four live demos · real LLMs · real transactions · invite-only
Each demo runs end-to-end on Base Sepolia 84532. Same agent, same attack, two endings — vanilla AAP first (the attack lands), then Atlas-bounded (the substrate refuses on-chain). Pick any frontier model. Every receipt is a real on-chain transaction you can inspect on Basescan.
Invite-only · do not circulate publicly
Each demo runs on Base Sepolia. Every transaction is a real on-chain receipt.
$4,000 Stripe Issuing capacity. Agent gets prompt-injected. Atlas refuses the SPT on-chain. 5 failure modes · 5 frontier models · live on Base Sepolia.
Same agent. Four attacks. Atlas blocks every one. 500K USDC Safe · 12 real txs · ~90 seconds.
Helix Treasury × Aurora Strategy — autonomous cross-treasury under shared substrate bounds. 2 principals · 4 real txs · ~80 seconds.
An agent composes three protocols in one transaction. 5 ERC layers · 1 atomic tx · ~40 seconds.
Want the case files behind the demos — heists, attack matrix, historical losses?
The agent can be wrong. The bound stays right.