Treza LabsT R E Z A
Hero background
The runtime for autonomous AI agents

AI agents you can
hand the keys to.

Treza is the runtime for autonomous agents that handle money, data, and real-world decisions. Hardware-isolated execution, a tamper-evident log of every action, and key custody your agent can use but never leak.

Book a demo->Read the docs
What your agent gets out of the box
Sealed key custodyTamper-evident logsHardware isolation
Any modelAny toolAny chain
  • 0 keys
    Ever leave the enclave
    Your agent signs, the secret never does
  • 100%
    Of agent actions are logged
    Tamper-evident, byte-level, replayable
  • Any model
    OpenAI, Anthropic, open-weight
    Call inside or outside the enclave
  • ~2 min
    From container to running agent
    Bring a Docker image, get a runtime
What are you building?

Built for agents that do real work

Pick the agent pattern closest to yours. Each one ships with the primitives, integrations, and reference code you’d expect.

Data & Healthcare Agents

Agents that read PHI, PII, or proprietary datasets and call models on them without exposing the underlying data.

  • AI over PII / PHI
  • HIPAA-ready patterns
  • Model never sees raw data
See the pattern->

Identity & KYC Agents

Agents that verify users, screen for AML risk, and gate access without storing the identity data they checked.

  • ZK-KYC primitives
  • Pass-through verification
  • Auditable approvals
See the pattern->

Treasury & Payment Agents

Agents that move money, manage stablecoin treasuries, or settle invoices on behalf of a finance team.

  • Sealed signing keys
  • Spend policies in-enclave
  • Per-action attestation
See the pattern->

Wallet & Custody Agents

Agents that approve, sign, and settle on-chain. Their keys live in the enclave; their decisions live in an auditable log.

  • Sealed signing keys
  • Approval policies in-enclave
  • Replayable on-chain actions
See the pattern->
How it works

From idea to trustworthy agent in 3 steps

No enclave expertise. Bring the agent stack you already use. Treza handles the runtime, key custody, and proof.

  1. Step 01

    Define your agent

    Bring any agent stack you already use. Containerise the code, declare the tools, models, and keys it needs. No SDK rewrites.

    $ treza agent init my-treasury-agent
  2. Step 02

    Treza runs it in a sealed enclave

    Your agent boots inside a hardware-isolated runtime. Its keys are generated in-enclave and never extractable. Even your cloud operator can’t peek in.

    $ // Online. Sealed. Attested.
  3. Step 03

    Prove every action it took

    Every tool call, every signature, every model invocation is logged with a cryptographic receipt. Replay any run, audit any decision.

    $ GET /v1/agents/{id}/actions
Watch the explainer

Why autonomous agents need a different runtime

A short animated explainer of why agents that handle money and data can’t live on a regular cloud, and how Treza fixes it. Want a walkthrough of the runtime itself? Book a demo.

Capabilities

Everything your agent needs to be trusted

Six runtime primitives. One platform.
Compose them into agents your CFO, GC, and CISO will all sign off on.

Sealed key custody

Your agent generates and uses its own keys inside the enclave. It can sign anything you authorise, and extract nothing. Ever.

Learn more->

Tamper-evident action log

Every tool call, every model invocation, every signature is recorded with a cryptographic receipt. Replay any run, prove any decision.

Learn more->

Private model calls

Your agent can call OpenAI, Anthropic, or open-weight models on PII or PHI. The provider sees a request shape, never the underlying data.

Learn more->

Policy-bound execution

Declare what your agent is allowed to do (spend limits, allowed counterparties, hours, kill-switches) and have the runtime enforce it in-enclave.

Learn more->

Identity-aware tools

Drop-in ZK-KYC primitives so your agent can verify users, screen for AML risk, and gate access without ever storing the underlying ID.

Learn more->

Any model, any chain, any tool

Bring the LLM, framework, and tools your team already uses. Treza wraps them in a runtime your security review will actually approve.

Learn more->
Built on Treza Platform

The runtime, as a platform

The Agent Runtime is the first product built on Treza Platform. The same primitives are available to teams who want to build their own runtime, or wrap a vertical-specific one.

Drop-in SDK that wraps an agent framework into the Treza runtime
Integrations

Drops into the stack you already run

Ship containers you already build, sign for the chains you already use, and call the models you already trust, without changing how your team works.

Integrates with
AWS
Google Cloud
Microsoft Azure
Docker
Solana
Ethereum
OpenAI
Claude (Anthropic)
Use cases

Agents we’ve
shipped with teams

Real agent patterns running on Treza today, from treasury and trading to identity verification and clinical workflows.

Secure Key Signing Use Cases
Treasury & Payments

Signing agents

Agents that hold their own signing keys, enforce spend policies in-enclave, and emit a cryptographic receipt for every transaction they authorise.

Learn More
Autonomous Execution Use Cases
Trading & MEV

Trading agents

MEV bots and execution agents whose strategy stays hidden from the operator and whose signatures can’t be exfiltrated.

Explore Use Case
HIPAA Compliance Use Cases
Healthcare

Clinical agents

Read PHI, call any model, return decisions. The model never sees the raw record.

Explore
Cryptographic Compliance Use Cases
Compliance

Audit-ready agents

Every agent action is signed by the enclave. Replay any decision, export any trail.

Explore
Secure Media Workflows Use Cases
Data & Media

Data agents

Agents that process customer data, contracts, or media without ever exposing the raw bytes upstream.

Learn More
KYC with Zero-Knowledge Proofs Use Cases
Identity & KYC

KYC & identity agents

Agents that verify users, screen for AML risk, and gate access to your product. Treza ships ZK-KYC primitives so they can prove a check passed without storing the underlying ID.

Explore Use Case
FAQ

Common questions

What teams ask before they ship their first agent on Treza.

  • What is an agent runtime?

    It’s where your agent actually executes. Treza gives your agent a hardware-isolated sandbox with its own keys, its own memory, and a tamper-evident log of every action it takes. Think of it as the gap between “an LLM with tools” and “an agent you can let touch production.”

  • Does Treza replace LangChain, Mastra, or my own framework?

    No. Treza is the runtime underneath. Bring whatever framework, model, or tool stack you already use. Treza wraps it so your agent gets sealed keys, a sandboxed environment, and an auditable trail without you rewriting anything.

  • Can my agent hold and use private keys?

    Yes. Keys are generated inside the enclave, used to sign whatever you authorise (transactions, payloads, attestations), and never leave. Even your cloud operator can’t extract them.

  • How do I prove what my agent did?

    Every tool call, model call, and signature is logged with a cryptographic receipt anchored in the enclave attestation. You can replay any run, export any action, and hand a regulator hardware-signed evidence instead of a screenshot.

  • Which models can my agent call?

    Any of them. OpenAI, Anthropic, open-weight models, or your own fine-tunes. Inference can happen inside the enclave (model never sees raw data) or via a proxied external API.

  • Which clouds does Treza support?

    Treza runs on the major confidential-compute clouds and is designed so the same agent definition works across providers. We can map your specific requirements during a 20-minute architecture review.

Next step

Bring your agent. We’ll design the runtime.

Tell us what your agent does (or should do). In 20 minutes we’ll sketch the runtime, the keys it needs, and what production looks like. No pitch deck.

Book a review->
Read the docs
Quickstarts, SDK reference, attestation guides
->
Browse pre-built apps
KYC, key signing, AI agents. Deploy in one click.
->
Read the blog
How teams are using enclaves in production
->