# Zyfai's New Security Proxy System: Same Trust Model with Improved Execution *Learn How Zyfai is Making Session Keys Actually Usable for the Agentic Economy.* By [Zyfai](https://blog.zyf.ai) · 2025-12-24 yield, agent, neobanks, stablecoins, defi, defai --- In the Agentic Economy, trust is essential. But usability ultimately determines whether trust is exercised. Session Keys provide solid security guarantees. They allow users to delegate limited authority to autonomous Agents without exposing their master keys. On paper, this is enough to enable agentic DeFi. In practice, it hasn't been. At Zyfai, we discovered that the biggest obstacles were not cryptographic weakness, but **operational friction** and **inaccurate control**. Our goal was to evolve Session Keys with a primitive that preserves its security guarantees, while making them usable at scale, and containing the fine-grained execution controls that many implementations of Session Keys still lack. **As part of this effort, Zyfai is integrating EigenCompute KMS (**[**EigenCloud**](https://www.eigencloud.xyz)**), moving Session Key signing into a Trusted Execution Environment (TEE) that is inaccessible to operators, developers, or external services.** The migration will be rolled out gradually. Users will be prompted to migrate once a notification banner appears in the dashboard. * * * The Real Problems With Session Keys ----------------------------------- ### 1\. Operational Friction Breaks Delegation Most session-key systems require users to explicitly authorize every protocol, pool, and function upfront. As Agents become more capable, this turns into hundreds of permissions: high gas costs during activation, long and opaque signing flows, and users abandoning setup or never updating keys. While security remains intact, the system slowly becomes unusable. ### 2\. Re-Signing Session Keys Kills Yield Whenever a new protocol or pool is integrated, users are often required to return to the dashboard to renew permissions and sign a new Session Key. Most users don't. The result is idle capital and missed yield, even though the Agent logic itself is sound. ### 3\. "Where" Is Checked, "What" Often Isn't Many session-key implementations stop at **contract-level whitelisting**: > > "This Agent may call the USDC contract." What they frequently do **not** enforce is _how_ that contract can be used. Without calldata-level restrictions, an Agent that is allowed to interact with a token contract can often transfer funds to arbitrary addresses and approve unlimited spenders . This creates a structural gap that makes Session Keys insufficient for the high-stakes environment of Agentic DeFi, where millions are at play. * * * Zyfai's Answer: The Security Proxy System ========================================= Zyfai's new Security Proxy System preserves the same core security assumptions as modern Session Keys, namely scoped authority and self-custodial control. It relocates enforcement into a deterministic execution layer that for the first time **eliminates repeated user approvals**, **enables** **specific, calldata-aware policies, while reducing gas costs.** Examining The New Security Proxy System --------------------------------------- ### Executor Module (on Safe) Installed once on the user's [Safe Smart Account](https://x.com/ZyfAI_/status/1967914537983807879), this module acts as the secure entry point for Agent execution, using established and audited patterns. ### Stateless Security Router When triggered by the Executor Module, the Router executes transactions **as the user's account**, while enforcing a strict policy: * Target contract validation * Function selector validation * Calldata-level filtering for asset movement Because the Router is stateless, it introduces no storage risk and does not custody funds. ### Onchain Registry The Registry defines, in real time which contracts are allowed, which function selectors are valid, and which addresses assets may be transferred to. This allows extremely fine-grained constraints. For example: * A USDC `transfer` may only send funds: Back to the user's Safe Smart Account, or to explicitly approved DeFi pools * Transfers to arbitrary EOAs are rejected at execution time * Even if the Agent logic is compromised, value flow remains constrained This level of calldata-aware filtering is **not available in many session-key SDKs today**, and is critical for agentic systems that must operate continuously and autonomously. * * * Hardening the Signing Layer with EigenCompute KMS ------------------------------------------------- To further strengthen the operational security of our agents, Zyfai is moving the session-key signing infrastructure to **EigenCompute KMS**. Session keys will be generated and used entirely inside a **Trusted Execution Environment (TEE)**: * Session private key signature is performed inside the enclave * The signer is not accessible to operators, developers, or external services * Signing is only possible through predefined, verified execution paths This significantly reduces the operational attack surface by eliminating key exposure at the infrastructure level. * * * Audited by Sherlock ------------------- While Zyfai is a modular product, with each individual module audited and publicly available in our [audit documentation](https://docs.zyf.ai/docs/product/zyfai-smart-account/audits), it's just as important to ensure that all modules work together securely. That's why, with the introduction of the new Security Proxy System, Zyfai made the decision to audit the entire product end to end as an additional step toward security and transparency. As a result, the Security Proxy System, along with the rest of the Zyfai stack, has been audited by [Sherlock](https://sherlock.xyz), with no outstanding security issues identified. The full audit report is available here: [audit report](https://sherlock-files.ams3.digitaloceanspaces.com/reports/2025.12.20%20-%20Final%20-%20Zyfai%20Collaborative%20Audit%20Report%201766237479.pdf). * * * TL;DR: The New Security Proxy System ------------------------------------ Ultimately, Zyfai's Security Proxy System offers a significantly improved user experience with enhanced execution guarantees. While Zyfai doesn't claim a fundamentally stronger cryptographic primitive than Session Keys, it improves the fragile and outdated delegation process by implementing calldata-level enforcement and eliminating user friction. This means users only sign once; protocols can be added without interruption; transfers are constrained at the byte level; and, security doesn't depend on users constantly re-approving the future. Essentially, enabling Agents to operate safely, especially when users are offline. **Action required:** users will be prompted to migrate when a notification banner appears in the dashboard. * * * **About Zyfai** --------------- Zyfai gives you self-custodial access to autonomous low-risk DeFi. Our customizable rule-based Agents transform your idle capital into productive assets, rebalancing between curated opportunities. The result is sustainable and risk-adjusted yield, where your capital is always working and under your control. [Explore ZyFAI](https://www.zyf.ai/) | [Follow on X](https://x.com/ZyfAI_) | [Read blog](https://zyfiofficial.medium.com/) | [Explore Docs](https://docs.zyf.ai/) --- *Originally published on [Zyfai](https://blog.zyf.ai/zyfais-new-security-proxy-system-same-trust-model-with-improved-execution)*