In the Agentic Economy, trust is essential. But usability ultimately determines whether trust is exercised.

Session Keys provide solid security guarantees. They allow users to delegate limited authority to autonomous Agents without exposing their master keys. On paper, this is enough to enable agentic DeFi. In practice, it hasn't been.

At Zyfai, we discovered that the biggest obstacles were not cryptographic weakness, but operational friction and inaccurate control. Our goal was to evolve Session Keys with a primitive that preserves its security guarantees, while making them usable at scale, and containing the fine-grained execution controls that many implementations of Session Keys still lack.

As part of this effort, Zyfai is integrating EigenCompute KMS (EigenCloud), moving Session Key signing into a Trusted Execution Environment (TEE) that is inaccessible to operators, developers, or external services.

The migration will be rolled out gradually. Users will be prompted to migrate once a notification banner appears in the dashboard.

Most session-key systems require users to explicitly authorize every protocol, pool, and function upfront.

As Agents become more capable, this turns into hundreds of permissions: high gas costs during activation, long and opaque signing flows, and users abandoning setup or never updating keys.

While security remains intact, the system slowly becomes unusable.

Whenever a new protocol or pool is integrated, users are often required to return to the dashboard to renew permissions and sign a new Session Key.

Most users don't. The result is idle capital and missed yield, even though the Agent logic itself is sound.

Many session-key implementations stop at contract-level whitelisting:

"This Agent may call the USDC contract."

What they frequently do not enforce is how that contract can be used. Without calldata-level restrictions, an Agent that is allowed to interact with a token contract can often transfer funds to arbitrary addresses and approve unlimited spenders .

This creates a structural gap that makes Session Keys insufficient for the high-stakes environment of Agentic DeFi, where millions are at play.

Zyfai's new Security Proxy System preserves the same core security assumptions as modern Session Keys, namely scoped authority and self-custodial control.

It relocates enforcement into a deterministic execution layer that for the first time eliminates repeated user approvals, enables specific, calldata-aware policies, while reducing gas costs.

Installed once on the user's Safe Smart Account, this module acts as the secure entry point for Agent execution, using established and audited patterns.

When triggered by the Executor Module, the Router executes transactions as the user's account, while enforcing a strict policy:

• Target contract validation

• Function selector validation

• Calldata-level filtering for asset movement

Because the Router is stateless, it introduces no storage risk and does not custody funds.

The Registry defines, in real time which contracts are allowed, which function selectors are valid, and which addresses assets may be transferred to.

This allows extremely fine-grained constraints. For example:

• A USDC transfer may only send funds: Back to the user's Safe Smart Account, or to explicitly approved DeFi pools

• Transfers to arbitrary EOAs are rejected at execution time

• Even if the Agent logic is compromised, value flow remains constrained

This level of calldata-aware filtering is not available in many session-key SDKs today, and is critical for agentic systems that must operate continuously and autonomously.

To further strengthen the operational security of our agents, Zyfai is moving the session-key signing infrastructure to EigenCompute KMS.

Session keys will be generated and used entirely inside a Trusted Execution Environment (TEE):

• Session private key signature is performed inside the enclave

• The signer is not accessible to operators, developers, or external services

• Signing is only possible through predefined, verified execution paths

This significantly reduces the operational attack surface by eliminating key exposure at the infrastructure level.

While Zyfai is a modular product, with each individual module audited and publicly available in our audit documentation, it's just as important to ensure that all modules work together securely.

That's why, with the introduction of the new Security Proxy System, Zyfai made the decision to audit the entire product end to end as an additional step toward security and transparency.

As a result, the Security Proxy System, along with the rest of the Zyfai stack, has been audited by Sherlock, with no outstanding security issues identified.

The full audit report is available here: audit report.

Ultimately, Zyfai's Security Proxy System offers a significantly improved user experience with enhanced execution guarantees.

While Zyfai doesn't claim a fundamentally stronger cryptographic primitive than Session Keys, it improves the fragile and outdated delegation process by implementing calldata-level enforcement and eliminating user friction.

This means users only sign once; protocols can be added without interruption; transfers are constrained at the byte level; and, security doesn't depend on users constantly re-approving the future. Essentially, enabling Agents to operate safely, especially when users are offline.

Action required: users will be prompted to migrate when a notification banner appears in the dashboard.

Zyfai gives you self-custodial access to autonomous low-risk DeFi. Our customizable rule-based Agents transform your idle capital into productive assets, rebalancing between curated opportunities.

The result is sustainable and risk-adjusted yield, where your capital is always working and under your control.

Explore ZyFAI | Follow on X | Read blog | Explore Docs

In the Agentic Economy, trust is essential. But usability ultimately determines whether trust is exercised.

Session Keys provide solid security guarantees. They allow users to delegate limited authority to autonomous Agents without exposing their master keys. On paper, this is enough to enable agentic DeFi. In practice, it hasn't been.

At Zyfai, we discovered that the biggest obstacles were not cryptographic weakness, but operational friction and inaccurate control. Our goal was to evolve Session Keys with a primitive that preserves its security guarantees, while making them usable at scale, and containing the fine-grained execution controls that many implementations of Session Keys still lack.

As part of this effort, Zyfai is integrating EigenCompute KMS (EigenCloud), moving Session Key signing into a Trusted Execution Environment (TEE) that is inaccessible to operators, developers, or external services.

The migration will be rolled out gradually. Users will be prompted to migrate once a notification banner appears in the dashboard.

Most session-key systems require users to explicitly authorize every protocol, pool, and function upfront.

As Agents become more capable, this turns into hundreds of permissions: high gas costs during activation, long and opaque signing flows, and users abandoning setup or never updating keys.

While security remains intact, the system slowly becomes unusable.

Whenever a new protocol or pool is integrated, users are often required to return to the dashboard to renew permissions and sign a new Session Key.

Most users don't. The result is idle capital and missed yield, even though the Agent logic itself is sound.

Many session-key implementations stop at contract-level whitelisting:

"This Agent may call the USDC contract."

What they frequently do not enforce is how that contract can be used. Without calldata-level restrictions, an Agent that is allowed to interact with a token contract can often transfer funds to arbitrary addresses and approve unlimited spenders .

This creates a structural gap that makes Session Keys insufficient for the high-stakes environment of Agentic DeFi, where millions are at play.

Zyfai's new Security Proxy System preserves the same core security assumptions as modern Session Keys, namely scoped authority and self-custodial control.

It relocates enforcement into a deterministic execution layer that for the first time eliminates repeated user approvals, enables specific, calldata-aware policies, while reducing gas costs.

Installed once on the user's Safe Smart Account, this module acts as the secure entry point for Agent execution, using established and audited patterns.

When triggered by the Executor Module, the Router executes transactions as the user's account, while enforcing a strict policy:

• Target contract validation

• Function selector validation

• Calldata-level filtering for asset movement

Because the Router is stateless, it introduces no storage risk and does not custody funds.

The Registry defines, in real time which contracts are allowed, which function selectors are valid, and which addresses assets may be transferred to.

This allows extremely fine-grained constraints. For example:

• A USDC transfer may only send funds: Back to the user's Safe Smart Account, or to explicitly approved DeFi pools

• Transfers to arbitrary EOAs are rejected at execution time

• Even if the Agent logic is compromised, value flow remains constrained

This level of calldata-aware filtering is not available in many session-key SDKs today, and is critical for agentic systems that must operate continuously and autonomously.

To further strengthen the operational security of our agents, Zyfai is moving the session-key signing infrastructure to EigenCompute KMS.

Session keys will be generated and used entirely inside a Trusted Execution Environment (TEE):

• Session private key signature is performed inside the enclave

• The signer is not accessible to operators, developers, or external services

• Signing is only possible through predefined, verified execution paths

This significantly reduces the operational attack surface by eliminating key exposure at the infrastructure level.

While Zyfai is a modular product, with each individual module audited and publicly available in our audit documentation, it's just as important to ensure that all modules work together securely.

That's why, with the introduction of the new Security Proxy System, Zyfai made the decision to audit the entire product end to end as an additional step toward security and transparency.

As a result, the Security Proxy System, along with the rest of the Zyfai stack, has been audited by Sherlock, with no outstanding security issues identified.

The full audit report is available here: audit report.

Ultimately, Zyfai's Security Proxy System offers a significantly improved user experience with enhanced execution guarantees.

While Zyfai doesn't claim a fundamentally stronger cryptographic primitive than Session Keys, it improves the fragile and outdated delegation process by implementing calldata-level enforcement and eliminating user friction.

This means users only sign once; protocols can be added without interruption; transfers are constrained at the byte level; and, security doesn't depend on users constantly re-approving the future. Essentially, enabling Agents to operate safely, especially when users are offline.

Action required: users will be prompted to migrate when a notification banner appears in the dashboard.

Zyfai gives you self-custodial access to autonomous low-risk DeFi. Our customizable rule-based Agents transform your idle capital into productive assets, rebalancing between curated opportunities.

The result is sustainable and risk-adjusted yield, where your capital is always working and under your control.

Explore ZyFAI | Follow on X | Read blog | Explore Docs