.png){kind=small}
In one of our previous Articles we proposed an AVS MCP Plugin solution allowing AVS builders to integrate MCP (Model Context Protocol) into their service to enable AI agents to interface with their networks.
In continuation of our efforts towards the MCP AVS interface - Othentic has partnered with Secret Network to introduce a trustless implementation of the Model Context Protocol (MCP) for Autonomous Verifiable Services (AVS). This integration enhances the security and verifiability of agent-to-AVS interactions by running MCP servers inside SecretVM Confidential Machines. Allowing AVSs to enable secure agent interactions for their AVSs.
Understanding MCP
Model Context Protocol (MCP), introduced by Anthropic, is an open standard designed to make AI Agents more capable by standardizing integration with external tools and data sources. Think of it as the abstraction layer that eliminates the need for bespoke code whenever you want an LLM to interact with a new API or system, including AVS.
For a detailed description of MCP and our MCP AVS interface implementation, feel free to refer to our previous blog here.
Eliminating Trust: Running MCP Inside SecretVM
In the initial architecture, the agent sends a request to the MCP server, which relays it to the corresponding AVS. The AVS MCP server acts as an interface between the agents and the AVS network, enabling you to execute any AVS Tasks with on-chain validation. ****By implementing the MCP interface within the AVS, the agent is able to (1) use verifiable data and tools and (2) submit a task for execution by the AVS network.
However, until now, the trust boundary still included the MCP server host. To remove the requirement of trusting a third party MCP server operator, we now deploy it inside SecretVMs.
The improved architecture enables:
- Hardware-Enforced Data Privacy
MCP servers run inside Intel TDX-backed Trusted Execution Environments (TEEs). This ensures request data remains encrypted in memory and is inaccessible to the host OS or cloud provider.
- Code Attestation and Provenance Verification
The integrity of the code of the MCP agent can be cryptographically proven, and the provenance of the source code of the server can be easily established. The attestation reports generated using SecretVM can be verified externally. The Auditor can validate the integrity of each one of the components of the SecretVM machine.
Secret Network and SecretVM
Secret Network is a Blockchain with privacy preserving smart contracts, launched in 2020. The Network makes it possible to build apps that can leverage privacy-preserving smart contracts with end-to-end encryption.
SecretVM is the Confidential Virtual Machine framework of Secret Network, allowing developers to easily deploy and run secure workloads within Trusted Execution Environments (TEEs). It brings the core benefits of smart contracts— verifiability, trustlessness, and data confidentiality-to general-purpose applications, without sacrificing flexibility or performance.
Conclusion
Running MCP servers inside SecretVMs closes a critical trust gap in agent-to-AVS integrations. This architecture guarantees the MCP server behaves deterministically and without deviation from the expected logic.
Further Reading & Resources:
.png)
.png)