Why EigenCloud is the next story in this series
This is the second piece in Cantina’s 2025 year-end series, where we highlight security work that changed how infrastructure is built and trusted.
We started with the Ethereum Foundation and the Pectra Security Competition. The next step had to be EigenCloud.
In 2025, EigenCloud moved from vision to deployed infrastructure. EigenCloud introduced a verifiable cloud for Web3: containerized workloads, any runtime, hardware acceleration, and API access, all backed by cryptoeconomic guarantees rather than blind trust. On top of that, EigenCloud launched EigenAI and EigenCompute on mainnet alpha, bringing verifiable AI inference and verifiable offchain execution to real users.
For the first time, developers can treat AI and general-purpose compute the way they treat smart contracts: something you can depend on, inspect, and, if needed, challenge.
This recap looks at what EigenCloud changed in 2025, how EigenAI and EigenCompute address AI’s trust problem, and how Cantina’s work with Eigen Labs fits into the security story behind it.
How EigenCloud changes the application stack
EigenCloud starts from a clear split:
- Asset custody and settlement remain onchain.
- Application logic runs offchain in verifiable containers.
Developers deploy containerized workloads with their preferred languages, frameworks, and hardware. Operators run those containers as part of autonomous verifiable services (AVSs), backed by stake on EigenLayer. Each task is registered, attested, and enforced through slashing conditions, challenge flows, and dispute resolution logic defined by the application.
The protocol’s job is no longer to prescribe a single trust model. It is to enforce whatever trust model the application declares.
From smart contracts to AVSs
In the traditional model, everything runs inside a constrained VM. That keeps execution simple but forces developers into a narrow programming environment and makes advanced workloads, such as AI inference or high-throughput data processing, hard to do directly onchain.
EigenCloud changes the unit of deployment from “contract” to “AVS plus app”:
- The AVS defines the enforcement logic: what counts as correct, what counts as a fault, how stake is allocated, and how disputes are resolved.
- The application defines the business logic: the actual code running in containers, the APIs it talks to, and the workflows it supports.
- EigenCloud, EigenLayer, EigenDA, and EigenVerify provide the enforcement engine and data backbone.
Programmability starts to look like a modern cloud. Verifiability stays tied to stake, attestations, and reproducible evidence.
EigenAI and EigenCompute: Verifiable AI for real workloads
If EigenCloud is the platform, EigenAI and EigenCompute are the 2025 proof points.
EigenCloud’s mainnet alpha launch of EigenAI and EigenCompute directly targets one of the biggest gaps in today’s AI stack: you cannot normally verify what an AI system actually did.
AI’s trust deficit
Most AI today runs as a black box on centralized infrastructure. Users have to trust that:
- Prompts are not modified.
- Responses are not altered or filtered.
- Models are not silently swapped for cheaper or weaker versions.
That is fragile in low-stakes consumer use. It is unacceptable for trading, contract negotiation, onchain finance, or any context where a bad model output can move real value or trigger binding decisions.
EigenCloud’s answer is simple in principle: AI agents should be held to the same standard as smart contracts. Their actions should be reproducible, auditable, and, if necessary, penalized.
EigenAI: World’s First Deterministic, Verifiable LLM inference
EigenAI is a deterministic, verifiable LLM inference service. It exposes an OpenAI-compatible API and runs frontier open-source models under an execution model that can be checked.
The core ideas:
- Prompts, models, and responses are committed and linked.
- Inference is made deterministic so that given a prompt X and model Y, a correct run always produces output Z.
- Anyone with same hardware (H100s) can re-run the same prompt and verify that Z is the right output. If re-execution differs, that becomes concrete evidence of incorrect behavior.
- Over time, this verification path is designed to be backed by economic stake and slashing, not just social capital and slashing .
For developers, the experience remains familiar: an AI API with low latency and standard tooling support, but with a verifiable trail for high-stakes use.
EigenCompute: Verifiable execution for agents and apps
EigenCompute covers the rest of the execution surface.
Developers package their agent or app logic as Docker images. EigenCompute runs those images in secure environments, starting with TEEs in mainnet alpha, and is designed to incorporate cryptoeconomic guarantees and eventually zero-knowledge proofs as the platform matures.
The promise is straightforward:
- Long-running agent logic can live offchain.
- The system can attest that the code ran as specified, over the inputs it claims to have received.
- Over time, liveness and censorship resistance are intended to be enforced with the same seriousness as correctness.
EigenAI and EigenCompute are designed to work together. An agent runs on EigenCompute, calls EigenAI for inference, publishes relevant traces to EigenDA, and can be challenged or slashed through enforcement logic defined by the AVS it belongs to.
Who is building on it
The early builders give a sense of where this is going:
- Agent frameworks that use EigenAI and EigenCompute to keep long-lived agents verifiable.
- Games and social applications that rely on verifiable AI behavior when money or ranking is at stake.
- Data products and reputation systems that use EigenCloud to make their algorithms accountable instead of opaque.
- Enterprise and financial teams that want AI in their workflows without losing clear lines of responsibility and auditability.
These projects differ in domain, but they rely on the same guarantee: AI and offchain logic should behave predictably, and misbehavior should be observable and enforceable.
Programmable infrastructure, institutional expectations
EigenCloud is not only an infrastructure story. It is an institutional story.
Financial institutions, exchanges, large consumer platforms, and enterprises that depend on AI-driven systems have two overlapping concerns:
- Can they demonstrate that an AI-enabled workflow behaves as intended, over time, under scrutiny?
- Can they trace misbehavior to specific operators, models, or configurations and enforce consequences?
EigenCloud’s design lines up with those expectations. It does not claim that every workload is perfectly provable. Instead, it asks each AVS team to define:
- What “correct” looks like.
- What evidence is needed to prove a fault.
- How to route that evidence into slashing, insurance, or other forms of remediation.
AVSs that meet that bar move AI and offchain compute from “best-effort service” into “programmable infrastructure with a defined trust model.”
For institutions, that shift is critical. It creates space to adopt AI and agent systems while retaining clear operational, legal, and risk frameworks.
Inside the EigenCloud security collaboration
Cantina x Eigen Labs
Cantina’s work with Eigen Labs started well before the EigenCloud whitepaper. Over the past two years, we have supported large-scale efforts on EigenLayer, including a $2.5 million open audit competition on slashing activation and red-team campaigns focused on AVS enforcement design. Those programs sharpened how we think about programmable trust: mapping assumptions, simulating disputes, and treating operator safety as a core design surface.
EigenCloud builds on many of the same ideas. It gives AVS teams a structured way to express their trust models and connect them to enforcement through EigenLayer, EigenDA, EigenVerify, and EigenCompute.
Stress-testing enforcement for AVSs
EigenCloud requires AVSs to define how correctness, stake, and disputes should work. Our work with Eigen Labs and AVS teams has focused on turning those requirements into concrete, enforceable designs.
In practice, that has meant:
- Turning informal “this should never happen” statements into precise, implementable slashing conditions.
- Aligning stake and operator sets with the real economic risk of each AVS, including collusion and regional concentration scenarios.
- Designing dispute flows that match task types, from deterministic re-execution to structured intersubjective processes for judgment-based domains.
- Ensuring tasks leave enough trace in EigenDA for independent observers to reconstruct and verify behavior over time.
These engagements feed directly into how AVSs are being built on EigenCloud today, from logging formats to challenge windows.
Red-teaming programmable infrastructure
EigenCloud lets AVSs orchestrate multiple services, operators, and chains. That flexibility introduces new failure modes: misaligned incentives, disputes that never trigger, or logging paths that make reconstruction hard.
Cantina has worked with Eigen Labs and AVS teams to explore these edge cases early:
- Simulating disputes where watchers miss faults or actively collude.
- Tracing how failures in EigenDA, EigenVerify, or upstream AVSs propagate into application-level risk.
- Identifying where determinism can break and how EigenVerify or slashing logic should treat those paths.
This is the layer where protocol design meets real-world adversaries, and it is where our collaboration has been most focused.
What EigenCloud sets up for 2026
EigenCloud, EigenAI, and EigenCompute changed the baseline in 2025.
We now have:
- A verifiable cloud model anchored in EigenLayer.
- A path for deterministic, verifiable LLM inference.
- A general-purpose compute layer that treats offchain agents as first-class citizens with attestations and, eventually, slashing-backed guarantees.
Looking ahead, several trajectories are clear:
- More AVSs will migrate from “research infrastructure” to production systems with real TVL and regulatory attention.
- AI agents that control capital, negotiate agreements, or manage workflows will be expected to leave verifiable trails, not just logs.
- Apps and protocols will start to commit explicitly to EigenCloud-based guarantees when they describe their risk models.
For Cantina, this means more work at the interface between design and enforcement: helping teams encode their assumptions into enforceable logic, red-teaming AVSs that sit on EigenCloud, and building playbooks for verifiable AI systems that are meant to handle real money and real impact.
Closing
As more teams move application logic into EigenCloud and define their own enforcement rules, the standard for security will rise with them. Our job is to help make sure those rules hold when it matters. If you are designing an AVS, migrating execution to EigenCloud, or defining new enforcement logic, contact our team and we will help you scope, test, and harden your security model.