Every AI output should have a provable origin. Who authorized the agent. What model answered. When it happened. Signed, hash-linked, on-chain.
The first AI agent with a birth certificate on a public blockchain.
Today, every AI system in the world operates on unsigned messages. When an AI answers your question, there is no cryptographic proof of what you asked, what it answered, which model produced the output, or who authorized the agent to act.
The output is ephemeral. The interaction is deniable. The AI is anonymous.
This is equivalent to running the internet without TLS. Every AI message is susceptible to tampering, impersonation, and repudiation. And AI agents are being granted authority to take real-world actions — financial transactions, code execution, data access, communications.
Before TLS, every web page was transmitted in plaintext. Anyone could read or modify it. TLS didn't change what the web did — it proved that what you saw was what the server sent.
Before this, every AI interaction is an unsigned message. What we built is the beginning of TLS for AI — not changing what AI does, but proving what it did.
An AI agent with a birth certificate that names two parents: the AI model that powers it and the human who authorized it. Every inference call is recorded as a signed, hash-linked Note. The session is settled with a Merkle root anchored on the blockchain.
The agent runs on the Morpheus decentralized AI network.
Three real inference calls to Kimi K2.5 via api.mor.org. Real tokens consumed.
No centralized API. No single point of control.
Morpheus provides the thinking. Rootz provides the proof.
This is not a simulation. The birth certificate and session settlement are on Polygon mainnet.
Address: 0x70b893e3b519255166a1fb64dcde920d056a2d5c
Chain: Polygon Mainnet (137)
TX: 0xa689ba006882b0ee1fae319de9ac3362960d4e1ecb7777686891ba9d16f06f7c
Block: 84,799,553 — March 28, 2026
The content is encrypted (ECDH + AES-256-GCM). Only the owner can decrypt. But the events are publicly verifiable — anyone can confirm the contract exists, when Notes were written, and that the chain is intact.
Total on-chain cost: $0.03.
These share links decrypt the on-chain content in your browser. The encryption key is embedded in the URL — anyone with the link can read it. Without the link, the on-chain data is opaque.
The agent's permanent origin record — names the AI parent (Morpheus/Kimi K2.5) and the human authorizer (Steven Sprague). Policy, scope, and key protection level.
The complete session: three prompts, three full Kimi K2.5 responses (4,213 tokens), all hashes, and the settlement Merkle root. This is the provable record of what the AI was asked and what it answered.
The technical test report documenting what was real, what was simulated, and the verification results. Published as a public (unencrypted) secret.
Note: The Proof of Origin viewer may show a content hash mismatch on these early sessions. This is a known formatting bug in the archive-to-viewer pipeline that has been fixed for future sessions. The content itself is correct and intact.
When your AI makes a decision that affects a customer or a regulation, you need proof of what it was asked and what it said. Not log files. Blockchain-anchored, cryptographically signed evidence.
The EU AI Act requires operational logs. The SEC requires disclosure of material AI use. Today, compliance is self-reporting. With this, the evidence is on-chain. Verify, don't trust.
If an AI causes harm, who is liable? With a birth certificate naming the model and a chain of signed actions, insurance can be priced per-model, per-version, per-agent.
You asked AI for medical, legal, or financial guidance. Later you need to prove what it told you. Today you have a screenshot. With this, you have cryptographic proof.
Each layer adds trust. Each layer requires different effort. Together they form the complete chain from "who asked" to "where did the model come from."
Agent signs prompt hashes, hashes responses, chain-links every action. Settlement Merkle root anchored on-chain. Works with any AI API today.
Provider signs every response with its registered wallet. Bilateral proof. Runs on your own Morpheus node.
ECDH key exchange. AES-256-GCM encrypted channel. TEE attestation proves the enclave. No eavesdropping.
Model built from signed sources. Training data manifests. Weight hashes. The AI equivalent of pharmaceutical traceability.
The Morpheus agent is a plugin for Rootz Desktop V6, an Electron application that provides the signing, encryption, and blockchain infrastructure for data wallets.
Desktop V6 is the agent's hardware security module. It holds TPM-sealed signing keys, manages Sovereign Secrets on Polygon, encrypts content with ECDH + AES-256-GCM, uploads to IPFS, handles credit management, and provides an MCP server that any AI tool (Claude Code, Cursor, ChatGPT) can connect to.
The agent never holds a private key. Desktop signs on its behalf via a session token. If the agent is compromised, it has no key to steal. If the host dies, the owner derives a new key from their master seed and the agent's full state is recovered from the blockchain.
Open source. MIT license. 4,655 lines of TypeScript across 7 source files. Built in one session. Tested live on Morpheus + Polygon.
Built by Steven Sprague — rootz.global