AI safety research lab
The verification layer for AI agents
AI agents are beginning to act on people’s behalf. We make every one of those actions verifiable.
Customer
“There’s an $81.40 charge from Amazon I never made, I want it refunded.”
Intent
zeroproof-ecommerce-1b
Proof
VerifiedSigned by the agent and the tool server.
sha256:7f3a…1b2
Language models are already capable of transacting on a person’s behalf, and financial errors are where tolerance for AI mistakes ends: no platform lets a model move money on its own account.
The barrier is not capability but verification.
Delegation becomes safe when three questions can be answered about any agent action:
Our research answers the first two before execution, by reading intent from the conversation, and the third after it, with a cryptographic proof. The result is a verification layer in which every answer is a signed, independently checkable claim.
We train small models that recover a customer’s true intent from conversation, before an agent acts on it.

We build the cryptographic record of what an AI system did and produced. Each action carries a zkTLS proof signed by both the agent and the tool server.

Two models fine-tuned for e-commerce payment intent: rank-16 QLoRA adapters over gemma-3-1b-it and qwen2.5-0.5b-instruct, served from a single L4 behind an OpenAI-compatible vLLM endpoint. Weights, training data, and the evaluation set are on Hugging Face.
Accuracy vs cost to serve
Near-frontier accuracy at about 1/100th the cost.
Macro intent-type accuracy (%), identical balanced held-out rows for all models. Frontier cost at published list prices; ZeroProof cost from measured throughput on a single L4.
The same data trains zeroproof-ecommerce-0.5b to within five points at half the size.