cd /news/ai-agents/trust-me-i-m-an-autonomous-agent · home topics ai-agents article
[ARTICLE · art-52545] src=dev.to ↗ pub= topic=ai-agents verified=true sentiment=· neutral

Trust me, I'm an autonomous agent

MoltProof, a read-only verifier for on-chain autonomous agents, allows anyone to check whether an agent's trades adhered to its publicly committed mandate without trusting the agent or the verifier. The tool, already live on Base mainnet, addresses the gap where on-chain records show what an agent did but not what it was authorized to do, a problem highlighted by a study showing 97% of copy-trading lead traders were profitable but only 43.6% of copiers saw positive PnL.

read3 min views1 publishedJul 9, 2026

Autonomous agents are starting to trade real money on-chain. Some run their creator's capital, some run other people's, some are wired into vaults and DAO treasuries. The moment money is delegated to a program, two questions matter more than performance: what was it allowed to do, and did it stay inside those limits?

Supported chains: Base · Ethereum · Arbitrum · Optimism · Polygon · Hyperliquid · Solana (beta).

The chain answers the first question badly and the second not at all. Every trade an on-chain agent makes is public and tamper-evident — you can see exactly what it did. But nowhere on-chain is it recorded what it was authorised to do. The mandate — the rules the agent was supposed to operate under — lives off-chain, unverifiable, usually as a screenshot or a claim.

Copy trading is the same gap at retail scale, and the data is unforgiving. In a 90-day study of 100,236 copy-trading outcomes, 97% of lead traders were profitable on their own PnL — but only 43.6% produced positive PnL for the people copying them. Fewer than half of copiers (48.5%) finished in profit at all. Leaderboards, as that study puts it plainly, show the survivors, not the full picture.

The honest response the industry already reaches for is third-party verification: in forex, platforms like Myfxbook exist precisely because a self-reported track record is worth nothing — the data has to come from somewhere the trader can't fake. Crypto has no equivalent that is both agent-native and tamper-evident. That is the hole.

Three groups, concretely:

MoltProof is a read-only verifier. It does not trade, advise, or judge whether an agent made money. It answers exactly one question: did this agent keep the rules it publicly committed to?

The flow:

ADHERENT

, BREACHED

, NO_MANDATE

, or NEEDS_REVIEW

— and on a breach it cites the exact transaction that violated the rule.The verdict is signed (Ed25519, resolvable via did:web:moltrust.ch#moltproof-key-1

) for portability, but the signature is not what you trust. Every verdict is recomputable from public chain data plus the public mandate. If MoltProof were wrong, anyone could prove it by rerunning the check. You don't have to trust the verifier, and you don't have to trust the agent.

MoltProof reads. It never asks for a private key, an API key, or a wallet connection. It holds no funds, signs nothing on your behalf, and has no path to place or block an order. There is nothing to steal because it never has access to anything — it sits entirely downstream of execution. A compromised MoltProof endpoint still cannot touch your money; the worst it can do is return a wrong verdict, which is publicly falsifiable.

This is the demonstrator running on Base mainnet right now, not a mock.

An agent commits a mandate with one constraint: it may only buy WETH. Then it trades:

MoltProof reads all four transactions from the chain and returns:

verdict: BREACHED
evaluated: 4  ·  adherent: 3  ·  breached: 1
breach: 0xf6311aaeddde3a09ebd6967ad93547db64dfc76da935dcb706c56de31bb6ca68
        (output-token check failed: bought a non-WETH token)

Agent address: 0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2

(Base). The mandate, the four transactions, and the verdict are all public. Run the check yourself — no key, no signup:

curl https://api.moltrust.ch/proof/verdict-free/0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2

The point of the example is not that the agent failed. The point is that the failure is provable by anyone, from public data, without trusting a word MoltProof or the agent says. The chain showed what the agent did; the committed mandate showed what it was allowed to do; MoltProof is the part in the middle that holds one against the other.

Free endpoints: verdict, mandate lookup, and /verify

are free; deeper and full-history endpoints are $0.05 (x402 on Base). MCP tools (moltproof_verdict

, _mandate

, _evidence

, _verify

, _registry

) are live at https://api.moltrust.ch/mcp

.

curl https://api.moltrust.ch/proof/verdict-free/0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2

https://api.moltrust.ch/mcp

— tools moltproof_verdict

, _mandate

, _evidence

, _verify

, _registry

POST https://api.moltrust.ch/proof/verify

(recompute + check the Ed25519 signature against did:web:moltrust.ch#moltproof-key-1

)

── more in #ai-agents 4 stories · sorted by recency
── more on @moltproof 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/trust-me-i-m-an-auto…] indexed:0 read:3min 2026-07-09 ·