Today's briefing explores the emerging infrastructure for agentic AI. As autonomous agents move from theory to production, the focus is shifting to building verifiable, secure, and compliant systems, a stark contrast to consumer-grade AI platforms.
A new research paper published Thursday formalizes a four-layer architecture for Agentic AI (AgAI)—spanning data, models, agents, and infrastructure—to systematically identify vulnerabilities and attack surfaces. It maps eleven primary attack classes to these layers and proposes a 'Concern-Approach Matrix' for creating targeted countermeasures across security, AI/ML risk, privacy, and organizational dimensions.
Why it matters
This paper provides a much-needed formal structure for thinking about agent security, moving beyond ad-hoc threat modeling. For anyone building agentic infrastructure, this framework is a foundational resource for designing systems that are secure, reliable, and trustworthy by default. It provides a taxonomy for mapping risks and ensuring countermeasures are applied at the right layer of the stack, directly informing the architecture of privacy-preserving compute environments.
Underscoring the growing gap between agent deployment and governance, three major security organizations—OWASP, SANS Institute, and EC-Council—simultaneously released new AI security maturity frameworks in early June. Each framework offers a different lens (architect-centric, program-level, and operational) for assessing and improving an organization's AI security posture.
Why it matters
The convergence of these three independent bodies on the same problem at the same time is a clear signal of an industry-wide scramble to address the security and compliance debt being accrued by rapid AI adoption. These frameworks provide the vocabulary and metrics for the exact problems your infrastructure aims to solve, offering a valuable tool for communicating the need for policy-gated, auditable agentic systems.
A dev.to post on Thursday detailed Flowork, a new microkernel architecture for AI agents built with a 'frozen core' in Go 1.25. The system acts as a contract broker for pluggable WebAssembly (WASM) modules, sandboxing each agent with capability-based security. Agents run in isolation and manage their own state using an embedded SQLite database.
Why it matters
This is a compelling architectural pattern for building secure and compliant agentic systems. Using a minimal, formally-defined core with sandboxed WASM modules for agent logic is a classic security design that's highly applicable to masked compute infrastructure. It provides strong isolation and enforces capability-based security, mitigating risks from misbehaving agents and providing a clear audit boundary—precisely the kind of robust foundation needed for an agentic economy.
A team including former Signal developers and cryptographers from Harvard and Microsoft Research released a preview on Thursday of 'Encrypted Spaces,' an open-source library for building end-to-end encrypted collaborative applications. The architecture uses zero-knowledge proofs to allow a centralized server to manipulate and verify encrypted data for multiple users without ever seeing the plaintext content.
Why it matters
This is a significant architectural proof-of-concept for practical, privacy-preserving compute. By using ZKPs to enable server-side logic on encrypted data, it moves beyond simple E2EE messaging into complex, stateful applications. This directly parallels the challenge of masked compute for agentic workflows: enabling computation and coordination on private data without compromising confidentiality. The patterns here could be highly relevant for your infrastructure design.
Helius, a major Solana infrastructure provider, announced on Thursday its acquisition of Light Protocol, the team behind Solana's ZK syscalls and ZK Compression. The goal is to build a fully programmable, on-chain privacy layer for the Solana network, enabling features like encrypted balances, private payments, and confidential markets using zero-knowledge proofs.
Why it matters
This acquisition is a strong signal that major L1 ecosystems are treating programmable privacy as a core infrastructure primitive, not a niche feature. By integrating Light Protocol's ZK expertise, Helius is positioning Solana to support auditable, selectively-disclosed confidential transactions at scale. This aligns directly with the architectural needs of a compliant agentic economy, where privacy and verifiability must coexist.
In a significant architectural proposal on Friday, Vitalik Buterin outlined major changes to Ethereum's execution layer. The proposals include replacing the current hexary keccak Merkle tree with a binary structure (EIP-7864) and laying the groundwork to eventually replace the EVM with RISC-V. The goal is to dramatically improve ZK proving efficiency and simplify the protocol.
Why it matters
This is a direct attack on the core bottlenecks for ZK systems on Ethereum. With ZK proving costs for the state tree being a major hurdle, redesigning the tree structure and aligning the VM with ZK-friendly instruction sets like RISC-V is a fundamental shift. If adopted, this would make verifiable computation on Ethereum vastly more efficient, a foundational upgrade that would directly benefit any privacy-tech infrastructure built on top of it.
On Thursday, ENISA, the EU's cybersecurity agency, published a draft of its Version 3 'Agreed Cryptographic Mechanisms' document. This version, which guides EU certifications, introduces 'Admissible' tags for algorithms with future deprecation dates (e.g., A[2033]) and explicitly adds standards for hybrid PQ/T cryptography. Notably, it shows divergence from NIST/CNSA 2.0 on phase-out timelines for some legacy algorithms.
Why it matters
This is a significant development for protocol designers choosing primitives for systems that must operate in the EU. The ENISA standards create a distinct European compliance track for cryptography. The divergence from NIST's timelines reinforces the absolute necessity of crypto-agility; your infrastructure must be able to adapt not just to new algorithms but to regionally-specific regulatory schedules.
A paper posted to the Ethereum Research forum on Thursday proposes a 'governance reconstruction' framework. The goal is to deterministically derive conclusions about a protocol's governance by transforming raw, publicly observable on-chain data into verifiable behavioral insights, rather than relying on subjective interpretation.
Why it matters
This tackles a fundamental problem in decentralized governance: turning transparent data into verifiable truth. By framing governance analysis as a 'verification primitive' instead of an 'interpretive exercise,' this approach could create a rigorous, evidence-based method to audit DAO behavior. For any system relying on decentralized governance, this is a key step towards building real accountability and preventing issues like covert centralization.
An analysis published Thursday highlights that enterprises in Germany, Austria, and Switzerland (DACH) are evaluating AI platforms not just on features but on their ability to meet stringent GDPR and upcoming EU AI Act requirements. Key criteria include data processing jurisdiction, enterprise integration, and regulatory durability, with the piece noting that basic 'GDPR-compliant' claims are insufficient as jurisdictional sovereignty becomes a key differentiator.
Why it matters
This provides a critical lens for your work, confirming that for serious enterprise customers, true compliance and sovereignty are paramount. The analysis reinforces the idea that masked compute infrastructure must solve for jurisdictional risk and offer robust integration, not just data residency. It's a clear signal that the market you're targeting understands the architectural depth required to navigate the EU AI Act for agentic applications.
As we've tracked closely across the final countdown to the EU AI Act, the August 2, 2026 enforcement deadline for high-risk AI systems is now just seven weeks away. A new analysis reiterates that developers face substantial fines unless they have completed conformity assessments, established technical documentation, and enabled human oversight, while Article 50 transparency rules go live on the same day.
Why it matters
With previous Cisco research indicating 89% of European enterprises remain unprepared, this deadline separates theoretical compliance from shipping products. The strict mandate for comprehensive technical documentation and auditable human oversight directly creates demand for verifiable, policy-gated infrastructure to meet these obligations at scale.
At the World Economic Forum on Thursday, Singapore launched a new governance framework that classifies agentic AI as a distinct technology category requiring its own rules. The framework moves beyond generic AI regulation to address the unique challenges of self-managing systems, emphasizing bounded autonomy, embedded ethics, continuous evaluation, and zero-trust controls.
Why it matters
Singapore's move is significant as it's one of the first explicit recognitions by a regulator that autonomous agents are not just more powerful generative AI, but a different class of technology altogether. This approach could influence international standards, setting a benchmark for how governments handle autonomous systems and creating another distinct regulatory environment alongside the US and EU that your infrastructure will need to navigate.
Coinbase launched 'Coinbase for Agents' on Thursday, a platform that allows AI bots to have their own dedicated accounts and sub-accounts for trading, managing, and spending crypto on a user's behalf. The system uses natural language instructions and integrates the x402 open standard for machine-to-machine micropayments.
Why it matters
This is a major piece of infrastructure for the agentic economy, moving autonomous financial agents from a theoretical concept to a productized service from a major regulated entity. By creating dedicated, permissioned accounts for bots, Coinbase is establishing a crucial primitive for 'agentic commerce'. This directly addresses the practical friction of how agents can securely hold and transact value, validating the market for agent-specific financial tooling.
Agentic AI Demands New Infrastructure A clear theme emerges that the shift to autonomous agents requires a fundamental rebuild of AI infrastructure. This includes CircleCI's new CI/CD platform for agents, Microsoft's 'Agent Harness' for production components, and Anthropic's upgrades for scheduled, secure agent workflows.
Compliance Defines Enterprise AI Multiple analyses (c_4, c_99) argue that consumer AI like Apple's is structurally unfit for enterprise use under the EU AI Act and DORA. The focus is shifting to 'sovereign AI' with auditable, open-weight architectures, a market you're building for.
The Rise of Compliant On-Chain Privacy Projects like Starknet's STRK20s, Helius's acquisition of Light Protocol for Solana, and the proposed pERC-20 standard all point towards a new generation of privacy tools built with selective disclosure and auditability in mind, attempting to bridge the gap with regulators.
Agent Wallets Expose New Attack Surfaces The first agent-driven wallet attacks are being reported (c_89), where prompt injection on an AI agent led to unauthorized crypto transfers. This validates the need for new wallet architectures like Coinbase for Agents (c_70, c_71), which treat agents as a new class of user requiring granular permissions and controls.
PQC Standardization Diversifies NIST continues to expand the post-quantum toolkit, advancing nine new signature algorithms to Round 3 to provide cryptographic diversity alongside ML-DSA. In parallel, ENISA's new draft crypto standards in the EU show potential divergence from NIST timelines, reinforcing the need for crypto-agility in protocol design.
What to Expect
2026-06-18—Pi Network's mandatory Protocol 25 upgrade deadline for all mainnet nodes.
2026-08-02—EU AI Act's Article 50 transparency obligations become effective. High-risk system compliance deadline also hits.
— The Masked Compute Desk
🎙 Listen as a podcast
Subscribe in your favorite podcast app to get each new briefing delivered automatically as audio.
Apple Podcasts
Library tab → ••• menu → Follow a Show by URL → paste