Immunity

The Immunity Protocol provides an SDK that allows anyone building an agent to execute a check on a resulting transaction the AI produced to guards against many form of attacks.

Immunity mimics how real anti-virus works in a sense that there are traditionally 3 tiers level of detection. The first tier is the hot cache provided though Gensyn AXL gossip, the second tier is on-chain registry on 0G and lastly TEE LLM evaluation though 0G Compute.

To put in context, how agents are normally made is there is a phase of context gathering to be able to take a decision. For a trading bot, it can consult X for example or any website. Then, from this gathering it will reason and the result of this will be a transaction. The idea is to protect this transaction from any injection, manipulation or hallucination it could have caught. A typical injection scenario would be to insert nefarious commands on a website the agent would consume. On top of all the semantic attacks (injection based), we protect against many other attack types (address, call pattern, bytecode and graph).

Essentially, the SDK decodes the TX and does a series of evaluation on its recipients, calldata, which contract it tries to call, etc. and will run against the registry of antibodies. If no match if found, it will do a deep semantic analysis from the context tools, conversations, resulting TX, etc. to have a real overview of the possible danger of a transaction. This analysis is done with 0G compute LLM in TEE. The SDK encrypts a bundle containing the necessary information (nothing is forced to disclose ... but the better the context the better the analysis is). This bundle is uploaded to 0G Storage and is then consumed by the TEE to do the LLM evaluation with Qwen. It will return a public antibody if the decision is considered something dangerous.

Then, this antibody is propagated with Gensyn AXL to every agents in the network under a second and effectively protecting everyone in their hot cache. The antibody is written on-chain for a permanent record. This idea is next time this attack is encountered, everyone is protected.

There is tokenomics involved to make sure people do not publish false antibodies and get rewarded. When an agent blocks an attack because of someone else's antibody, it will get 80% of the fees as a reward. Each check cost a small 0,002$ USDC. That way a good antibody protecting others can yield nice revenues. If an antibody is considered false or bad, it can be challenged by the network (tho this is a v2 feature not yet implemented but the smart contract is ready for it).

Agent needs to stake 1$ USDC when they publish an antibody for 72h. If no one challenges, then the agent gets its stake back. If someone challenges and wins, the winner will get the stake and the other agent will see his trust lower (trust mecanism for v2 also).

Another highly important aspect is I have mirror contracts for the antibody registry, so we can easily port it on any chain. The source of truth stays on 0G and it always be where the SDK is evaluating from (because of the benefits of the chain for cost and speed for AI), but doing mirror grants us the possibility to do hooks for example for Uniswap V4 pools. So agents publishing antibodies can effectively protects swap pools using Immunity's hook! So any users can benefits from the network even those who are not in the network. Also mirrors can enable anyone to build things on top of the protocol on any chain we mirror. For now, only Sepolia, but the contract is Solidity and could be deployed anywhere EVM compatible.

So, essentially, Immunity is trying to create a first collective immune system on-chain for AI Agents similar to vaccination campaigns. I am combining the speed of propagation of AXL with 0G persistence on-chain in a unique way to accomplish this goal.

I have also created a demo fleet of 45 agents doing real agentic processus using the SDK. The dashboard shows the live activity of this fleet (activated by the admin in the playground). How it works, is to mimic real serious activity on-chain of transfer, swapping, contract calls, etc. These agents from time to time will consume nefarious infected sources and will block attempts EACH TIME. And i keep track of the total value the network protected. So the value you see on the website is "real" in the sense that it really protected this amount of value transfer that otherwise would have been drained by many different types of attacks. You can consult the demo repositories for more details on the setup.

Also, this fleet has 3 "wolf" type agents that are bad actor. They act nice most of the time, but randomly they will pick a victim to do social engeniering, manipulation and other attacks through various channels including AXL dms. There is also some "publisher" agents that their goal are not to trade but monitor any external sources to detect bad addresses and other novel attacks and mint antibodies for everybody., This type of agent wants the rewards ... so they publish as much antibody as they can to protect the fleet. A clear example of this would be to monitor a trustful X account and when they publish "this contract is draining funds", the publisher agent will mint an antibody to protect the fleet (and the Uniswap protected pools) in under seconds.

So my swarm of agents showcase real world usage of it. We have normal traders using the SDK and making the network more and more resilient as they are attacked or encountered injection in the wild. We have publisher who are actively scouting sources to publish new antibodies and we have wolf that tries to steal others. All of this in realtime and reflected in the dashboard. Each dollar saved counted.

This is a project I will want to pursue after this hackathon as I believe in this kind of true decentralized solution, chain agnostic, to protect agents trading at a very very low operating cost thanks to 0G and also low cost for the user.

Kevin Jones from 1Claw was kind enough to take the time for a call before my submission to give me his feedbacks on the project. I wanted to validated the market need for such security protocol in the ecosystem. His feedbacks were highly positive and we even discussed ways this could benefits the 1Claw ecosystem going forward. I also sent the projects prior to my submission to many professors and professionals which also gave me overwhelming positive feedback and again confirmed the need for something like this. everybody who was interested gave a Star to the SDK repositories. So this part is not technical, but I just wanted to precise that I validated the market need with my project before submission.

DISCLAMER: I was not able to include all my repos in the submission because of the 5 max limitation. Please consult them all at github.com/immunity-protocol.

Demo Password:

There is a lot of technologies and repositories involved in this project. First the repository architecture of the organisation is divided into : sdk, app, docs, contracts-0g, contracts-mirror, axl-hub and demo.

The SDK is in typescript and contains all the protocol logic that the SDK must comply too. It handles the contract calls to 0G, the storage and LLM evaluation. Its made with the minimal dependecy possible and with a focus on DX for final user. Ultimately the initiation of the Immunity object is very simple and the usage too with only calling check() with the tx and context (context which the user decides what he wanna include in it even though it is fully encrypted). When an antibody is minted, it propagates with Gensyn AXL also done by the SDK, then it will store on 0G Storage the public file which is used to fill up the antibody details (on-chain are only signatures and CID of this file). This json file contains zero private data, no context tools, no discussions, etc. Just the reasoning text, and other metrics (ex. https://immunity-protocol.com/antibody/IMM-2026-0035, the data filled in here was done from the JSON file). Finally, everything is anchored on-chain with 0G. Then, I have a relayer server that will mirror this to the Sepolia registry (and any other I would configure). Thats it, the network is then protected.

The APP is in PHP in my own Zephyrus Framework (https://github.com/ophelios-studio/zephyrus-core). I have been maintaining for 10 years this framework and I plan to do an iteration of it to be the first PHP Framework fully made for Web3 hopefully soon. This is where the landing page and all the features run (https://immunity-protocol.com). This is the repo that also contains the Indexer, the Relayer and the API. I combined them because they share parts of the codebase and its easier for submission too. The Indexer role is to watch events emission on 0G and fill the postgres database we have. Just for displaying in the site without fetching the chain non-stop. Allows for easier sorting, search, etc. The Relayer is watching to mirror antibodies, the API is there for external feed calls and also internal calls. There is no dependency with the app and the SDK. the SDK is pure and write on chain, while the app is indexing whats going on.

The DOCS contains simply the documentation of the SDK and the whole concepts beyond what is stated on the landing page. Accessible from docs.immunity-protocol.com. This is built with Zephyrus Leaf (https://leaf.ophelios.com), another product I created on top of Zephyrus Framework that allows for the creation of static website extremely fast and nicely. Fully open-source, feel free to check it out! No PHP dependency required. Out of the box it does fantastic documentation looking site and the beauty is you are not "locked" into this perspective, you can add a static landing too of your creation. Easy to configure and work with.

The CONTRACTS-0G repo contains the Registry smart contract which is the core of the project. Made in Solidity, its easy to port everywhere. The mirror scripts which lives in CONTRACTS-MIRROR is a tone down version of the same Solidity contract. It just like removes any functions and keeps only data and view calls. So the source of truth is always on 0G. I also did a MockUSDC for my needs because you need to pay a USDC fees to use the check function and since there is no mock USDC on 0G right now, I did one ... easier to mint too :P

The CONTRACTS-MIRROR repo contains also everything necessary for the Uniswap pool hook to work since its connected to its mirror contract on Sepolia. Built with Forgery.

The AXL-HUB repo is a production-ready AXL node container. Persistent ed25519 identity, configurable peers and listeners, deploys easily anywhere Docker runs. I deployed this on flyio so my fleet can connect to it. I did two Hub (CAN and USA). So I have 2 AXL hubs running on Fly for the demo.

The DEMO repo is the whole fleet of agent configuration. The different roles programming (trader, publisher and wolf). They are all acting in realtime when I activate them from the playground page. So the traders will behave doing swaps, transfers, things like that. They often consume social media sources or other "sources" to decide what to do as a transaction, like how normal agents are done which mimic how real attacks are done, often by external information consumed by agents without knowing. Then of course, once in a while (i pumped the chance it happens for the demo), they will produce a nefarious transaction that will be blocked by Immunity using the SDK. So all the trader agents uses the SDK as intended. Each transaction pass though the check function which evaluates the hot caching with AXL for detection pattern, then lookup on chain (0G). If nothing hits, they will call the LLM on 0G Compute to do a deep analysis. If the analysis returns a malicious intent, the agent will publish, through the SDK always, the antibody to everyone on AXL and mint onchain evidence. The application UI will reflect all of this activity within seconds thanks to the indexer.

We also have in the DEMO the "publisher" type which are not trader, but a special kind of agents that would be I think popular in this kind of network. Since there is money to be made for finding good antibodies, those agents scans social media accounts of trusted people doing good signals, watches good source website, etc. When they scan something meaningful, they publish an antibody. Because publication do not NEED to pass through the check, you can just publish one. If its bad, the network will slash you anyway by challenging and hurting the reputation (again this is v2 feature, but considered in the design nonetheless). So yeah those agents scan external sources and when they find something good they publish it in hopes to get rewards. No trading for them.

Finally, we have the "wolf" type in the DEMO. Those agents are here to steal others (at least TRY). They will use real manipulation tactics through various means. One of them is DM through AXL, another is to post fake social signal that traders could ingest (and thus being infected). There is behind the demo a "fake" social media and fake external sources that wolves will write to and that traders will consume to really have a realistic approach.

Also maybe worth nothing that I made standardized SKILL for 0G stack (chain, compute and storage) with many "gotchas" that took me a while to figure out. Essentially, my SKILLS are always based on empirical experiences, not just the doc. Normally it gives me all the doc gaps for each projects and helps me a lot. I published it on Discord along with a SKILL for Gensyn AXL. I did not find any offical ones for them so I did those (https://discord.com/channels/554623348622098432/1479217315483750501/1498714037318320218).

Also i did a library on top of Gensyn AXL for pub/sub gossip which was necessary for my project because the node "subscribes" to antibodies to receive them. Since it was not natively in AXL I decided to extract that part of my project into its full blown repository and I posted about it in Discord too to make it available to others (https://discord.com/channels/554623348622098432/1479217315483750501/1498719339719692309).

Skills : https://github.com/ophelios-studio/skills Repo : https://github.com/ophelios-studio/axl-pubsub