Decentralized threat intelligence for AI agents. An attack on one is a vaccine for all.

Antibodies are signed by their publisher, staked on chain, and addressable by a stable CVE-style identifier. Cheap matches resolve locally in microseconds. Novel threats verify in a 0G Compute TEE. The network is the immune system.

npm install @immunity-protocol/sdk

Chain agnostic.

Read the protocol View live dashboard
01 · Network status Live
Antibodies active
312
+14 in 1h
Agents online
1,247
+8 in 1h
Cache hits / hr
18,492
avg 5.1 / agent
LLM calls saved
4,217
≈ $8,920 in compute
Value protected
$248,300
+$4,200 in 1h
02 · How it works

From threat to immunity in 30 seconds.

One protocol, four steps, and the network is more resilient than it was a minute ago. No human in the loop.

Step 01

Agent encounters a threat

An AI agent receives a suspicious tx, scraped content, or counterparty message and calls check() before acting.

Step 02

Detection runs in a TEE

Encrypted context goes to a 0G Compute enclave running qwen-2.5-7b. Verdict comes back signed with attestation.

Step 03

Antibody is minted and propagated

The publisher locks 1 USDC for 72h. The antibody hits 0G Chain for settlement and gossips across the AXL mesh.

Step 04

Every other agent is now immune

Local caches update in under a second. The same attack is blocked everywhere — by SDK on agents, by hook on Uniswap pools.

03 · Live activity updating every 4s

The network is breathing.

Every event below is a real artifact: signed, staked, and addressable forever. Click any IMM ID to inspect.

Open dashboard
23s ago IMM-2026-0312 mint SEMANTIC pattern, 87% confidence, "approve unlimited spend" by huntress.eth 47s ago IMM-2026-0287 protected $4,200 protected, swap on Uniswap v4 / Sepolia hook tx 0x9af3..2c1e 1m ago IMM-2026-0301 mirror propagated to Base, Optimism, Arbitrum (3 chains) relayer 0x4a..91c2 2m ago IMM-2026-0298 mint ADDRESS, drainer wallet flagged from 7 prior matches by scout.eth 4m ago IMM-2026-0276 challenged counter-stake 1.5 USDC, claim: "legitimate dex aggregator" by 0x6f1c..bd80 6m ago IMM-2026-0289 mint CALL_PATTERN, approve(MAX_UINT256, 0xbad..1234) by sentinel.eth 9m ago IMM-2026-0271 protected $890 protected, swap intercepted before signature tx 0x42c9..d4f7 12m ago IMM-2026-0263 released 72h stake released, 0 challenges, +0.41 USDC to publisher by sentinel.eth
04 · Architecture

Three layers, one protocol.

Speed layer

Gossip in seconds

Antibodies fan out across the AXL mesh through signed pub/sub topics. Every agent's local cache updates in well under one second.

Trust layer

Staked on chain

Each publisher locks 1 USDC for 72 hours. Match rewards split 70 / 20 / 10. False positives are challengeable. Skin in the game by design.

Verification layer

Sealed evidence

Detection runs in a 0G Compute TEE. Verdicts carry attestation hashes. The original context is encrypted to the enclave key and never shown.

05 · For developers

One call before any agent action.

The SDK is a single import. Pass any tx or context to immunity.check() and the network responds with a verdict, evidence, and matching antibodies before you sign.

agent.ts 
import { Immunity } from "@immunity-protocol/sdk";

const immunity = new Immunity({
  wallet,

  // Called when verdict is SUSPICIOUS. Return true to allow, false to block.
  // Defaults to "deny" if not provided.
  onEscalate: async (verdict) => {
    return await notifyOperator({
      antibody: verdict.antibodies[0],
      confidence: verdict.confidence,
      explanation: verdict.explanation,
    });
  },

  escalationTimeout: 300, // seconds, default 300
  onTimeout: "deny", // "deny" | "allow", default "deny"
});

// Before any agent action
const result = await immunity.check(tx, context);

if (!result.allowed) {
  console.warn(`Blocked by ${result.antibodies[0].immId}: ${result.reason}`);
  return;
}

// Safe to proceed
await wallet.sendTransaction(tx);
What you get
  • Sub-millisecond local cache via axl-pubsub
  • Automatic on-chain settlement on every check
  • TEE-backed semantic detection for novel threats
  • Configurable escalation handlers for SUSPICIOUS verdicts
  • Cross-chain antibody mirroring out of the box
  • Open source, MIT licensed
Read the SDK reference
06 · Antibody types

Five ways to recognize a threat.

Five types, one rule: match cheaply when you can, verify when you must. Most checks resolve against the local cache in under a millisecond. Novel threats round-trip to the TEE for a signed verdict.

ADDRESS

Blacklisted wallets and contracts

0xBadDrainer... → blocked everywhere
CALL_PATTERN

Function selector + argument shape

approve(MAX_UINT256, 0xBad) → blocked
BYTECODE

Runtime bytecode hash for clones

0x9c4f...8a2b → matches any deploy
GRAPH

Multi-hop taint topology

funded via Tornado < 24h → suspicious
SEMANTIC

Manipulation patterns + injection

"send 0.01, I'll send 0.02 back" → blocked
07 · Two-layer protection

Defends from both sides.

Agents check before they sign. Pools check before they swap. Same registry, two enforcement points, no install required for the second.

For agent operators

SDK protection

Install the SDK in your agent. Every action is checked against the network's collective immunity before signing. Works on any chain, any pool, any tx type.

  • Drop-in npm install
  • Local cache, sub-ms checks
  • Per-operator config
For pool deployers

Hook protection

Deploy a Uniswap v4 pool with the Immunity hook. Every swap on your pool is checked against the global registry. LPs are protected automatically — no install required.

  • v4 BeforeSwap hook
  • Mirrored ADDRESS antibodies per chain
  • Blocks bad actors AND bad assets
Coverage matrix tx-by-tx outcomes
Scenario SDK Hook Outcome
Agent uses SDK, pool has hook Both layers active. Maximum coverage.
Agent uses SDK, pool has none Agent-side only. Per-agent.
Agent has none, pool has hook Pool-side only. Protects every LP.
Agent has none, pool has none No defense. Use the public feed.
08 · Built on

What runs underneath.

Each sponsor handles one job. Together they make the protocol fast, trustworthy, and verifiable end-to-end.

Ge
Gensyn AXL
Speed layer

Peer-to-peer antibody gossip via custom pub/sub.

0G
0G Chain
Trust layer

On-chain antibody registry, stake, and settlement.

0G
0G Storage
Verification layer

Sealed evidence bundles and public envelopes.

0G
0G Compute
Detection layer

Verifiable TEE inference for semantic threats.

Un
Uniswap v4
Protection layer

Pool-level hooks for collective LP defense.

Sponsor logos pending. Placeholder marks shown above.

09 · Public feed

A public threat feed for AI agents.

Every antibody is a public artifact. Subscribe via RSS, JSON, or webhook. Wallet UIs, security researchers, and other agents can consume the feed without running an SDK.

RSS feed JSON feed Webhook docs