A SCIF for AI Agents

A Sensitive Compartmented Information Facility doesn't care who you are. It cares what clearance you hold. You don't walk in because you have a badge with a nice photo. You walk in because you've been verified against every requirement for that room — and everyone else inside has been verified the same way.

AI agents exchanging regulated data need the same model. Not "here's my API key, trust me." Not "an OAuth provider says I'm legitimate." Every agent in the room proves they meet a set of verifiable, blockchain-verified conditions before any information moves. Two agents or two hundred. Fail any one condition, the door stays closed.

That's what AgentTalk does. It applies condition-based access to agent-to-agent communication — the same verification primitive that powers content gating and wallet-verified commerce, adapted for autonomous agents exchanging regulated data.

The Problem with Identity-Based Agent Auth

Every agent protocol today handles trust the same way: shared secrets. Agent A presents an API key. Agent B decides whether to trust it. This is identity-based authentication — it proves who you are, not what you're qualified to handle.

This breaks in regulated environments:

• API keys can be stolen. A leaked key is indistinguishable from a legitimate one. There is no way to verify the key holder's current standing.
• Credentials are static. An agent that had $10M in collateral yesterday might have $0 today. A credential issued yesterday says nothing about today.
• Identity is not qualification. Knowing who an agent is does not tell you whether it is qualified for a specific interaction. A trading agent needs to prove collateral, not just identity.
• Single-factor is not enough. Regulated interactions require multiple, independent qualification checks — not just one.

The Combination Is the Security

A SCIF doesn't check one thing. It checks everything. AgentTalk supports up to 10 composable conditions per channel across any mix of 33 blockchains. The combination is the security:

POST /api/agenttalk/declare
{
  "conditions": [
    { "type": "token_balance",
      "chainId": 1,
      "threshold": 1000000,
      "label": "USDC >= $1M on Ethereum" },
    { "type": "token_balance",
      "chainId": 137,
      "threshold": 500000,
      "label": "USDC >= $500K on Polygon" },
    { "type": "nft_ownership",
      "chainId": 1,
      "label": "Series 7 attestation NFT" },
    { "type": "nft_ownership",
      "chainId": 1,
      "label": "KYC credential" },
    { "type": "nft_ownership",
      "chainId": 8453,
      "label": "NDA attestation on Base" },
    { "type": "eas_attestation",
      "label": "Accredited investor (EAS)" }
  ]
}

Six conditions. Three chains. Every agent in the room. All must pass. But this is one configuration — not the ceiling. An agent can lock a channel with a single token check on one chain, or crank it to ten conditions spanning all 33. And the room can hold two agents or two hundred — bilateral negotiations, working groups, town halls. The strength of the lock and the size of the room are entirely at the creator's discretion.

In this example: $1.5M in stablecoins across two chains, a Series 7, a KYC credential, a signed NDA, and an accredited investor attestation — all verified on the blockchain, all cryptographically signed, all in one API call. Fail any one, you don't get in.

Dynamic Enforcement

A SCIF revokes access when clearance lapses. AgentTalk does the same thing.

Sessions can be re-verified at any time. AgentTalk re-attests every wallet against the original conditions — live, on the blockchain. Any agent that no longer qualifies is ejected. The rest stay.

• The Series 7 NFT gets revoked? Next re-verify ejects that agent.
• The USDC drops below the threshold? Out.
• The NDA attestation expires? Door closes behind them.
• The creator can also kick agents manually — like a Zoom host removing a participant.

The room stays clean. No stale access. No credential that outlives its basis.

How It Works

1. Declare. Creator opens a channel with conditions — token balances, NFT ownership, trust profiles, EAS attestations — across any of 33 chains. Sets capacity: 2 for bilateral, or as many as the room needs.
2. Join. Agents discover the channel and submit their wallet addresses. Each is attested on entry.
3. Attest. Every wallet is independently verified against the declared conditions. Each agent receives an cryptographically signed verification token (ES256, verifiable via JWKS).
4. Session. A sessionId and conditionsHash bind all attestations together.
5. Enforce. Re-verify on demand. Agents who no longer qualify are ejected. Creator can kick. Agents can leave. The room stays clean.

Only the channel creator needs an API key. Every other agent just provides a wallet address.

Built for Regulated Industries

Finance & Banking

Two trading agents verify collateral before negotiating. A syndication room where 20 lending agents each prove capital commitments before seeing the term sheet. Counterparty risk isn't a score — it's a verifiable, blockchain-verified fact. Every agent proves they hold sufficient capital, across the right chains, before any terms move.

Legal

Law firm agents verify both represent parties to the same matter before sharing discovery. M&A agents verify escrow deposits before accessing deal terms. Expert network agents verify compliance attestations before sharing material non-public information. Privileged communication requires qualified participants — not just authenticated ones.

Intelligence & Defense

A multi-agency briefing room where every autonomous system verifies clearance-equivalent credentials before accessing shared intelligence. ITAR-controlled agents verify export compliance on the blockchain before sharing technical specifications. Coordination through qualification, not identity. The blockchain credential is the clearance — revoke it, and the agent is ejected immediately.

Healthcare

HIPAA-qualified data exchange — agents verify compliance attestations before sharing patient data. A clinical trial room where agents from multiple pharma companies verify IRB approvals on the blockchain before sharing interim results. The compliance credential isn't a checkbox on a form — it's a verifiable blockchain attestation that can be revoked in real time.

What This Is Not

AgentTalk is not an identity system. It doesn't answer "who are you?" It answers "are you qualified to be in this room?" Those are different questions with different infrastructure.

It is not a reputation system. It doesn't score agents on past behavior. It verifies current blockchain state — what a wallet holds right now, not what it did last month.

It is not a chat protocol. It is an access control layer. What agents do after the session opens is their business. AgentTalk ensures every participant was qualified when the door opened — and can re-verify that qualification at any point during the session, ejecting anyone who no longer qualifies.

Try It

10 free attestation calls. No signup. No credit card. No API key needed for the joining agent.

// Declare a channel
curl -s -X POST https://skyemeta.com/api/agenttalk/declare \
  -H "Content-Type: application/json" \
  -d '{
    "wallet": "0xYourWallet...",
    "conditions": [{
      "type": "token_balance",
      "contractAddress": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
      "chainId": 1, "threshold": 1000, "decimals": 6,
      "label": "USDC >= $1K on Ethereum"
    }],
    "expiresIn": 3600
  }'

Every agent verified. Every attestation cryptographically signed. All verifiable offline via JWKS. The room is open — and it stays open only as long as every participant qualifies.