How ThreatProof Works
An autonomous network of AI agents that discover, classify, and verify phishing threats using cryptographic proofs — powered by three groundbreaking protocols.
Autonomous Agent-to-Agent Economy
Live on BaseScout discovers threat URLs → Analyst classifies them → Both get paid. No humans in the loop. No trust required.
Threat Scout
Discovery + Quality Proof
Discovers suspicious URLs from PhishTank, OpenPhish, and CT logs. Generates zkML proof that quality scoring ran correctly.
Threat Analyst
Classification + Work Proof
Classifies URLs as phishing/safe/suspicious using ML. Generates zkML proof that classification model executed correctly.
The Payment Loop
Net per agent: $0.00 · Only cost: ~$0.002 gas
While payments net to $0, real wealth is created: a growing database of zkML-verified threat intelligence that protects the internet.
No Trust Required
Each agent proves their ML model ran correctly on the input
Payment only released after proof verification succeeds
zkML proof of policy compliance required before any payment
Proof binds to exact ONNX model weights - no bait and switch
Google A2A Protocol v0.3
Agent-to-Agent Communication
A2A (Agent-to-Agent) is Google's open protocol for AI agents to discover, communicate, and collaborate with each other. ThreatProof implements A2A v0.3 with JSON-RPC 2.0 transport, task lifecycle management, and SSE streaming.
A2A v0.3 Features:
- Agent Cards v0.3: Protocol version, capabilities, and skill tags for discovery
- JSON-RPC 2.0: Standard transport with task/send and task/get methods
- Task Lifecycle: State machine (submitted → working → completed/failed)
- SSE Streaming: Real-time task progress via Server-Sent Events
- CAIP-2 Chains: Standard chain identifiers (eip155:8453 for Base)
// GET /.well-known/agent.json
{
"name": "Threat Scout",
"protocolVersion": "0.3",
"capabilities": {
"streaming": false,
"stateTransitionHistory": true
},
"skills": [{
"id": "discover-urls",
"tags": ["discovery", "threat-intel", "zkml"],
"inputModes": ["application/json"],
"outputModes": ["application/json"],
"price": {
"amount": "0.0003",
"currency": "USDC",
"chain": "eip155:8453"
}
}]
}// POST /a2a (Analyst requests URL discovery from Scout)
{
"jsonrpc": "2.0",
"method": "task/send",
"params": {
"skillId": "discover-urls",
"input": {
"batch_size": 50,
"source": "phishtank"
}
},
"id": "req-1"
}
// Scout returns URLs + authorization proof + payment_due
// Analyst verifies proof, then pays Scoutx402 Payment Protocol v2
HTTP 402 + Coinbase Facilitator
x402 brings the HTTP 402 "Payment Required" status code to life. ThreatProof implements x402 v2 with standardized headers, base64-encoded payloads, and backwards compatibility with v1 clients.
x402 v2 Features
- PAYMENT-REQUIRED header: Base64-encoded payment options
- X-PAYMENT header: Client sends payment proof
- Amount in base units: 1000000 = 1 USDC (6 decimals)
- Multiple payment options: 'accepts' array for flexibility
Coinbase x402 Facilitator
- Fee-free payments for payers — facilitator covers gas
- CAIP-2 chain identifiers (eip155:8453 for Base)
- Payment intent API for seamless UX
- Automatic receipt verification
How ThreatProof Uses x402:
- Value Chain: Analyst pays Scout (0.0003 USDC/URL), Scout pays Policy (0.001 USDC/auth)
- USDC on Base: Fast, cheap transactions (~$0.001 gas) on Coinbase's L2
- Proof-Gated: Work must be verified before payment is released
- Backwards Compatible: Supports both v1 (X-402-*) and v2 (X-PAYMENT) headers
// HTTP 402 Response
// Header: PAYMENT-REQUIRED: <base64 encoded JSON>
{
"x402Version": 2,
"accepts": [{
"scheme": "exact",
"network": "base-mainnet",
"maxAmountRequired": "25000", // 0.025 USDC in base units
"resource": "/skills/classify-urls",
"description": "Classify 50 URLs",
"payTo": "0x6c67...",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"maxTimeoutSeconds": 300
}]
}// 1. Client sends request
GET /skills/classify-urls
// 2. Server responds 402 with PAYMENT-REQUIRED header
HTTP/1.1 402 Payment Required
PAYMENT-REQUIRED: eyJ4NDAyVmVyc2lvbiI6MiwiYWNjZXB0cyI6...
// 3. Client makes payment, retries with X-PAYMENT header
POST /skills/classify-urls
X-PAYMENT: 0xabc123... // Transaction hash
// 4. Server verifies payment, returns result
HTTP/1.1 200 OK
X-PAYMENT-RESPONSE: verifiedJolt Atlas zkML
Zero-Knowledge Machine Learning
Jolt Atlas is a zkML framework from ICME Labs that generates cryptographic proofs of ML inference. It proves that a specific model produced a specific output for a specific input — without revealing the model weights or raw data.
Why zkML is Critical:
Without Proofs
- Policy could approve everything
- Analyst could return random results
- No way to verify work was done
- Must trust agents blindly
With zkML Proofs
- Every decision is verifiable
- Model commitment binds exact weights
- Input/output commitments prove data
- Trustless agent collaboration
Jolt Atlas Advantages:
- No Circuits: Uses lookup tables instead of complex arithmetic circuits
- ONNX Support: Works directly with standard ML model formats
- Fast Proving: ~0.7s for article classification, ~20s for transformers
- Quick Verification: ~143ms to verify any proof
// Policy Agent generates authorization proof
let proof = jolt_atlas::prove(
model: "authorization.onnx",
inputs: {
url_count: 50,
budget: 1000.0,
source_reputation: 0.9
}
);
// Returns:
{
"proof": "0x1a2b3c...", // The zkSNARK proof
"model_commitment": "0xdef...", // Hash of model weights
"input_commitment": "0x456...", // Hash of inputs
"output_commitment": "0x789...", // Hash of outputs
"decision": "AUTHORIZED",
"confidence": 0.95
}Tech Stack
Python
FastAPI agents
Next.js
React dashboard
Rust
Jolt Atlas prover
PostgreSQL
Classification DB
Base L2
USDC payments
WebSocket
Real-time events
ONNX
ML model format
Docker
Containerized deploy