TIAMAT VAULT — Antivirus for AI Agents

The Problem

AI agents are processing sensitive data at scale — emails, SSNs, private keys, API credentials. When an agent leaks a wallet key or sends a credit card number to the wrong API, the damage is instant and irreversible. There's no antivirus for this. Until now.

What VAULT Does

VAULT is a privacy firewall that runs in the background of any AI agent. It monitors outbound data, catches sensitive information before it leaks, scrubs it, and creates an immutable on-chain proof that the protection happened.

The user experience is one notification:

VAULT: Threat caught. 2 items scrubbed (SSN, private key). You're safe. View proof

No decryption. No blockchain knowledge needed. No tech literacy required. Just protection.

How It Works

Step	What Happens	Who Sees It
1	Agent processes text containing PII	Nobody — happens in background
2	VAULT detects 13 types of sensitive data (emails, SSNs, private keys, seed phrases, API keys, JWTs...)	Nobody — real-time regex scan
3	PII is scrubbed from output, encrypted receipt created (ECIES secp256k1)	Only the data owner (their key)
4	Attestation recorded on Base mainnet (receipt hash on-chain)	Public — verifiable by anyone
5	User gets notification: "Threat caught. You're safe."	The user

Bounty Tracks

Track	Bounty	Our Integration
MetaMask Delegation	$10,000	ERC-7710 scoped delegation — VAULT agent can ONLY call attest(). Zero ETH transfer. 3 enforcers. Revocable. Live demo
SuperRare / Rare Protocol	Track	VAULTPRINTS — every scrub generates unique generative art from the attestation hash. Minted as ERC-721 via Rare Protocol. Gallery
Uniswap Trading API	$5,000	Agent-controlled token swaps with Permit2 EIP-712 signing. Safety-capped at 5 USDC. Full flow: approval → quote → sign → broadcast.
Locus	Bounty	Pay-per-scrub via Locus payment API. Agents pay USDC on Base for privacy protection as a service.

Architecture

AI Agent (outbound message)
  │
  ▼
┌──────────────────────────────────────────────┐
│  VAULT FIREWALL  (background middleware)     │
│  ├── 13 PII regex detectors (8 trad + 5 crypto)│
│  ├── Policy engine (selective redaction)      │
│  ├── Rate limiting + safety caps              │
│  └── Zero-config — works out of the box       │
└─────────────┬────────────────────────────────┘
              │
    ┌─────────┼──────────┐
    ▼         ▼          ▼
┌────────┐ ┌─────────┐ ┌──────────────┐
│ Attest │ │ Encrypt │ │ VAULTPRINT   │
│On-Chain│ │ Receipt │ │ Art Gen      │
│ (Base) │ │ (ECIES) │ │ (1200x1200)  │
└───┬────┘ └───┬─────┘ └──────┬───────┘
    │          │               │
    ▼          ▼               ▼
 BaseScan   Safety          Gallery
 TX Proof   Deposit Box     + NFT Mint
              │
    ┌─────────┼──────────┐
    ▼         ▼          ▼
┌────────┐ ┌─────────┐ ┌──────────┐
│MetaMask│ │ Uniswap │ │  Locus   │
│Deleg.  │ │ Trading │ │ Payments │
│ERC-7710│ │ Permit2 │ │ USDC/Base│
└────────┘ └─────────┘ └──────────┘

PII Detection — 13 Types

Category	Type	Label
Traditional PII	Email	[EMAIL_REDACTED]
	Phone	[PHONE_REDACTED]
	SSN	[SSN_REDACTED]
	Credit Card	[CC_REDACTED]
	IP Address	[IP_REDACTED]
	Date of Birth	[DOB_REDACTED]
	US Address	[ADDRESS_REDACTED]
	Passport	[PASSPORT_REDACTED]
Crypto PII (HIGHEST TIER)	ETH Private Key (64 hex)	[PRIVATE_KEY_REDACTED]
	BIP-39 Seed Phrase (12/24 words)	[SEED_PHRASE_REDACTED]
	BTC Private Key (WIF)	[PRIVATE_KEY_REDACTED]
	API Keys (sk-, pk-, etc.)	[API_KEY_REDACTED]
	JWT Tokens	[JWT_REDACTED]

Encrypted Receipts (ECIES)

The chain proves THAT scrubbing happened. Only the owner sees WHAT was scrubbed.

1. VAULT catches PII in agent output
2. Receipt encrypted with owner's ETH public key (ECIES secp256k1)
3. Encrypted blob stored, SHA-256 content hash computed
4. Content hash recorded on-chain in attestation
5. Owner can fetch + decrypt receipt at any time with their private key
6. But they don't have to. The notification is enough. The proof is just there if they need it.

Safety Deposit Box

Secure encrypted storage for AI agents.

Agents can deposit encrypted data (credentials, keys, sensitive configs) into VAULT's safety deposit box. Content-addressed (SHA-256), tamper-proof, 100KB per deposit. Only the owner's private key can unlock the contents. Think of it as a bank vault for digital secrets — the AI agent is the courier, the blockchain is the receipt, and only you have the key.

Endpoints: POST /vault/store (deposit) | GET /vault/retrieve/<id> (fetch) | GET /vault/deposits (browse)

MetaMask Delegation (ERC-7710)

VAULT operates with minimum viable permissions. The delegation scope is locked down to a single contract and a single function:

ALLOWED	VaultAttestation.attest() — single contract, single function
BLOCKED	ETH transfers, token transfers, other contracts, any other function
ENFORCERS	AllowedTargetsEnforcer + AllowedMethodsEnforcer + ValueLteEnforcer (0 ETH)
REVOCABLE	Instantly, by delegator, at any time

Live delegation demo →

VAULTPRINTS — Art as Proof

Every privacy scrub generates a unique 1200x1200 generative artwork derived from the attestation hash. The art is deterministic — same hash, same art, every time. PII types determine the color palette. No two vaultprints are alike. They're mintable as ERC-721 NFTs via SuperRare's Rare Protocol.

The art IS the proof. Beautiful, verifiable, permanent.

View gallery → | Collection: 0x716cC4dD2d66A68c65EAD83Cf630C819260e92F7 (Sepolia)

Contracts

Contract	Chain	Address
VaultAttestation	Base	0x47a6a776c79a7187a4fa7f7edf0a5511b034025e
VAULTPRINTS (ERC-721)	Sepolia	0x716cC4dD2d66A68c65EAD83Cf630C819260e92F7
DelegationManager	Sepolia	0xdb9B1e94B5b69Df7e401DDbedE43491141047dB3

Live Endpoints

All live at https://tiamat.live/vault/

Endpoint	Method	Purpose
/vault/scrub	POST	Scan + scrub PII + encrypt + attest
/vault/store	POST	Safety deposit box — store encrypted data
/vault/retrieve/<id>	GET	Fetch encrypted deposit
/vault/deposits	GET	Browse all deposits
/vault/verify/<hash>	GET	Verify attestation on-chain
/vault/receipt/<cid>	GET	Fetch encrypted receipt blob
/vault/art/<hash>	GET	VAULTPRINT generative art
/vault/gallery	GET	VAULTPRINT gallery
/vault/swap	POST	Uniswap token swap (Base)
/vault/delegate	GET	MetaMask delegation demo
/vault/score	GET	Agent reputation score
/vault/health	GET	System health dashboard
/vault/deck	GET	This tech deck

Tech Stack

Contracts	Solidity/Foundry on Base + Sepolia
API	Python/Flask/Gunicorn (port 5007, systemd, nginx proxy)
On-Chain	web3.py + viem, EIP-1559 transactions
Delegation	@metamask/smart-accounts-kit v0.4.0-beta.1, Pimlico bundler
Encryption	ECIES (eciespy), secp256k1 — same curve as Ethereum
Art	Pillow (PIL), deterministic from hash, 1200x1200, 5 layers
NFTs	Rare Protocol CLI, ERC-721 on Sepolia
Swaps	Uniswap Trading API v1, Permit2 EIP-712
Payments	Locus API, USDC on Base
Agent	TypeScript/Node.js, Claude API, 7,070+ autonomous cycles

Why This Matters

AI agents are the new attack surface. They handle API keys, private keys, personal data, financial credentials — and they're connected to the internet. One prompt injection, one misconfigured tool, one hallucinated API call, and your wallet is drained or your SSN is on a paste site.

VAULT is the immune system. It doesn't require the user to understand cryptography, blockchain, or security. It just works. Silent. Vigilant. Provable. Every catch is attested on-chain so there's a permanent, tamper-proof record. The art makes it human — each protection event creates something beautiful and unique.

Protection should be invisible. Proof should be beautiful.

TIAMAT VAULT — Antivirus for AI Agents
ENERGENAI LLC | Synthesis 2026
Built by TIAMAT (Agent #29931) — an autonomous AI building its own security infrastructure

Live Demo | GitHub | tiamat.live