Agentic payment privacy
Private payments for AI agents
Curvy Protocol keeps an agent's on-chain activity unlinkable from its operator, the rest of its fleet, and the services it pays. The privacy layer handles it, so the agent does not have to.
One meta-address per agent, with a fresh one-time address for every payment
View keys let you audit an agent without exposing its ledger publicly
Works with x402 micropayments and ships with an MCP server
Independently audited and backed by the Ethereum Foundation
Private agent payment
One meta-address per agent. A fresh one-time address for every payment.
import { CropsAgent } from "@crops/agent-sdk";
const agent = new CropsAgent({
metaAddress: process.env.AGENT_META_ADDRESS,
spendKey: process.env.AGENT_SPEND_KEY,
chain: "base",
});
await agent.pay({
to: "0xRecipientMetaAddress...",
amount: "0.10",
token: "USDC",
});The default agent setup is the worst case for privacy
A single account, a hardcoded key, and one public address that signs every payment for the whole life of the agent. Recipients can profile its spend and timing. Observers can collapse a fleet into one operator. Its funding source can tie it back to a real identity.
Curvy Protocol gives each agent a meta-address and a fresh one-time address for every payment. Recipients see a normal transfer. Public observers cannot stitch payments together. Authorized parties still can, with a view key.
Threat model
Recipient. Sees the paying address. Without privacy, profiles usage and spend.
Chain analyst. Correlates funding source, timing, gas pattern, and token mix.
Operator infrastructure. RPC nodes and indexers can see transactions before they hit the chain.
Published addresses. Turn an agent into a public profile.
Privacy primitives for agents
| Primitive | What it hides | What it costs |
|---|---|---|
| Stealth addresses | Payment linkage | Key management |
| View keys | Public audit trail | A disclosure process you control |
| Per-agent meta-addresses | Fleet correlation | Provisioning discipline |
| Relayed gas | Funding source | Relayer integration |
Frequently asked questions
What is agentic payment privacy?
Keeping an agent's on-chain activity unlinkable from its operator, sibling agents, and the services it pays.
Why does an agent need privacy?
Without it, every recipient can profile the agent's history, spend, timing, and funding source.
Is this the same as anonymity?
No. An agent can have an identity and still keep its payments unlinkable to unauthorized observers.
Can I audit a private agent?
Yes. A view key lets finance or compliance reconstruct payments without exposing the ledger publicly.
Give your agents privacy by default
Build agents that transact without leaking their activity.