** | Evidence question | | Data Input → | **Is the data trustworthy?** | Oracle question | | Output/Action → | **Does execution comply with rules?** | Compliance question | **The Reality Is Already Here** This is not a hypothetical future. Today, AI agents are autonomously completing cross-service payments via the x402 protocol, collaborating with other agents in real-time via A2A, and calling external tools and data sources via MCP. AI is no longer just answering questions — **it is spending money, signing contracts, and triggering real-world outcomes.** But when an agent-initiated transaction goes wrong, when two AIs collaborating produce a dispute, when a model accesses data it shouldn't have — no one knows who authorized it, no one can prove what happened, and no one can be held accountable. Without this infrastructure, AI cannot truly enter the most critical systems. AxBlade is built precisely to plant verifiability at every link in the AI decision chain — from data input to final action, the entire chain is traceable, provable, and attributable. *** ## 2. Vision & Mission ### 2.1 Mission Statement > Through blockchain and zero-knowledge proof technology, build an open, auditable, privacy-preserving, and compliance-native digital environment for AI — ensuring every AI decision is recorded with evidence, every AI dataset has clear ownership, and every AI entity is held accountable. ### 2.2 Vision *The future of AI is not isolated single-machine intelligence but a **networked intelligent collaboration system** composed of AI agents, human users, data sources, devices, and external systems. This network cannot run on model capability alone. It needs order — identity, boundaries, records, trusted data, and accountability mechanisms. AxBlade is building this order.* ### 2.3 Core Positioning AxBlade is not an AI company. AxBlade is the **identity, trusted-execution, and accountability infrastructure** for the AI Agent economy — analogous to what HTTPS is to internet security, what SWIFT is to financial transactions, or what the FAA black box mandate is to aviation safety. In high-responsibility, high-value scenarios, the question is never just "is AI powerful enough?" but: > Can it be identified? Can it be authorized? Can it be verified? Can it be audited? Can it be held accountable? Can it participate in collaboration while protecting privacy? Can it operate within rules and boundaries, and can this be proven? **30-Second Pitch:** > AI agents are autonomously paying via x402, collaborating in real-time via A2A, and calling external tools via MCP — AI is no longer just answering questions; it's spending money, signing contracts, and triggering real-world outcomes. But when AI errs, no one knows who authorized it, no one can prove what happened, and no one can be held accountable. AxBlade builds the identity, trusted-execution, and accountability infrastructure for the AI Agent economy — built on a purpose-designed ZK Rollup Layer 2 chain with consensus-level native integration of AI identity, behavior recording, and zero-knowledge compliance verification, ensuring every AI decision is recorded with evidence, every AI dataset has clear ownership, and every AI entity is held accountable. ### 2.4 Strategic Narrative Hierarchy AxBlade's narrative operates at four levels, from brand to protocol: ``` Brand Narrative: Identity, Trusted Execution, and Accountability Infrastructure for the AI Agent Economy | (Highest level — unified external positioning) | +-- Product Layer: AI Behavior Operating System | (Core product — full lifecycle AI behavior management) | | | +-- Module A: Behavior Recording & Tracing | | -> Proof of Decision Protocol | | | +-- Module B: Behavior Evaluation & Credit | -> AI Credit System | +-- Protocol Layer: Proof of Behavior + Proof of Decision (Bottom layer — open-source, standard-setting protocols) ``` *** ## 3. The AxBlade Architecture ### 3.1 Three Infrastructure Pillars AxBlade builds three parallel infrastructure pillars — with compliance capability natively embedded across all three — together answering the four fundamental questions of the AI decision chain: #### Pillar I: Identity & Accountability Infrastructure **Question answered:** *Who acts, and who is accountable?* Unified identity, authorization, and accountability framework for human users, AI agents, models, and devices. Clarifies who is acting, what they are authorized to do, and who is responsible for outcomes. Every identity persists across deployments, versions, and organizations — forming a permanent, portable accountability anchor. AxBlade L2 embeds 4 identity system contracts at the consensus layer (0x8017-0x801A), using the `did:ethr:axblade` identifier scheme to form a complete decentralized identity infrastructure: | Component | Function | Implementation | | --------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | | DIDRegistry (0x8017) | Unique on-chain identity for every AI/device | `did:ethr:axblade` identifiers + N-of-M social recovery | | CredentialRegistry (0x8018) | Verifiable Credential lifecycle management | VC issuance, verification, revocation | | IdentityVerifier (0x8019) | ZK proof distribution and compliance queries | Groth16 verification + selective disclosure + credit score integration | | EnterpriseIAM (0x801A) | Enterprise org, role, and permission management | Permission bitmaps + org structure trees | | ERC-8004 Integration | Interoperability with Ethereum AI Agent identity standard (45,000+ registered Agents) | L2 adapter layer + L1Messenger bidirectional sync | | Version Lineage | Track AI model version evolution | Model hash binding to DID | | Device DID Extension | Physical device fingerprinting and binding | IoT/robotics extension protocol | #### Pillar II: ZK Proof of Decision & Data Rights Infrastructure **Question answered:** *What happened, and how can it be verified while preserving privacy?* Privacy-preserving, verifiable records of AI behavior. Without exposing raw data, enables audit trails, data ownership, and compliance proofs — providing the verifiable behavior recording layer for the AI era. | Component | Function | Implementation | | ------------------------ | --------------------------------------------------- | ---------------------------------------------------------------- | | Behavior Hash Generation | Compress behavior data into verifiable fingerprints | SHA-256 + temporal fingerprint algorithm | | Merkle Tree Aggregation | Batch 1,024 behavior hashes into a single root | Sparse Merkle Tree | | ZK Proof Generation | Prove behavior compliance without exposing raw data | PLONK/FFLONK (behavior proofs) + Groth16 (identity verification) | | On-Chain Anchoring | Immutable evidence storage on AxBlade L2 | ZK Rollup L2 (Type 2.5 zkEVM) + L1 anchoring | | Off-Chain Storage | Encrypted raw data storage with on-demand retrieval | IPFS + encrypted sharding | #### Pillar III: Oracle & Trusted Data Infrastructure **Question answered:** *Is the data that AI relies on trustworthy, high-quality, and traceable?* High-quality, verifiable, traceable data input layer for multi-modal AI systems. Ensures AI decisions are built on a trusted foundation, not on polluted or unverifiable inputs. AxBlade solves this through a two-layer oracle architecture. **Physical World Data Pipeline (TEE-Secured Pipeline):** | Component | Function | Implementation | | ----------------------------- | ----------------------------------------------- | ------------------------------------ | | Edge TEE Nodes | Secure data processing at the device level | Intel SGX / ARM TrustZone / AMD SEV | | TEE Remote Attestation | Hardware-level proof of computation integrity | Remote attestation protocols | | Multi-Sensor Cross-Validation | Redundant verification across sensor modalities | LiDAR + Vision + IMU cross-reference | | Swarm Oracle (Future) | Byzantine fault-tolerant group verification | Multi-robot consensus | **On-Chain Native Oracle (OracleHub System Contract 0x8016):** | Component | Function | Implementation | | ---------------- | --------------------------------------------------- | ------------------------------------------------------------------ | | OracleHub | Multi-source price aggregation, deviation detection | Sequencer auto-injects synthetic L2 txs at the start of each batch | | Dual Data Source | Prevent single-source failure/manipulation | CoinGecko + Binance dual-source aggregation | | Emergency Pause | Automatic circuit breaker on anomalous prices | Deviation detection + Operator minimal permissions | The two-layer oracle architecture is complementary: the TEE-secured pipeline solves the trust problem for physical AI data before it goes on-chain, while the OracleHub system contract provides real-time trusted price benchmarks for the financial context of on-chain AI behavior. ### 3.2 Compliance-Native Design Compliance is not a patch. It is embedded from day one across identity, execution, data, and accountability — giving every AI system inherent governability: ``` Compliance-Native Layer [EU AI Act] [China AI Governance [U.S. State Laws] Framework] | | | +-----------------+--------------------+ | v [ Compliance Mapping Engine ] | +------------+------------+ | | | v v v Pillar I Pillar II Pillar III Identity ZK PoD Oracle ``` **Regulatory Coverage:** | Jurisdiction | Key Regulation | AxBlade Compliance Support | | ------------ | --------------------------------------------- | ------------------------------------------------------------ | | EU | AI Act (August 2026 full enforcement) | BehaviorSpec templates covering all high-risk requirements | | EU | GDPR | On-chain stores only hashes; raw data deletable | | China | Network Security Law Amendment (January 2026) | Consortium chain deployment; data localization | | China | AI Safety Governance Framework V2.0 | Behavior auditability module | | U.S. | Illinois AI Hiring Bias Law (January 2026) | Anti-discrimination verification proofs | | U.S. | Colorado AI Act (June 2026) | Algorithmic fairness monitoring | | Global | UNECE DSSAD | Autonomous driving behavior recording standard compatibility | *** ## 4. Core Protocols ### 4.1 Proof of Behavior (PoB) Proof of Behavior is AxBlade's foundational protocol — analogous to Proof of Work or Proof of Stake, but proving AI **behavioral compliance** rather than computational work or economic stake. **Protocol Components** | Component | Description | | ----------------------- | ------------------------------------------------------------------------------------------------------- | | **Behavior Hash** | Cryptographic hash of behavior data including timestamp, device ID, action type, parameters, and result | | **TEE Attestation** | Hardware-level proof generated by Trusted Execution Environment, ensuring behavior data integrity | | **ZK Proof** | Zero-knowledge proof demonstrating behavior conforms to specification without revealing raw data | | **Merkle Root** | Aggregated root of batched behavior hashes for on-chain anchoring | | **Validator Signature** | Verification node's cryptographic confirmation | **Protocol Flow** ``` AI Device / Agent Behavior | v TEE Environment Captures Behavior Data -> Generate Behavior Hash: hash = SHA256(timestamp | device_id | action | params | result) -> Generate TEE Remote Attestation Report | v Local Merkle Tree Aggregation -> Collect 1,024 Behavior Hashes -> Build Merkle Tree, Compute Merkle Root | v ZK Proof Generation -> Prove: all behaviors conform to BehaviorSpec -> Prove: Merkle Root correctly constructed -> Conceal: raw behavior data | v L2 Submission -> Submit (Merkle Root, ZK Proof, TEE Attestation) to AxBlade L2 -> L2 verifies ZK Proof and TEE Attestation | v L1 Anchoring (ZK Rollup) -> L2 State Root + PLONK Proof submitted to Ethereum Mainnet -> L1 Verification Contract verifies PLONK Proof -> Mathematical-grade finality (1-24h) | v Evidence Queryable -> Anyone can verify specific behavior existence via Merkle Proof -> Raw data retrievable from IPFS on-demand (access-controlled) ``` **Unified Physical-Digital Framework** PoB uses adapter modules to unify behavior recording across physical and digital AI: ``` PoB Unified Protocol | +------------+------------+ | | Physical AI Black Box Digital AI Black Box - Sensor data - API call logs - Motor commands - Inference logs - Env feedback - Tool usage - Collision data - Permission ops | | PoB-Physical Adapter PoB-Digital Adapter | | +------------+------------+ | PoB Core Engine -> Unified behavior record -> Merkle Tree construction -> Identity binding -> Verification proofs | L2 + Consortium Chain (Dual-track infrastructure) ``` ### 4.2 Proof of Decision (PoD) Proof of Decision extends PoB from behavior-level recording to **decision-level tracing**. While PoB answers "what did the AI do?", PoD answers "why did the AI decide this?" **Decision Receipt** The Decision Receipt is PoD's core primitive — a structured, immutable, cryptographically signed data object recording a complete AI decision context. ``` DecisionReceipt { // — Identity Layer — receipt_id: bytes32 // Globally unique receipt ID agent_id: ERC-8004 ID // AI Agent's on-chain identity model_hash: bytes32 // SHA-256 hash of model weights model_version: string // Model version identifier // — Input Layer — input_snapshot: bytes32 // Merkle root of input data input_schema: string // Input data format descriptor context_hash: bytes32 // Hash of context/system prompt // — Inference Layer — inference_proof: bytes // zkML proof or TEE attestation cot_hash: bytes32 // Hash of Chain-of-Thought output (auxiliary) confidence_score: uint256 // Model confidence (0-10000) // — Output Layer — decision_hash: bytes32 // Hash of decision output decision_type: enum // Decision type classification decision_metadata: bytes // Flexible extension metadata // — Signature Layer — tee_attestation: bytes // TEE remote attestation timestamp: uint256 // On-chain timestamp signature: bytes65 // Agent's ECDSA signature // — Association Layer — parent_receipt: bytes32 // Upstream decision's receipt_id child_receipts: bytes32[] // Downstream decisions' receipt_ids } ``` **Four-Step Decision Tracing Chain** | Step | Function | Key Mechanism | | -------------------------- | ----------------------------------------------- | -------------------------------------------------------------- | | **1. Input Snapshot** | Capture all inputs at the moment of reception | Merkle tree of input fields; perceptual hash for images | | **2. Inference Log** | Record and prove the computation process | TEE attestation or zkML proof; CoT hash as auxiliary reference | | **3. Output Signature** | Cryptographically sign the decision immediately | ERC-8004 key pair + TEE hardware proof + timestamp | | **4. Result Verification** | Compare actual results with expected outcomes | Immediate, delayed, comparative, and statistical verification | **Why Verifiability Over Explainability** Anthropic's Alignment Science Team research (April 2025) revealed that AI Chain-of-Thought outputs are "fragile" — models faithfully report their actual reasoning in only 25-39% of cases, and acknowledge exploitative behavior in less than 2% of their CoT outputs. | Approach | Reliability | PoD's Position | | ----------------------------- | --------------------- | ---------------------------------------------------- | | CoT Self-Report | Low (25-39% faithful) | Auxiliary reference only, never primary evidence | | Output Consistency Check | Medium | Combined with input snapshot for causal verification | | Mechanistic Interpretability | High but limited | Long-term research roadmap | | Cryptographic Inference Proof | High | Primary: zkML proofs | | Hardware Environment Proof | High | Primary: TEE remote attestation | **PoD's philosophical position:** We don't rely on AI "telling us what it thinks." Instead, we **independently prove what AI did** through cryptography and hardware — shifting the paradigm from Explainability to **Verifiability**. **Cross-Agent Decision Chain** In multi-agent systems, PoD tracks decision causality across agent boundaries: ``` Agent A (Data Collection) +-- Decision Receipt #1 (Raw data curation) +-- Agent B (Risk Analysis) +-- Decision Receipt #2 (Risk assessment) [parent: #1] +-- Agent C (Strategy Generation) +-- Decision Receipt #3 (Trading strategy) [parent: #2] +-- Agent D (Execution) +-- Decision Receipt #4 (Trade execution) [parent: #3] +-- Result Verification +-- Decision Receipt #5 [parent: #4] ``` Each agent independently signs its receipt. Responsibility is precisely divisible. Anomalies are locatable by comparing adjacent receipts. *** ## 5. AI Behavior Operating System ### 5.1 Concept The AI Behavior Operating System is AxBlade's core product — a full-lifecycle behavior management platform for all AI systems (physical devices + digital agents). It is not a passive "black box" recorder but an active behavior management operating system. **Core Narrative:** *Every AI needs an operating system for its behavior.* Just as Android/iOS defines behavior norms and application boundaries for mobile devices, the AI Behavior Operating System defines behavior specifications, monitoring mechanisms, and audit interfaces for AI systems. We don't control what AI does, but we ensure: Every AI behavior is **Defined** (BehaviorSpec DSL) Every AI behavior is **Monitored** (Real-time multi-modal sensing) Every AI behavior is **Evidenced** (PoB on-chain proof) Every AI behavior is **Analyzed** (Pattern recognition + anomaly detection) Every AI behavior is **Corrected** (Automated policy enforcement) ### 5.2 Five-Layer Architecture ``` +------------------------------------------------------+ | Layer 5: Behavior Execution | | Policy Engine / Auto-Correction / Permissions / | | Circuit Breaker / Notification Center | +------------------------------------------------------+ | Layer 4: Behavior Analysis | | Pattern Recognition / Anomaly Detection / | | Predictive Models / Compliance Scoring | +------------------------------------------------------+ | Layer 3: Behavior Ledger | | On-Chain Evidence / Merkle Tree / Proof of Behavior | +------------------------------------------------------+ | Layer 2: Behavior Monitor | | Real-Time Collection / Multi-Modal Sensing / | | Edge Computing / TEE | +------------------------------------------------------+ | Layer 1: Behavior Definition | | BehaviorSpec DSL / Templates / Compliance Rules / | | Permission Trees | +------------------------------------------------------+ ``` **Layer 1: Behavior Definition** Declaratively define what AI is allowed and prohibited from doing using the BehaviorSpec DSL: ```yaml behavior_spec: name: "autonomous_driving_v3" version: "3.2.1" compliance: ["ISO_21448", "EU_AI_Act_HighRisk"] permissions: - action: "lane_change" conditions: - "speed < 120km/h" - "safe_distance > 3s" - "blind_spot_clear = true" risk_level: "medium" - action: "emergency_brake" conditions: - "ttc < 2s" risk_level: "critical" auto_log: true chain_record: true prohibitions: - action: "exceed_speed_limit" enforcement: "hard_block" - action: "ignore_traffic_signal" enforcement: "hard_block" monitoring: frequency: "100ms" modalities: ["lidar", "camera", "radar", "imu"] anomaly_threshold: 0.85 ``` **Layer 2: Behavior Monitor** | Component | Function | Key Metric | | ------------------------------ | -------------------------------------------- | --------------------------------- | | Multi-Modal Collector | Capture sensor, log, and API call data | Latency <10ms, packet loss <0.01% | | Edge TEE Node | Secure processing of sensitive behavior data | Intel SGX / ARM TrustZone | | Real-Time Stream Processor | Behavior data stream analysis | Throughput >100K events/s | | Behavior Fingerprint Generator | Compress behavior data into hashes | SHA-256 + temporal fingerprint | | Health Probe | Monitor AI system's own health state | 1s heartbeat, timeout alerting | **Layer 3: Behavior Ledger** The on-chain evidence layer, implementing the Proof of Behavior protocol. Behavior hashes are aggregated into Merkle Trees (1,024 per batch), with only the Merkle Root submitted to the AxBlade L2 (ZK Rollup). Original data is stored off-chain with encrypted sharding on IPFS. L2 state changes are ultimately anchored to Ethereum mainnet via ZK proofs, inheriting Ethereum's security guarantees. **Layer 4: Behavior Analysis** | Component | Algorithm/Model | | ---------------------------- | ------------------------------------------- | | Behavior Pattern Recognition | Temporal clustering + Graph Neural Networks | | Anomaly Detection Engine | Isolation Forest + Transformer | | Predictive Analysis | LSTM + Causal inference models | | Compliance Scoring System | Multi-dimensional scoring matrix (0-100) | | Behavior Report Generation | Template engine + NLG | **Layer 5: Behavior Execution** | Component | Execution Strategy | | --------------------- | ------------------------------------------------------------- | | Policy Engine | Rule engine + RL optimization | | Auto-Correction | Soft correction (suggestions) / Hard correction (enforcement) | | Permission Adjustment | Progressive permission escalation/de-escalation | | Circuit Breaker | Three-level: Warning → Restriction → Stop | | Notification Center | Multi-channel push (API/Webhook/Email) | ### 5.3 Multi-Modal Behavior Collection | Modality | Data Type | Collection Method | Applicable Scenario | | -------- | --------------------------------------------------------- | ------------------------------- | ---------------------------------- | | Motion | Position, velocity, acceleration, trajectory | IMU + GPS + encoders | Autonomous driving, robotics | | Visual | Gaze point, object detection, scene understanding | Camera + vision models | Surgical robots, security | | Force | Contact force, torque, pressure | Force sensors | Surgical robots, industrial robots | | Language | Dialogue content, command parsing, response generation | NLP pipeline | AI Agents, AI customer service | | Decision | Reasoning chain, strategy selection, parameter adjustment | Model introspection + API hooks | Financial AI, AI Agents | | Network | API calls, data access, network communication | Network probes + logs | Digital AI systems | | Energy | Power, current, temperature | Electrical sensors | Physical devices | | Social | Interaction frequency, collaboration patterns | Communication logs | Multi-Agent systems | *** ## 6. AI Credit System ### 6.1 Vision: FICO for AI The human financial system spent nearly a century building credit infrastructure — from Equifax (1899) to FICO scores (1956) to China's Sesame Credit (2015). The core logic: in a world of information asymmetry, reduce trust costs through quantifiable, verifiable historical behavior records. AI is at a parallel historic inflection point. When an AI Agent must complete a task — driving a car, diagnosing a disease, executing a trade, operating a robot — who proves it "trustworthy"? On what basis? With what evidence? Humans have FICO. AI has nothing. Until now. ### 6.2 Five-Dimension Scoring Model (CSDRT) AI credit is not a single number but a **multi-dimensional behavioral profile** across five dimensions: ``` AI Credit Score (0-1000) | +--------+--------+--------+--------+ | | | | | C(25%) S(30%) R(20%) D(15%) T(10%) Capability Safety Regulatory Depend- Trans- ability parency ``` | Dimension | Weight | Sub-Metrics | Data Sources | | --------------------- | ------ | -------------------------------------------------------------------------------------- | --------------------------------------------------------- | | **Capability (C)** | 25% | Task success rate, benchmark scores, capability boundaries, version evolution | Benchmark tests, production logs, A/B tests | | **Safety (S)** | 30% | Incident count, vulnerability records, attack resilience, red team test results | Incident reports, security audits, penetration tests | | **Regulatory (R)** | 20% | Regulatory compliance, data handling compliance, certification status, audit pass rate | Regulatory reports, third-party audits, certifying bodies | | **Dependability (D)** | 15% | Uptime, failure frequency, consistency, SLA achievement rate | Operations logs, performance monitoring, user feedback | | **Transparency (T)** | 10% | Explainability, data provenance, decision auditability, documentation completeness | Model Cards, source audits, data lineage | **Credit Grade Mapping:** | Grade | Score Range | FICO Analogy | Meaning | | ----------- | ----------- | ------------ | ------------------------------------------------------------ | | AAA | 900-1000 | 750-850 | Excellent: Suitable for critical, high-risk scenarios | | AA | 800-899 | 700-749 | Very Good: Suitable for most commercial applications | | A | 700-799 | 650-699 | Good: Standard commercial use, periodic monitoring required | | BBB | 600-699 | 600-649 | Adequate: Restricted use, enhanced monitoring required | | BB | 500-599 | 550-599 | Below Average: Low-risk scenarios only, remediation required | | B | 400-499 | 500-549 | Poor: Not recommended for commercial deployment | | CCC & below | <400 | <500 | Very Poor: Should be prohibited from deployment | ### 6.3 Scoring Engine Architecture **Key Design Decisions:** | Design Element | Decision | Rationale | | ------------------- | ------------------------------------------------ | ---------------------------------------------------------------------- | | Time Decay | Exponential decay, half-life 6 months | AI iterates fast; old version behavior has diminishing reference value | | Version Inheritance | New version inherits 50% of old version's credit | Prevents credit-washing through frequent version changes | | Scenario Weighting | High-risk scenarios weighted 3x | One medical/driving incident is far more severe than a chatbot error | | Negative Events | Penalty multiplier 2-5x | Safety incidents outweigh normal operation accumulation | | Cold Start | Initial score based on benchmark tests | Solves the no-history problem for new agents | | Dispute Resolution | On-chain appeals + arbitration committee | Analogous to human credit dispute processes | ### 6.4 ZK Credit Proofs A critical innovation: zero-knowledge credit proofs allow an AI system to prove its credit exceeds a threshold **without revealing the actual score or underlying data**. **Use Case:** An AI surgical assistant needs to prove it meets the minimum safety standard (Safety Score >= 800) for deployment in a hospital, without disclosing its full credit history, incident details, or proprietary training data. ``` Prover (AI System Owner) Verifier (Hospital) | | | ZK Proof: "Safety Score >= 800" | |---------------------------------->| | | | Verify: TRUE | | (No score, no details, | | no raw data revealed) | | | ``` ### 6.5 Application Scenarios | Scenario | Description | Market Size | | ---------------------- | -------------------------------------------------------------------- | ---------------------------------- | | Consumer Pre-Purchase | "Carfax for AI" — check AI credit before buying autonomous vehicles | $1-2.5B (AV segment alone) | | Enterprise Deployment | Evaluate AI Copilot/Agent credit before enterprise-wide rollout | $20B (1% of enterprise AI spend) | | Insurance Pricing | AI credit data as actuarial basis for robot/AI insurance premiums | $75B by 2034 (AI insurance market) | | DeFi Bot Verification | On-chain credit badges for AI trading bots | DeFi TVL $150B+ | | Medical AI Evaluation | Hospital procurement decisions based on AI diagnostic system credit | $5-10B | | Agent-to-Agent Trust | Automated trust establishment in multi-agent systems | Core infrastructure need | | Regulatory Compliance | Continuous compliance monitoring and automated audit reports | $5B+ by 2027 | | Government Procurement | AI credit reports as mandatory evaluation criteria in public tenders | $50B+ government AI procurement | *** ## 7. Technical Architecture ### 7.1 AxBlade L2 — A ZK Rollup AI Governance Chain AxBlade operates on an Ethereum ZK Rollup Layer 2 purpose-built for AI governance. The underlying engine is based on a production-proven open-source ZK Rollup implementation (Apache 2.0), on top of which AxBlade layers differentiated AI-governance-native extensions. **Why ZK Rollup over Optimistic Rollup:** ZK Rollups provide mathematical guarantees of state transition correctness via zero-knowledge proofs, with 1-24 hour hard finality (vs. 7-day challenge windows for Optimistic Rollups). This is a natural fit for AI behavior records, which require immutability and fast confirmation. **Core Specifications** | Parameter | Specification | Notes | | ----------------- | ------------------------------------------ | --------------------------------------------------------------------- | | Architecture | ZK Rollup (Type 2.5 zkEVM) | High EVM compatibility; only a handful of gas-metering opcodes differ | | Proof System | PLONK / FFLONK | Small proofs, fast verification, general-purpose | | Chain ID | 271 | — | | EVM Compatibility | 99%+ | Seamless migration for Solidity 0.8+ contracts | | TPS | 10,000 (Phase 1) | Meets large-scale behavior recording demand | | Transaction Cost | \~$0.0001/tx | Merkle batching reduces per-behavior cost | | Soft Finality | 1-2 seconds | Sequencer confirmation | | Hard Finality | 1-24 hours | After L1 ZK proof verification | | Data Availability | On-chain DA (Ethereum) | Inherits Ethereum's data availability guarantees | | System Contracts | 5 custom + 40 native | Native AI governance infrastructure | | Test Coverage | 521 tests (Solidity + Rust + SDK + circom) | Multi-layer test assurance | **Architectural Customization: Zero-Coupling Extension** AxBlade L2's differentiation lies not in the underlying ZK engine but in the **AI governance infrastructure natively integrated at the consensus layer**. Custom modules run in a sidecar pattern that does not modify the core engine, minimizing upgrade conflict risk. **Consensus-Layer Customizations:** | Module | Customization | Technical Approach | | ------------ | ------------------------------------ | ----------------------------------------------------------------------- | | State Keeper | Automatic Oracle price injection | Operator TX mode (synthetic L2 txs injected at the start of each batch) | | Bootloader | System contract address registration | 5 custom addresses 0x8016-0x801A | | Wiring Layer | Price aggregation service | CoinGecko + Binance dual source + PriceAggregator | | Wiring Layer | Credit scoring service | CreditScoreService + 5-factor weighted scoring | | Wiring Layer | Bridge monitoring service | SettlementMonitor + automatic LP settlement | **Five Native System Contracts** Beyond the 40 native system contracts, AxBlade adds 5 AI-governance-specific contracts that any dApp can call without separate deployment: | Address | Contract | Function | AI Governance Role | | ------- | ---------------------- | --------------------------------------------------------------------------------------------- | ---------------------------------------- | | 0x8016 | **OracleHub** | Multi-source price aggregation, deviation detection, operator access control, emergency pause | Trusted data infrastructure | | 0x8017 | **DIDRegistry** | `did:ethr:axblade` identifiers, delegate management, N-of-M social recovery | Identity & accountability infrastructure | | 0x8018 | **CredentialRegistry** | Verifiable Credential (VC) lifecycle: issuance, verification, revocation | Behavior credential management | | 0x8019 | **IdentityVerifier** | ZK proof verification, compliance queries, selective disclosure, credit-score integration | Privacy-preserving compliance | | 0x801A | **EnterpriseIAM** | Enterprise org structure, role management, permission bitmaps | Enterprise-grade access control | **Native Oracle — Zero-Cost Real-Time Pricing:** | Metric | AxBlade L2 | Chainlink L1 | Pyth | | ----------- | ---------------- | -------------------------- | ---------------- | | Latency | <100ms | 5-30s | 400ms | | Cost | $0.001 | $10-50 | $0.01 | | Integration | Native view call | Requires consumer contract | Requires pull tx | OracleHub runs as a system contract inside the L2 kernel; the Sequencer injects prices at the head of every batch. dApps call `getLatestPrice()` as if reading a storage slot — zero gas overhead. **LP Fast Bridge — One-Hour Withdrawal:** A common ZK Rollup pain point is slow withdrawals (1-24h for proofs to land on L1). AxBlade L2 includes FastWithdrawalPoolV2: LPs advance funds on L1 instantly, users receive assets in under an hour; once the proof lands, the contract performs trustless settlement using native Merkle proofs and LPs automatically recover principal. No third-party trust required — anyone may submit the proof to trigger settlement. **Architecture Overview** ``` User / dApp / AI Agent | v =============== AxBlade L2 ================ System Contract Layer (AI-Governance-Native Infrastructure) +-- OracleHub (0x8016) <- Sequencer price injection +-- DIDRegistry (0x8017) +-- CredentialRegistry (0x8018) +-- IdentityVerifier (0x8019) +-- EnterpriseIAM (0x801A) Application Contract Layer +-- PoB Behavior Record Contract +-- PoD Decision Receipt Contract +-- AI Credit Scoring Contract +-- FastWithdrawalPoolV2 (LP Fast Bridge) Rust Service Layer +-- oracle-wiring (price aggregation + API sources) +-- bridge-enhancer (LP auto-settlement monitor) +-- credit-score (weighted credit scoring) zkEVM + State Keeper + Merkle Tree ================================================ | Batch + ZK Proof v Ethereum L1 (Mainnet) ``` **Positioning vs. Major L2s** | Capability | AxBlade L2 | zkSync Era | Arbitrum | Base | | --------------------- | ----------------------------- | ---------- | ---------- | ---------- | | Type | ZK Rollup | ZK Rollup | Optimistic | Optimistic | | Native Oracle | ✅ | ❌ | ❌ | ❌ | | Native DID | ✅ | ❌ | ❌ | ❌ | | LP Fast Bridge | ✅ | ❌ | ❌ | ❌ | | AI Behavior Recording | ✅ Built-in | ❌ | ❌ | ❌ | | Withdrawal Time | <1h (fast) | 1-24h | 7 days | 7 days | | Oracle Cost | $0.001 | 3rd-party | 3rd-party | 3rd-party | | Enterprise Compliance | ZK KYC | ❌ | ❌ | ❌ | | Positioning | AI Governance + Institutional | General | General | Consumer | ### 7.2 TEE + ZK Hybrid Architecture AxBlade's security model combines hardware trust (TEE) with mathematical trust (ZK) in a defense-in-depth architecture: | Layer | TEE Responsibility | ZK Responsibility | Combined Effect | | --------------------- | -------------------------------------- | --------------------------------------- | -------------------------------------- | | Data Collection | Secure raw data capture within Enclave | — | Trusted data source | | Data Processing | Behavior analysis within Enclave | — | Process cannot be observed or tampered | | Proof Generation | Generate TEE Attestation | Generate behavioral compliance ZK Proof | Dual proof | | On-Chain Verification | Attestation verification (lightweight) | ZK Proof verification (on-chain) | Complete verifiability | | Privacy Protection | Runtime data protection | Verification-time data protection | Full-pipeline privacy | **Why Hybrid?** | Approach | Pros | Cons | Role in AxBlade | | ------------- | ----------------------------------------------------- | -------------------------------------------------------------------- | ------------------------- | | Pure TEE | High performance, real-time | Depends on hardware trust root (Intel ME historical vulnerabilities) | Edge real-time processing | | Pure ZK | Mathematical-grade security, no hardware trust needed | Slow proof generation; not feasible for large models | On-chain verification | | TEE+ZK Hybrid | Balances performance and security | Higher architectural complexity | Full-scenario coverage | **Fallback Guarantee:** If TEE is compromised, ZK proofs remain mathematically valid. If ZK proof generation is too slow for a scenario, TEE attestation provides interim coverage. **ZK Identity Circuits** AxBlade L2 ships with 6 Groth16 ZK circuits (EdDSA signatures on the Baby Jubjub curve), each with its own Verifier contract deployed on L2: | Circuit | Type ID | Constraint Count | Purpose | | ----------------------- | ------- | ---------------- | ------------------------------------------------------------------------------------------ | | KYCComplianceProof | 0 | \~7,800 | KYC compliance — prove "KYC-verified" without revealing personal information | | CreditScoreProof | 1 | \~7,800 | Credit proof — prove "credit >= threshold" without revealing the score | | EnterpriseIdentityProof | 2 | \~2,900 | Enterprise identity — prove "belongs to org X" without exposing org structure | | AgeProof | 3 | — | Age verification — prove "age >= 18" without revealing birthdate | | IncomeProof | 4 | — | Income verification — prove "income within range" without revealing the exact amount | | RegionProof | 5 | — | Region verification — prove "in compliant jurisdiction" without revealing precise location | A DeFi contract calls `IdentityVerifier.checkCompliance(user, "KYC")` to check whether a user is compliant — while remaining blind to birthdate, nationality, income, or any raw attribute. **Three-Tier Disclosure Architecture: Balancing ZK Privacy and Regulatory Penetration** AxBlade's DID system implements a three-tier disclosure architecture, resolving the tension between "contracts only see pass/fail" and regulators' need to penetrate the veil when required: **Tier 1: Daily Transactions — ZK Selective Disclosure** Users locally generate a Groth16 proof (e.g., "age >= 18"); IdentityVerifier validates the proof and sets a compliance flag. Contracts and the public never see the underlying data. **Tier 2: Regulatory Audit — Authorized Penetration** Raw Verifiable Credentials are kept off-chain; regulators lawfully compel users to disclose them (aligned with traditional KYC practice). The audit trail is permanently on-chain: who verified what, when, issued by whom. Compliance-status changes are synchronized to L1 via L1Messenger. **Tier 3: Extreme Scenarios — Emergency Keys** Shamir secret sharing (5 shares / 3-reconstruct), held by the project, an auditor, a regulator, and a court. Every use is logged on-chain to prevent abuse. **Core thesis: ZK is more GDPR-compliant than "full transparency."** GDPR Article 5 mandates data minimisation; publishing raw personal data on a public ledger actually violates GDPR. ZK proofs are the only technology that simultaneously satisfies "minimisation" and "verifiability." **Industry references:** Polygon ID (adopted by European banks), zkPass (approved by MAS sandbox in Singapore), JP Morgan Onyx (MAS Project Guardian pilot). **Regulatory acceptance snapshot:** | Jurisdiction | Policy Stance | | -------------- | --------------------------------------------------------------------------------- | | EU MiCA (2024) | Permits "technical means to satisfy KYC"; does not mandate on-chain raw data | | FATF 2024 | Recognizes "privacy-preserving compliance"; requires "competent authority access" | | Singapore MAS | JP Morgan + DBS running live ZK DeFi compliance pilots (Project Guardian) | | Hong Kong HKMA | DID/VC framework encourages verifiable credentials for financial KYC | | U.S. SEC | Most conservative; not explicitly prohibited but requires case-by-case review | ### 7.3 Merkle Tree Batch On-Chain The key to making large-scale behavior recording economically feasible: | Parameter | Default | Configurable Range | | ------------------ | --------------------------------------- | ------------------ | | Batch Size | 1,024 | 256-4,096 | | Aggregation Period | 60s | 10s-3600s | | Trigger Condition | Batch full OR timeout OR critical event | Configurable | | Compression Ratio | 1,024:1 | — | | On-Chain Cost | \~$0.10/batch (L2) | \~$0.0001/behavior | **Cost Comparison:** | Approach | Per-Behavior Cost | 1M Behaviors/Day | Annual Cost | | ------------------------------- | ----------------- | ---------------- | ----------- | | Direct L1 | \~$5.00 | $5,000,000 | $1.825B | | Direct L2 | \~$0.05 | $50,000 | $18.25M | | Merkle Tree + L2 | \~$0.0001 | $100 | $36.5K | | Merkle Tree + L2 + L1 Anchoring | \~$0.0005 | $500 | $182.5K | Through Merkle Tree batch aggregation, on-chain behavior recording costs are reduced by **five orders of magnitude**, making massive-scale deployment economically viable. ### 7.4 ERC-8004 Integration: AxBlade as the Infrastructure Layer of the AI Agent Trust Ecosystem **ERC-8004 Standard Overview** ERC-8004 is the Ethereum AI Agent identity-and-trust standard, jointly proposed by MetaMask (Marco De Rossi), the Ethereum Foundation (Davide Crapis), Google (Jordan Ellis), and Coinbase (Erik Reppel). It went live on Ethereum mainnet on January 29, 2026, and already has over 45,000 registered Agents. ERC-8004 defines three on-chain registries: | Registry | Function | Trust Model | | ----------------------- | --------------------------------------------------------------- | -------------------------------------------------------- | | **Identity Registry** | ERC-721 Agent identity + agentURI (pointing to Agent Card JSON) | Portable, censorship-resistant on-chain identity | | **Reputation Registry** | Standardized feedback submission, queries, and aggregation | feedback + tag classification + on/off-chain aggregation | | **Validation Registry** | Independent third-party validation request/response | Supports zkML proofs, TEE oracles, stake-and-re-execute | **Architectural Mapping: AxBlade System Contracts <-> ERC-8004 Three Registries** ERC-8004 solves a **standard-interface** problem — it gives AI Agents an identity slot, a reputation framework, and a validation hook. But the standard itself does not provide the substance: where does the behavioral data come from? What is the underlying credit model? What technology actually performs the validation? **AxBlade is the "Content Layer" of the ERC-8004 ecosystem** — providing the actual behavior records, credit assessment, and ZK verification capabilities: | ERC-8004 Registry | Problem It Solves | AxBlade's Contribution | Corresponding System Contract | | ------------------- | ------------------------------------------- | ----------------------------------------------------------------------------------------------------- | -------------------------------------------------- | | Identity Registry | AI Agent on-chain identity | `did:ethr:axblade` identity + physical device DIDs + Verifiable Credentials | DIDRegistry (0x8017) + CredentialRegistry (0x8018) | | Reputation Registry | AI Agent reputation evaluation | CSDRT five-dimension credit scoring (Capability / Safety / Regulatory / Dependability / Transparency) | AI Credit System | | Validation Registry | Independent validation of AI Agent behavior | PoB behavior proofs + PoD decision traces + TEE+ZK hybrid verification | IdentityVerifier (0x8019) + PoB Contract | **Analogy:** ERC-8004 is the "ID-card standard" (defining format and verification interfaces); AxBlade is the "public-security system + credit bureau" (providing the actual checks, records, and evaluations). The ID-card standard needs the public-security system to have substantive content; the public-security system needs the ID-card standard for cross-institutional interoperability. **L2-Native Identity System** AxBlade L2 embeds 4 identity system contracts at the consensus layer: ``` DIDRegistry (0x8017 -- on-chain registry) +-- createDID() // Create a did:ethr:axblade identity +-- updateDIDDocument() // Update the DID document +-- resolveDID() // Resolve a DID +-- addDelegate() // Add a delegate +-- socialRecovery() // N-of-M social recovery CredentialRegistry (0x8018 -- credential registry) +-- issueCredential() // Issue a Verifiable Credential +-- verifyCredential() // Verify a credential +-- revokeCredential() // Revoke a credential +-- checkRevocation() // Check revocation status IdentityVerifier (0x8019 -- identity verifier) +-- verifyZKProof() // Verify Groth16 ZK proof (6 circuits) +-- checkCompliance() // Query compliance status +-- selectiveDisclose() // Selective disclosure EnterpriseIAM (0x801A -- enterprise identity management) +-- createOrg() // Create organization +-- assignRole() // Assign role +-- checkPermission() // Query permission bitmap ``` **L1-L2 Bidirectional Sync** Using the existing L1Messenger and Bridgehub, AxBlade L2 achieves bidirectional synchronization with ERC-8004 registries on Ethereum L1: ``` AxBlade L2 (Behavior Verification Layer) +-- DIDRegistry (0x8017) --- internal identity management +-- IdentityVerifier (0x8019) --- ZK verification engine +-- AI Credit Scoring Contract --- CSDRT computation | +-- ERC-8004 Adapter (adapter layer) +-- DIDRegistry -> ERC-8004 Identity Registry +-- CSDRT Score -> ERC-8004 Reputation Registry +-- PoB Proof -> ERC-8004 Validation Registry | | L1Messenger + DIDFacet (already implemented) v Ethereum L1 (ERC-8004 Ecosystem) +-- ERC-8004 Standard Registries (45,000+ registered Agents) +-- Identity Registry -> AxBlade-managed AI identities +-- Reputation Registry -> CSDRT credit scores +-- Validation Registry -> PoB behavior validation requests ``` **Extended Agent Card:** ERC-8004's agentURI points to a standard Agent Card JSON. AxBlade extends the standard fields with AxBlade-specific entries: ```json { "type": "https://eips.ethereum.org/EIPS/eip-8004#registration-v1", "name": "surgical-assistant-v3", "description": "AI-powered surgical navigation assistant", "services": [ { "name": "A2A", "endpoint": "https://agent.example/a2a" }, { "name": "MCP", "endpoint": "https://agent.example/mcp" } ], "supportedTrust": ["reputation", "tee-attestation"], "axblade": { "did": "did:ethr:axblade:0x1234...", "csdrtScore": 875, "csdrtGrade": "AA", "pobStatus": "verified", "behaviorSpec": "surgical_navigation_v3", "zkComplianceEndpoint": "https://axblade.io/verify/..." } } ``` **AxBlade extends ERC-8004 from digital Agents to physical AI:** ERC-8004 is natively designed for on-chain AI Agents; AxBlade extends the protocol via device DIDs to cover physical robots and IoT devices: | Dimension | ERC-8004 Native | AxBlade Extension | | ----------------- | ---------------------------- | --------------------------------------------------------------- | | Identity carrier | On-chain AI Agents | + Physical robots, IoT devices, autonomous vehicles | | Behavioral data | On-chain transaction history | + Sensor data, motor commands, collision data captured in TEE | | Reputation source | User feedback | + PoB on-chain behavior proofs, CSDRT multi-dimensional scoring | | Validation method | Generic validator hooks | + Groth16 ZK identity circuits, TEE remote attestation | Unified Identity: Agent/Device ID = ERC-8004 agentId + `did:ethr:axblade` + Device Fingerprint + Firmware Hash ### 7.5 Dual-Track Infrastructure To address China's data sovereignty requirements while maintaining global decentralization: ``` Overseas Market China Market +------------------------+ +------------------------+ | Public L2 Chain | | Consortium Chain | | Global nodes | | (Ant Chain / Chang'an) | | Permissionless access | <--> | Data stays in-country | | EU AI Act compliant | Cross | Permissioned access | | ZK Rollup security | Chain | Data Security Law | | | Bridge| compliant | +------------------------+ +------------------------+ ``` **Design Rationale:** | Dimension | Public Chain (Overseas) | Consortium Chain (China) | | ---------------- | -------------------------- | --------------------------------------------- | | Data Sovereignty | Global distribution | Data localization | | Access Control | Permissionless | Permissioned | | Regulatory Fit | EU AI Act, U.S. state laws | Network Security Law, Data Security Law, PIPL | | Incentive Model | TBD | Points-based | | Trust Model | Cryptographic trust | Institutional trust + crypto verification | ### 7.6 SDK/API Design **Released SDK: (SDKs will be incrementally updated as the project develops)** | SDK | Language | Architecture | Status | | ------------ | ---------- | ---------------------------------------------- | ---------- | | @axblade/sdk | TypeScript | Isomorphic ESM+CJS (browser/Node.js universal) | ✅ Released | **Planned SDK Matrix:** | Platform | Language | Target Scenario | Priority | | ---------------------- | ----------------- | --------------------------- | -------- | | Server | Python, Go, Rust | AI Agent backends | P1 | | Edge Devices | C/C++, Rust | Robots / autonomous driving | P1 | | Mobile | Swift, Kotlin | Mobile AI applications | P2 | | Enterprise Integration | Java | Enterprise customers | P2 | | Embedded | C, Rust (no\_std) | IoT devices | P2 | **Core API Interface:** ``` // Behavior Definition POST /api/v1/behavior-spec // Create behavior specification GET /api/v1/behavior-spec/{id} // Query specification PUT /api/v1/behavior-spec/{id} // Update specification // Behavior Monitoring POST /api/v1/behavior/report // Report behavior event WS /ws/v1/behavior/stream // Real-time behavior stream GET /api/v1/behavior/status/{agent} // Query agent status // Behavior Ledger GET /api/v1/ledger/proof/{hash} // Query behavior proof POST /api/v1/ledger/verify // Verify behavior evidence // Behavior Analysis GET /api/v1/analysis/anomaly/{agent} // Anomaly detection results GET /api/v1/analysis/score/{agent} // Compliance score // Behavior Execution POST /api/v1/execution/policy // Set execution policy POST /api/v1/execution/correct/{agent} // Trigger correction GET /api/v1/execution/breaker/{agent} // Circuit breaker status ``` *** ## 8. Application Scenarios ### 8.1 Entry Scenario 1: Robot Vacuum — Validation **Target:** Consumer/commercial robot vacuum manufacturers and their enterprise customers. **Product Form:** Physical AI Black Box SDK module embedded in robot vacuum's edge AI chip (e.g., Dreame's "Tianqiong" NXMIND series with 4 TOPS NPU). **Data Architecture:** | Data Tier | On-Chain Content | Frequency | Cost/Day | | ------------------------- | ------------------------ | ------------------------ | -------------------- | | L0 — Device Identity | DID + device fingerprint | One-time | \~$0.01 | | L1 — Environment Baseline | Map Merkle Root | Per mapping | \~$0.005 | | L2 — Routine Behavior | Batch Merkle Root | Every 10-60s | \~$0.12 | | L3 — Critical Events | Event hash + metadata | Real-time (event-driven) | \~$0.01-0.05 | | L4 — Audit Package | ZK proof + summary | On-demand | \~$0.05 | | **Total** | | | **\~$0.12-0.20/day** | **Three Core Use Cases:** **Collision Tracing** — When a robot vacuum damages furniture, the on-chain evidence chain reconstructs: Did AI fail to identify the object? Did it identify but decide incorrectly? Did the user place a new item? **Commercial Cleaning Audit** — In hotel/office cleaning services, provide chain-verifiable "cleaning proof": coverage rate, duration, anomalies. Like a Carfax for cleaning robots. **Privacy Security Audit** — Following Dreame's known camera remote-activation vulnerability (Korea, September 2025), on-chain logging of camera activation events provides tamper-proof privacy protection evidence. ### 8.2 Entry Scenario 2: Humanoid Robots — Strategic High-Value **Target:** Humanoid robot manufacturers (Unitree, Magic Atom) and their factory/enterprise customers. **Key Data Challenge:** Humanoid robots generate 74-230 GB/hour vs. robot vacuums at 1-2 GB/hour — two orders of magnitude more data. Solution: multi-layer compression achieving a **1,000,000:1** chain-to-raw data ratio. **Tiered Evidence Architecture:** | Layer | Content | Frequency | On-Chain Data/Hour | Cost/Hour | | ---------------------- | ------------------------------ | --------------- | ------------------ | ------------------ | | L0 — Device Identity | DID + model + firmware version | One-time/OTA | \~0.5KB | \~$0.01 | | L1 — Behavior Summary | Merkle Root | Every 10s | \~12KB | \~$0.36 | | L2 — Critical Events | Event hash + metadata | 0-20 times/hour | \~2-40KB | \~$0.02-0.40 | | L3 — AI Decision Chain | Model version + decision hash | Every minute | \~2.4KB | \~$0.06 | | L4 — ZK Audit Package | ZK proof | On-demand/daily | \~10-50KB | \~$0.10-0.50 | | **Total** | | | **\~17-105KB/h** | **\~$0.45-1.33/h** | **Core Use Cases:** **Factory Safety Incident Tracing** — When a humanoid robot injures a worker, the on-chain black box provides frame-by-frame reconstruction: fast-system detection, slow-system judgment, collision force peak, emergency shutdown sequence — all with tamper-proof timestamps. **Multi-Robot Collaboration Audit** — In multi-robot factory deployments (e.g., Magic Atom's MagicNet), track task handoffs, failure takeovers, and attribute quality responsibility to specific robots and processes. **Training Data Asset Verification** — As humanoid robot companies (e.g., Unitree's 5.5 million open-source training data entries) increasingly treat operational data as assets, on-chain provenance provides data origin verification, quality certification, and intellectual property attribution. ### 8.3 Entry Scenario 3: Enterprise AI Assistants — Scale Engine **Target:** Enterprises deploying AI assistants in regulated environments (ChatGPT Enterprise, Microsoft Copilot, custom AI Agents). **Product Form:** Digital AI Black Box — SaaS platform providing agent behavior auditing, compliance reports, and real-time monitoring. **Core Use Cases:** | Use Case | Customer Pain Point | AxBlade Solution | Compliance Mapping | | -------------------------------- | ------------------------------------------------------------------------ | -------------------------------------------------- | ---------------------------- | | Agent Behavior Audit | "An employee used AI to process customer data — what did it do?" | Complete input/output/decision path recording | GDPR, SOC2 | | Compliance Reporting | "We need to pass EU AI Act high-risk system audit by August 2026" | Automated compliance report generation | EU AI Act Articles 12-14 | | Anti-Discrimination Verification | "Our AI hiring tool was accused of bias — can we prove innocence?" | Statistical bias ZK proofs across protected groups | Title VII, NYC Local Law 144 | | Multi-Agent Monitoring | "Our AI Agent is calling other AI Agents — who is responsible for what?" | Cross-Agent decision chain tracing | OWASP Agentic AI Top 10 | ### 8.4 Industry Coverage Beyond the three entry scenarios, AxBlade's protocol design covers 12 industry verticals: | Industry | Core AI Application | Governance Need | Market Size (2030E) | | ----------------- | ------------------------------------------ | --------------------------------------------------- | ------------------- | | Healthcare | Surgical robots, AI diagnostics | Liability attribution for AI-assisted surgery | $450B | | Transportation | Autonomous driving | Accident reconstruction; driving behavior records | $747.7B | | Industrial | Factory robots, supply chain AI | Product defect tracing, safety incident auditing | $367B | | Finance | AI credit scoring, trading, anti-fraud | Algorithmic fairness, decision transparency | $440B | | Legal | AI-assisted sentencing, contract review | Judicial fairness verification | $350B | | Military/Security | Drones, AI surveillance | Lethal decision accountability | $390B | | Education | AI grading, personalized learning | Assessment fairness and bias detection | $200B | | Energy | Grid AI, smart buildings | Dispatch decision auditing and fault tracing | $450B | | Content/Media | AI moderation, AIGC | Deepfake detection, content provenance | $130B | | Human Resources | AI hiring, performance evaluation | Anti-discrimination evidence | $380B | | Government | AI public services, welfare approval | Public algorithm accountability | $320B | | Agriculture | Precision agriculture, agricultural drones | Spraying decision records, environmental compliance | $250B | *** ## 9. Market Opportunity ### 9.1 TAM / SAM / SOM ``` Market Size Tiers (2030) +-----------------------------------------------------+ | TAM (Total Addressable Market) | | All AI systems requiring governance | | = AI software market x compliance share + HW audit | | = $150 - 200B | | | | +--------------------------------------------------+ | | SAM (Serviceable Addressable Market) | | | High-risk AI systems requiring on-chain governance| | | = Healthcare + Transportation + Finance + | | | Military + HR | | | = $15 - 30B | | | | | | +-----------------------------------------------+ | | | SOM (Serviceable Obtainable Market) | | | | PoB Protocol + Black Box Products | | | | = $5 - 15B | | | | Focus: Robotics + Agent Audit | | | +-----------------------------------------------+ | +--------------------------------------------------+ +-----------------------------------------------------+ ``` ### 9.2 Market Benchmarks | Benchmark Market | 2024 Size | 2030E Size | CAGR | Comparative Significance | | -------------------------------- | --------- | ---------- | ------ | ------------------------ | | AI Governance Software | $8.9B | $57.8-158B | 30-45% | Direct competition | | Cybersecurity | $188B | $372B | 12% | Path reference | | GRC (Governance/Risk/Compliance) | $52B | $110B | 13% | Traditional analogy | | Blockchain Infrastructure | $12B | $40B | 22% | Technology foundation | | Identity Verification/IAM | $18B | $38B | 13% | Identity layer analogy | **Key Insight:** The AI governance market CAGR (30-45%) far exceeds traditional cybersecurity (12%) and GRC (13%), indicating an early-stage explosive market. Blockchain-native AI governance is currently a near-blank track. ### 9.3 Revenue Model **Three Revenue Engines:** | Engine | Description | Growth Characteristics | | ------------------------------ | ---------------------------------------------------------------- | ---------------------- | | **SaaS Platform Subscription** | Behavior definition + monitoring + analysis + dashboards | Stable, predictable | | **Protocol Fees** | PoB on-chain recording fees + verification fees | Scales with usage | | **Data Services** | Behavior analysis API + compliance reports + industry benchmarks | High margin | **SaaS Pricing Tiers:** | Tier | Monthly Fee | Behavior Records | Analysis Depth | On-Chain Evidence | | ------------ | ----------- | ---------------- | ---------------- | --------------------------- | | Starter | $999 | 100K/mo | Basic | Optional | | Professional | $4,999 | 1M/mo | Advanced | Included | | Enterprise | $19,999 | 10M/mo | Full | Included + priority | | Critical | Custom | Unlimited | Full + dedicated | Real-time + dedicated chain | **Five-Year Financial Projections:** | Metric | Year 1 | Year 2 | Year 3 | Year 4 | Year 5 | | -------------------- | --------- | -------- | -------- | --------- | --------- | | SaaS Customers | 20 | 80 | 250 | 600 | 1,200 | | SaaS ARR | $3M | $15M | $50M | $120M | $250M | | Protocol Fee Revenue | $0.5M | $5M | $20M | $60M | $150M | | Data Service Revenue | $0.2M | $2M | $10M | $30M | $80M | | **Total Revenue** | **$3.7M** | **$22M** | **$80M** | **$210M** | **$480M** | | Gross Margin | 55% | 65% | 72% | 78% | 82% | *** ## 10. Competitive Landscape *This chapter answers three core questions: **Who is in the arena? Where do we sit on the quadrant? Why us?*** ### 10.1 Track Overview & Tiering AxBlade sits at the intersection of four high-growth tracks: **AI Agent Identity/Credit, AI Compliance & RegTech, Physical Robotics + Data Sovereignty, AI Black Box/Traceability**. Each track has mature or rapidly maturing participants, categorized by threat level: ``` Tier 1 Direct Threats (head-to-head) +-- ChaosChain (mirror competitor, digital-only) +-- Peaq Network (L1 for Machine Economy) +-- Microsoft AGT (enterprise governance stack, off-chain) +-- VeritasChain VAP/AgDR (open standards for AI flight recorder) Tier 2 Partial Overlap (watch list) +-- Virtuals Protocol (ERC-8183 co-author, commerce-focused) +-- Credo AI (enterprise GRC SaaS, $41M funded) +-- Holistic AI / Modulos (EU AI Act compliance specialists) +-- Robonomics (Polkadot OG, Unitree G1 partner) +-- Vijil (Trust Score, closest off-chain CSDRT analog) Tier 3 Complements (integration partners) +-- Olas / Fetch.ai / Morpheus (Agent protocols) +-- FrodoBots / BitRobot / OpenMind (robot data DePIN) +-- Arize / Fiddler / WhyLabs (ML observability) +-- RedStone + Credora (ERC-8004 risk data) +-- Inference Labs / Lagrange / EZKL (zkML proof engines) +-- Ocean Protocol C2D (data provenance) ``` ### 10.2 Competitive Positioning Quadrant **X-Axis**: Productization & enterprise readiness (left to right, further right = closer to production-grade enterprise adoption) **Y-Axis**: Coverage depth (bottom to top, from single-point verification to full-lifecycle governance) ``` Full-Lifecycle Governance (Identity + Behavior + Decision + Credit) ^ | | | *** AxBlade *** | (ERC-8004 + PoB + PoD | + CSDRT + Physical | + Insurance) | | . ChaosChain | (PoA, digital-only) | | . Peaq Network | (peaq ID, broad but shallow) | | . Virtuals | (ERC-8183 commerce) | | . Robonomics . Microsoft AGT | (Polkadot, (off-chain, | small scale) enterprise) | | . Olas . Fetch.ai . Credo AI | (agent (brand (GRC SaaS, | regis) identity) $41M) | | . Morpheus | | . Vijil | (Trust Score) | | . VeritasChain . Arize/Fiddler | (VAP open spec) (observability) | | . Inference Labs . Holistic AI | (zkML SN2) (EU AI Act) | | . Lagrange / EZKL | (proof engines) | +---------------------------------------> Open Source / Enterprise Research Stage Production Ready Single-Point Verification (Output-level proof only) ``` **Key Observations:** **The upper-right quadrant (full-lifecycle + enterprise-ready) is currently occupied by AxBlade alone** — no competitor simultaneously possesses all five elements (ERC-8004 identity + PoB behavior + PoD decision + CSDRT credit + physical robotics + insurance compliance) **Inference Labs / Lagrange sit in the lower right** — zkML inference proofs are mature, but only cover the output layer, not the agent lifecycle **ChaosChain sits in the upper right, leaning left** — the closest mirror competitor; the only differentiators are **no physical robotics, no proprietary L2, no zk-Groth16 circuit suite** **Microsoft AGT sits in the center right** — the enterprise governance default stack, but entirely off-chain; the relationship with AxBlade is **upstream/downstream, not substitutive** ### 10.3 Tier 1 — Direct Threats (Head-to-Head) **10.3.1 ChaosChain — The Most Dangerous Mirror Competitor** | Dimension | Information | | --------------- | -------------------------------------------------------------------------------------------------- | | Positioning | "Underwriting Layer for Autonomous Agents" | | Core Protocol | Proof of Agency (PoA) | | Ecosystem Niche | ERC-8004 reference implementation maintainer, deep collaboration with Ethereum Foundation dAI team | | Funding | Early/Bootstrapped | | Product Form | ChaosClaw (ERC-8004 trust-inference Agent) + Studios (Savings/Insurance/Compliance/Engineer) | | Overlap Degree | Extremely high | **Relationship with AxBlade: narrative is nearly a 1:1 mirror** PoA ≈ AxBlade's PoB/PoD Studios model ≈ AxBlade's scenario-based entry strategy ERC-8004 native integration ≈ AxBlade ERC-8004 native **Critical Differentiators (AxBlade's survival line):** ChaosChain is **digital-Agent-only** — does not touch physical robotics (Unitree/Dreame/Magic Atom) ChaosChain has **no proprietary L2** — relies on external Ethereum/L2s ChaosChain has **no CSDRT-grade multi-dimensional credit scoring** ChaosChain has **no zk-Groth16 identity circuit suite** ChaosChain has **no insurance actuarial/ISO 10218 compliance narrative** **10.3.2 Peaq Network — Machine Economy L1** | Dimension | Information | | -------------- | --------------------------------------------------------------- | | Positioning | "The Machine Economy L1", peaq ID (Self-Sovereign Machine DIDs) | | Tech Stack | EVM + Substrate, 10K-100K TPS, native x402 support | | Ecosystem | 60+ DePINs, 22 industries, millions of devices, 57+ dApps | | Token | PEAQ, Hashkey Capital backing | | Overlap Degree | High (physical robot identity layer) | **Critical Differentiators:** Peaq is a **broad but shallow** machine identity L1, lacking: EU AI Act / ISO 10218 compliance toolchain Insurance actuarial data models ZK selective disclosure architecture Multi-dimensional credit scoring (CSDRT) AxBlade **goes deep on robot compliance + insurance + ZK trust**; Peaq does not **Strategic Positioning:** Avoid head-on identity-layer competition; differentiate with "compliance + insurance + ZK"; consider long-term alliance. **10.3.3 Microsoft Agent Governance Toolkit (AGT)** | Dimension | Information | | ------------------- | ---------------------------------------------------------------------------------------------------------- | | Positioning | 7-package runtime governance stack: Agent OS / Mesh / Runtime / SRE / Compliance / Marketplace / Lightning | | Open Source License | MIT (released 2026-04-02) | | Coverage | 10/10 OWASP Agentic AI Top 10 | | Integrations | AWS Bedrock / Google ADK / Azure Foundry / LangChain / CrewAI / AutoGen / 20+ frameworks | | Overlap Degree | High narrative / low tech-stack overlap | **Critical Differentiators:** Microsoft AGT is **entirely off-chain** — enterprise SaaS governance middleware **No ERC-8004, no ZK proofs, no token economics, no physical robotics** Does "policy enforcement + log recording", not "cryptographic evidence + insurance underwriting" **Strategic Positioning:** **Partner before competitor.** AxBlade should position itself as "AGT's on-chain attestation backend" — AGT policy decisions get their results anchored on-chain by AxBlade + generate insurance claim evidence. **10.3.4 VeritasChain VAP / AgDR — Open Standards Threat** | Dimension | Information | | ---------------- | --------------------------------------------------------------------------------------------- | | VeritasChain VAP | "Verifiable AI Provenance", literally an "AI flight recorder" open framework | | AgDR | Canadian "AI Decision Records" open standard (released March 2026), BLAKE3 + Ed25519 + Merkle | | License | CC0 / Apache 2.0 open source | | Benchmark | EU AI Act Article 12 (technical documentation + traceability) | | Overlap Degree | PoD naming conflict | **Critical Differentiators:** VAP/AgDR are **standards/specifications**, not products — no token economics, no insurance applications, no identity layer But **naming collision**: if VAP/AgDR become de-facto EU AI Act compliance standards, AxBlade's PoD may be perceived as a "proprietary alternative" **Strategic Positioning:** Proactively declare **"AxBlade PoD conformant to VAP / AgDR-compatible"**, turning open standards into a distribution advantage rather than opposition. ### 10.4 Tier 2 — Partial Overlap (Watch List) | Player | Positioning | Overlap | Differentiation | | ------------------------- | -------------------------------------------------------------- | ------------------------------------------------- | -------------------------------------------------------------------------- | | **Virtuals Protocol** | Base-chain Agent society, ERC-8183 co-author | Identity + commerce layer, $500M agent market cap | Commerce Agents, not governance Agents; **no CSDRT, no physical robotics** | | **Credo AI** | Enterprise AI governance SaaS, $41M funded, Andrew Ng investor | EU AI Act workflows | Traditional document-based GRC, **no chain, no Agent identity standard** | | **Holistic AI / Modulos** | EU AI Act compliance specialists | EU AI Act compliance | Document-based GRC, **no cryptographic evidence** | | **Robonomics** | Polkadot 2017 OG, Unitree G1 partner | Physical robotics + blockchain | Substrate ecosystem, **small scale, no compliance/insurance** | | **Vijil** | Trust Score + garak open-source scanner, Gartner Cool Vendor | Trust Score closest to off-chain CSDRT | Enterprise SaaS, **not on-chain, not ERC-8004** | ### 10.5 Tier 3 — Complements (Potential Partners) | Player | Potential Collaboration | | ------------------------------------ | ---------------------------------------------------------------------------------- | | **Olas / Fetch.ai / Morpheus** | Agent protocol layer; future migration to ERC-8004 enables integration | | **FrodoBots / BitRobot / OpenMind** | Robot data streams feed into AxBlade PoB | | **Inference Labs / Lagrange / EZKL** | zkML proof engines providing underlying capabilities for AxBlade's L1.5 ZKML layer | | **Arize / Fiddler / WhyLabs** | ML observability tools; telemetry as PoB data source | | **RedStone + Credora** | ERC-8004 risk data feeds (may compete for CSDRT position; can also integrate) | | **Ocean Protocol C2D** | Training data compliance partner | | **Zama.ai** | FHE complementary solution for privacy scenarios | ### 10.6 Why Us — AxBlade's Five Moats **Moat 1: The Five-Element Intersection Is Exclusive Territory** No competitor **simultaneously possesses** all five: | Element | AxBlade | ChaosChain | Peaq | Microsoft AGT | VAP/AgDR | Inference Labs | | ------------------------------ | :-----: | :--------: | :--: | :-----------: | :------: | :------------: | | ERC-8004 Native Identity | ✅ | ✅ | 🟡 | ❌ | ❌ | ❌ | | On-Chain PoB/PoD Evidence | ✅ | ✅ | 🟡 | ❌ | ✅ | 🟡 | | CSDRT Multi-Dim Credit | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | | Physical Robotics Integration | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | | Insurance/Compliance Economics | ✅ | 🟡 | ❌ | 🟡 | ❌ | ❌ | | **All Five** | **✅** | ❌ | ❌ | ❌ | ❌ | ❌ | **Moat 2: Physical + Digital Dual-Track Coverage** **Inference Labs, ChaosChain, Virtuals, Olas, Morpheus** and other digital Agent players are 100% concentrated on on-chain DeFi/LRT scenarios. **Peaq** does machine economy but lacks compliance. AxBlade, through **Unitree Adapter / MagicLab Adapter / Dreame Adapter**, brings physical robots' behavior, decisions, anomalies, and compliance into the same data model (BlackBoxRecord), sharing the protocol stack with digital Agents. **This is a capability other players will find very hard to catch up on within 5 years** — it requires simultaneously understanding ROS2/URDF/SDK integration, robot insurance actuarials, and ISO 10218 industrial compliance. **Moat 3: Agent Full-Lifecycle vs. Single-Point Verification** ``` Inference Labs Model (output-level): +-------+ +---------+ +-------------+ | Input | --> | Model | --> | Output+Proof| +-------+ +---------+ +-------------+ verify once per inference AxBlade Model (lifecycle-level): +----------+ +-----------+ +-----------+ +-----------+ +-----------+ | Identity | > | Behavior | > | Decision | > | Credit | > | Insurance | | ERC-8004 | | PoB | | PoD | | CSDRT | | Premium | +----------+ +-----------+ +-----------+ +-----------+ +-----------+ record every step, build Agent's permanent record ``` Single-output verification can be commoditized (any zkML team can do it); once agent lifecycle governance becomes a standard, **switching costs are extremely high**. **Moat 4: Self-Controlled Technology Stack** | Component | AxBlade Proprietary | Competitor Comparison | | ------------------ | :---------------------------------------: | ------------------------------------------------------ | | L2 Infrastructure | ✅ Based on zksync-era (Chain ID 271) | ChaosChain uses mainnet; Inference Labs uses Bittensor | | 5 System Contracts | ✅ 0x8016-0x801A | Most competitors use standard ERC contracts | | 6 Groth16 Circuits | ✅ KYC/Credit/Enterprise/Age/Income/Region | Most competitors reuse EZKL standard circuits | | Native OracleHub | ✅ <100ms latency, $0.001 cost | Requires external Chainlink/RedStone | | Fast Bridge | ✅ LP fast bridge, <1 hour withdrawal | Most competitors rely on standard L1-L2 bridges | **No dependence on Bittensor token cycles, no dependence on any specific open-source proof system's roadmap** — technology stack and business model are both self-controlled. **Moat 5: The Compliance Narrative Is More Compelling** Enterprise B2B customers, insurance companies, regulators — these procurement decision-makers **don't understand "zkML proof", "Groth16", "Halo2"**, but they **do understand:** "The FAA black box for AI" "What SWIFT is to financial transactions, AxBlade is to AI decisions" "What HTTPS is to internet security, AxBlade is to Agent identity" These three analogies give AxBlade a natural narrative advantage in **enterprise sales, insurance partnerships, compliance procurement, and regulatory dialogue**. ### 10.7 Differentiation Matrix (Upgraded) | Capability Dimension | AxBlade | ChaosChain | Peaq | Microsoft AGT | Inference Labs | Credo AI | Virtuals | | ------------------------------- | :--------: | :--------: | :--: | :-----------: | :------------: | :------: | :------: | | ERC-8004 Native Identity | ✅ | ✅ | 🟡 | ❌ | ❌ | ❌ | ✅ | | PoB Behavior Recording Protocol | ✅ | ✅ | ❌ | 🟡 | ❌ | 🟡 | 🟡 | | PoD Decision Tracing Protocol | ✅ | ✅ | ❌ | 🟡 | 🟡 | 🟡 | ❌ | | CSDRT Multi-Dim Credit Scoring | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | 🟡 | | Proprietary ZK Rollup L2 | ✅ | ❌ | 🟡 | ❌ | ❌ | ❌ | ❌ | | Physical Robotics Integration | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | | Digital Agent Integration | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | | TEE+ZK Hybrid Architecture | ✅ | 🟡 | ❌ | ❌ | ✅ | ❌ | ❌ | | zkML Inference Proof | 🟡 Planned | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | | BehaviorSpec DSL | ✅ | 🟡 | ❌ | 🟡 | ❌ | 🟡 | ❌ | | Insurance Pricing Engine | ✅ | 🟡 | ❌ | ❌ | ❌ | ❌ | ❌ | | ISO 10218 Robotics Compliance | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | | EU AI Act Compliance Templates | ✅ | 🟡 | ❌ | ✅ | ❌ | ✅ | ❌ | | Cross-Platform/Neutral | ✅ | ✅ | ✅ | 🟡 | 🟡 | ✅ | 🟡 | Legend: ✅ = Core capability / 🟡 = Partial support / ❌ = Not supported ### 10.8 Moat Progression (Compounding Over Time) Technology barriers in the AI space erode within 6-12 months. AxBlade's moat is designed to **compound over time**: | Year | Barrier Type | Content | Can Big Tech Replicate? | Half-Life | | ------- | --------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------ | ----------- | | Year 1 | **Technical Barrier** | TEE+ZK hybrid architecture, ERC-8004 implementation, 6 Groth16 circuits, behavior hash algorithm | Yes, needs 6-12 months | 6-12 months | | Year 2 | **Data Barrier** | Accumulated AI behavior data improves anomaly detection; CSDRT baselines mature; insurance actuarial models | Hard — data takes time to accumulate | 2-3 years | | Year 3 | **Standards Barrier** | BehaviorSpec + DecisionReceipt become de-facto industry standards; partners build on top | Switching = rewriting all systems | 5-10 years | | Year 4+ | **Ecosystem Barrier** | Auditors, insurance companies, compliance consultants, regulators, developer communities form around AxBlade | Nearly impossible | 10+ years | ### 10.9 Structural Limitations of Big Tech **What Big Tech Will Do vs. Won't Do:** | Big Tech Will Do | Big Tech Won't Do | Reason | | ---------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------ | | In-platform AI governance (Microsoft AGT / Google Vertex / AWS Bedrock Guardrails) | Cross-platform/cross-vendor unified governance | Each only manages its own ecosystem; no incentive to support competitors | | Basic compliance checking tools | Deep decision tracing + on-chain cryptographic evidence | Insufficient ROI; not core business | | Internal standards for their own customers | Industry-wide open standards | Open standards mean losing lock-in | | SaaS governance middleware | Physical robotics + insurance + blockchain triple combination | Cross-boundary capability; big tech org structures can't support it | **AxBlade's survival space = areas Big Tech structurally won't touch:** cross-platform neutrality, on-chain immutability, deep decision tracing, open standard output, physical + digital dual-track, insurance economic model. ### 10.10 Competition Strategy Summary Based on the above analysis, AxBlade's competitive strategy is: **Against Tier 1 ChaosChain** — Physical robotics + insurance + ISO compliance is the **survival line**; monitor their movements weekly, ensure differentiation continues to widen **Against Tier 1 Peaq** — Differentiate with "compliance + insurance + ZK trust"; consider long-term alliance rather than head-on identity-layer competition **Against Tier 1 Microsoft AGT** — **Partner before competitor**; position as on-chain attestation backend, the chain-based extension of AGT's policy engine **Against Tier 1 VAP/AgDR** — Proactively declare compatibility; turn open standards into a distribution channel **Against Tier 3 Inference Labs / Lagrange** — Integrate as L1.5 ZKML proof layer; share the ZK ecosystem **Against Tier 3 Credora / RedStone** — Differentiate CSDRT as "multi-dimensional + physical + insurance actuarial"; avoid single-dimension credit scores **Microsoft AGT is a double-edged sword** — Once AGT becomes the de-facto standard, **the more enterprises use AGT, the more they need AxBlade as their on-chain backend** *** ## 11. Roadmap **Phase 0: Foundation Validation (Current — Q2 2026)** | Milestone | Timeline | Deliverable | | ----------------------------- | ---------- | --------------------------------------------------------------- | | PoB Protocol V1.0 | Q1 2026 | Core protocol specification + reference implementation | | Digital AI Black Box MVP | Q1-Q2 2026 | Enterprise AI Agent behavior audit (Copilot/ChatGPT Enterprise) | | Physical AI Black Box PoC | Q2 2026 | Robot vacuum behavior data on-chain PoC | | L2 Testnet | Q2 2026 | ZK Rollup L2 testnet (Sepolia integration) | | Tech Stack Selection Complete | ✅ Done | ZK Rollup architecture based on zksync-era confirmed | | Core System Contracts | Q2 2026 | 5 custom system contracts (0x8016-0x801A) deployed to testnet | | First Paying Customer | Q2 2026 | At least 1 enterprise AI Agent audit paying customer | **Phase 1: Industry Breakthrough (Q3 2026 — Q4 2027)** | Milestone | Timeline | Key Metric | | ------------------------------------ | ---------- | --------------------------------------- | | L2 Mainnet Launch | Q3-Q4 2026 | TPS 10,000; ZK proof verification on L1 | | TypeScript SDK Release | Q3 2026 | @axblade/sdk (Isomorphic ESM+CJS) | | China Consortium Chain Deployment | Q4 2026 | First domestic customers | | Security Audit (Round 1) | Q4 2026 | At least 2 top-tier audit firms | | Humanoid Robot Governance Solution | Q1 2027 | Unitree/Magic Atom behavior audit | | Edge TEE SDK V1.0 | Q1 2027 | 3+ device manufacturer pilots | | Core SDK Expansion (Python/Rust/C++) | Q2 2027 | GitHub Stars >500 | | EU AI Act Compliance Module | Q2 2027 | High-risk AI automated reporting | | First 10 Paying Enterprise Customers | Q4 2027 | Covering 3+ industries | | Series A Funding | Q3 2027 | $20-30M | **Phase 2: Standard Establishment (2028 — H1 2029)** | Milestone | Timeline | Key Metric | | ---------------------------------- | -------- | ------------------------------- | | PoB Standard Proposal | Q1 2028 | Submitted to IEEE/ISO/W3C | | AI Agent Behavior SDK | Q1 2028 | 10+ Agent platform integrations | | ZK Proof Cloud Service | Q1 2028 | <3s proof generation | | Predictive Behavior Analysis V2 | Q2 2028 | Anomaly detection accuracy >95% | | AI Credit System Launch | Q3 2028 | 100+ AI systems scored | | Multi-Chain Deployment | Q2 2028 | Avalanche/Polygon expansion | | 100+ Enterprise Customers | Q4 2028 | Covering 5+ industries | | "PoB Certified" Certification Mark | Q4 2028 | Industry recognition | | Series B Funding | Q4 2028 | $50-80M, valuation $0.5-1B | **Phase 3: Scale (H2 2029 — 2030)** | Milestone | Timeline | Key Metric | | ----------------------------- | -------- | -------------------------------------- | | L2 TPS Upgrade | Q1 2029 | >50,000 TPS | | Humanoid Robot SDK | Q2 2029 | Tesla/Figure partnership | | Global Compliance Engine | Q3 2029 | EU/US/CN/JP/KR coverage | | DAO Governance Launch | Q4 2029 | 1,000+ $AXB holders participating | | AI Behavior Insurance Product | Q1 2030 | Joint product with insurance companies | | 600+ Enterprise Customers | Q4 2030 | ARR $210M | | Series C / Pre-IPO | Q3 2030 | $150-200M, valuation $2-5B | **Phase 4: Infrastructure Dominance (2031+)** | Milestone | Timeline | | ------------------------------------------- | --------- | | AI Behavior Recording ISO Standard Proposal | Q1 2031 | | 10,000+ AI Systems Connected | Q2 2031 | | IPO or Major Strategic Investment | 2031-2032 | | Global AI Governance Standard-Setter | 2032+ | *** ## 12. Risk & Mitigation | Risk Category | Specific Risk | Probability | Impact | Mitigation Strategy | | --------------- | -------------------------------------------------------------------------------------------- | ----------- | --------- | ------------------------------------------------------------------------------------------------------------ | | **Market** | AI governance demand explosion delayed; "everyone says it's important but nobody pays first" | Medium-High | High | Maintain cash flow with ToG projects; validate demand through paid PoCs; target post-incident buyers | | **Market** | Phantom demand: customers express interest but have no budget or timeline | Medium | High | Require paid PoC completion within 6 months; track "trigger events" (fines, incidents, competitor purchases) | | **Competition** | Big tech builds in-house AI governance modules (Microsoft/Alibaba/Huawei) | High | Medium | Cross-platform + on-chain differentiation; position as "plugin" not "rival"; open standards strategy | | **Competition** | Same-track startups (domestic and international) | Medium | Medium | First-mover advantage + standards barrier + data accumulation | | **Policy** | China blockchain/token policy tightening | Medium | Medium | China uses "consortium chain + evidence" narrative; de-tokenize | | **Policy** | AI regulation direction suddenly shifts | Low | High | Product design with "adjustable compliance intensity" | | **Technical** | TEE security vulnerability discovered | Low | High | Multi-hardware-vendor support; TEE+ZK dual guarantee | | **Technical** | zkML performance insufficient for commercial use | Medium | Medium | TEE as primary approach; zkML as long-term roadmap | | **Internal** | Unable to recruit "dual-skilled talent" (tech + policy) | High | High | Team composition: tech talent + policy advisors, rather than requiring both in one person | | **Internal** | Three product lines spread resources thin | Medium-High | Medium | Strict pacing control; never push all three lines at full force simultaneously | | **Internal** | Over-customization prevents standardization | Medium | High | Red line: no more than 30% customization per project | | **Operations** | Cash flow disruption (PMF validation period too long) | Medium | Very High | Initiate next funding round 12 months in advance; ToG projects as safety net | *** ## Glossary | Term | Full Name | Definition | | ---------------------------------- | ------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | | PoB | Proof of Behavior | Core protocol for AI behavior recording, verification, and on-chain evidence | | PoD | Proof of Decision | AI decision tracing protocol providing a complete decision evidence chain | | BehaviorSpec DSL | Behavior Specification Domain-Specific Language | Declarative language for defining AI behavior permissions, prohibitions, and monitoring parameters | | Decision Receipt | — | Structured, immutable, cryptographically signed data object recording a complete AI decision context | | TEE | Trusted Execution Environment | Hardware-isolated secure computing area (Intel SGX, ARM TrustZone, AMD SEV) | | ZK Proof | Zero-Knowledge Proof | Cryptographic proof that a statement is true without revealing additional information | | zkML | Zero-Knowledge Machine Learning | Applying ZK proofs to verify ML inference correctness | | ZK Rollup | Zero-Knowledge Rollup | Layer 2 scaling solution using zero-knowledge proofs to guarantee state transition correctness | | PLONK | — | General-purpose ZK proof system used for AxBlade L2's rollup proofs | | Groth16 | — | ZK proof system with the smallest proofs and fastest verification, used for AxBlade's identity verification circuits | | Baby Jubjub | — | Elliptic curve suited for ZK circuits, used for on-chain EdDSA signatures | | Merkle Tree | — | Hash tree used to batch-aggregate behavior hashes into a verifiable root hash | | ERC-8004 | Ethereum Improvement Proposal 8004 | Ethereum AI Agent identity standard (mainnet since January 29, 2026) | | DID | Decentralized Identifier | On-chain identity for AI devices and agents (AxBlade uses the `did:ethr:axblade` scheme) | | OracleHub | Native Oracle Contract | AxBlade L2 system contract (0x8016), providing multi-source price aggregation and deviation detection | | CSDRT | Capability-Safety-Regulatory-Dependability-Transparency | Five-dimension AI credit scoring model | | Three-Tier Disclosure Architecture | — | Privacy-compliance architecture combining ZK selective disclosure + regulatory authorized penetration + emergency keys | | Circuit Breaker | — | Safety mechanism that stops AI behavior under extreme conditions (Warning → Restriction → Stop) | | Behavior Drift | — | The phenomenon where an AI system's behavior gradually deviates from its predefined specification | | Decision Fingerprint | — | Keccak256 hash that uniquely identifies and verifies an AI decision | | Decision Chain | — | Chain of Decision Receipts tracking cross-Agent decision causality | | Sidecar Pattern | — | Zero-coupling extension design where custom modules do not modify the core engine | *** ## References **Market Research:** * MarketsandMarkets: AI Governance Market Report 2024-2029 ($8.9B → $57.8B, CAGR 45.3%) * Forrester: AI Governance Software Spend 2024-2030 CAGR 30% (reaching $158B by 2030) * Grand View Research: Autonomous Driving Market ($231.5B → $747.7B, 2030) * GlobalData: Robotics Market ($100.6B → $205.5B, 2030, CAGR 15%) * MarketsandMarkets: AI Agent Market ($7.84B → $52.62B, 2030, CAGR 46.3%) **Regulations & Policy:** * EU AI Act Implementation Timeline (artificialintelligenceact.eu) * China AI Safety Governance Framework V2.0 (September 2025) * China Network Security Law Amendment (effective January 2026) * OWASP Top 10 for Agentic Applications (2026) * U.S. White House AI Executive Order (December 2025) **Technical Standards:** * ERC-8004: Trustless Agents (eips.ethereum.org, mainnet since January 29, 2026, 45,000+ registered Agents) * ERC-8004 Three Registries: Identity Registry (ERC-721), Reputation Registry, Validation Registry * QuickNode: ERC-8004 Developer Guide * RedStone: ERC-8004 + Data & Risk Intelligence * zksync-era: Apache 2.0 Open-Source ZK Rollup Engine (Type 2.5 zkEVM, PLONK proof system) * Groth16 + Baby Jubjub EdDSA: ZK Identity Verification Circuit Cryptographic Scheme **Research:** * Anthropic Alignment Science Team: "Reasoning Models Don't Always Say What They Think" (April 2025) * Stanford AI Index: AI incidents up 2,500% since 2012 * McKinsey: State of AI Trust 2026 — 64% of large enterprises suffered >$1M losses from AI failures * AI Incident Database (incidentdatabase.ai): 108 incidents (Nov 2025 - Jan 2026) **Cases & Incidents:** * FDA AI Medical Device Database: \~1,000 authorized devices, 60 involving 182 recalls * NHTSA: 3,442 ADAS-related incidents reported as of mid-2025 * Tom's Hardware: TruDi surgical navigation AI adverse event analysis * Alias Robotics: Unitree G1 security vulnerability disclosure (September 2025) **Disclaimer:** This whitepaper is for informational purposes only and does not constitute financial advice, an offer to sell, or a solicitation to purchase tokens or securities. Projections herein are forward-looking statements based on current market conditions and are subject to change. Potential participants should conduct their own due diligence. **Document Version:** v0.1 | April 2026 **Classification:** Public *Copyright (C) 2026 AxBlade. All rights reserved.*